Summary
Overview
Work History
Education
Skills
Affiliations
Certification
Languages
Timeline
SHAHNAWAJ KHAN

SHAHNAWAJ KHAN

CISM,CPISI,ISO 27001 Lead Auditor
Gurugram,Haryana

Summary

Results-driven Cybersecurity Professional with 9+ years of experience securing enterprise IT environments, managing compliance frameworks (ISO 27001, SOC 2, PCI DSS, GDPR), and implementing effective risk mitigation strategies.

Overview

10
10
years of professional experience
5
5
Certification

Work History

Lead IT Security Compliance Auditor

OFB Tech Pvt Ltd
Gurugram
03.2024 - 03.2025
  • Developed and implemented ISO 27001 controls and procedures to meet security standards.
  • Delivered training on compliance, cybersecurity awareness, and best practices.
  • Supported risk assessments by identifying and addressing potential threats.
  • Monitored systems and user activity to detect suspicious behavior.
  • Worked with external auditors during ITGC audits, providing required documentation.
  • Maintained strong cybersecurity practices aligned with regulations and industry standards.

Information Security Manager

Senseforth AI Research Pvt Ltd
Bengaluru
07.2022 - 03.2024
  • Developed and enforced IT security policies to ensure regulatory compliance and mitigate risks.
  • Conducted comprehensive audits for ISO 27001, SOC 2, NIST, and GDPR standards to align with best practices.
  • Performed cybersecurity risk assessments, identifying vulnerabilities and implementing mitigation strategies.
  • Led AI compliance initiatives, evaluating systems against industry regulations and ethical frameworks.
  • Facilitated external compliance assessments for SOC 2 and GDPR to enhance security posture.
  • Delivered training programs on cybersecurity practices and compliance obligations to improve organizational awareness.
  • Integrated advanced security controls within cloud infrastructure, ensuring adherence to regulatory requirements.
  • Implemented Business Continuity Plans to bolster operational resilience and minimize disruption.

Information Security Analyst

StreamSource Technology
Gurugram
05.2021 - 07.2022
  • Developed and implemented IT security policies and procedures to ensure regulatory compliance and risk mitigation, mitigating organizational risks.
  • Implemented effective remediation strategies to address security vulnerabilities and minimize risk.
  • Established real-time response to security incidents.
  • Ensured compliance with SOC 2 and PCI DSS standards through continuous policy alignment and audits.
  • Collaborated with DevOps and IT support teams to secure infrastructure and deployment pipelines.
  • Conducted employee awareness training sessions to promote a strong security culture across the organization.
  • Investigated security incidents, prepared detailed reports, and provided actionable feedback.
  • Deployed comprehensive security measures during system rollouts to ensure safe deployments.
  • Installed and managed endpoint protection solutions to secure sensitive data across devices.
  • Developed, maintained, and enforced organization-wide information security policies and procedures.
  • Implemented robust cybersecurity controls to prevent unauthorized access and data breaches.
  • Streamlined encryption processes to enhance data confidentiality and regulatory compliance.
  • Coordinated with third-party security consultants to perform external assessments and audits.
  • Managed security infrastructure, including firewalls, antivirus software, and monitoring tools.
  • Monitored systems for anomalies, and responded swiftly to mitigate emerging threats.
  • Authored comprehensive breach reports detailing root cause analysis, impact, and remediation.
  • Conducted risk assessments to identify and prioritize vulnerabilities in systems and processes.

Assitant Manager IT Compliance

DreamFolks Services Pvt Ltd
Gurugram
01.2016 - 06.2021
  • Conducted audits to ensure PCI DSS, ISO 27001, SOC 2, and GDPR compliance.
  • Led recertification efforts for ISO 27001, PCI DSS, and SOC 2 standards.
  • Created and enforced IT security policies and procedures.
  • Improved cybersecurity with advanced controls and risk mitigation strategies.
  • Managed vulnerability assessments and worked with teams to fix security issues.
  • Trained staff on cybersecurity best practices and compliance updates.
  • Maintained IT infrastructure, including servers, networks, and security tools.
  • Applied security controls to meet PCI DSS and ISO 27001 requirements.
  • Oversaw resources to meet goals while staying within budget.
  • Advised management on IT and facility needs to improve operations.
  • Investigated and resolved issues affecting service delivery.
  • Performed regular system and security audits, ensuring timely remediation.
  • Managed access controls, encryption, and data protection measures.
  • Supported external audits and helped resolve audit findings.
  • Provided IT support, reducing downtime and maintaining operations.
  • Created reports to track performance and compliance metrics.
  • Negotiated with vendors for cost-effective services and solutions.
  • Managed procurement, inventory, and budget tracking.

IT Administrator

Propnix Realty Pvt Ltd
Gurugram
01.2015 - 12.2015
  • Configured and maintained routers, switches, and firewalls for secure network operations.
  • Created and updated system configuration and procedure documentation.
  • Reviewed IT policies to align with best practices and compliance standards.
  • Managed user accounts and access rights to ensure data security.

Education

Post-Graduate Certificate - Cyber Security

Great Lakes Institute of Management, Gurgaon
01-2025

Bachelor of Computer Applications - Computer Applications Development

Punjab Technical University, Varanasi
11-2010

GPA: 3.8 / 4.0

Skills

  • Cybersecurity compliance
  • Data Privacy
  • Consent management
  • Risk assessment
  • Data protection strategies
  • Cloud security
  • WAF
  • Incident response
  • IT security policy
  • IT Audit
  • MDR (Seqrite, CrowdStrike)
  • SIEM (ManageEngine Log360)
  • O365 Defender
  • Azure,AWS, Google Cloud Platform
  • AWS
  • GCP
  • GRC Tool (Sprinto,GT,Secureframe)
  • Vulnerability Assessment and Penetration Test

Affiliations

  • HDFC EVA
  • ICICI SmartSearch
  • Axis Axa
  • UMANG India
  • MYGOV.IN
  • VOICINGAI

Certification

  • CISM (ISACA)
  • ISO 27001 Lead Auditor (Exemplar Global, Inc)
  • CPISI (SISA Infosec)
  • Microsoft Azure Administrator Associate
  • Cybersecurity Asset Management (QualysQualys)
  • Network Security Expert (Fortinet)

Languages

  • English
  • Hindi
  • Urdu

Timeline

Lead IT Security Compliance Auditor - OFB Tech Pvt Ltd
03.2024 - 03.2025
Information Security Manager - Senseforth AI Research Pvt Ltd
07.2022 - 03.2024
Information Security Analyst - StreamSource Technology
05.2021 - 07.2022
Assitant Manager IT Compliance - DreamFolks Services Pvt Ltd
01.2016 - 06.2021
IT Administrator - Propnix Realty Pvt Ltd
01.2015 - 12.2015
Great Lakes Institute of Management - Post-Graduate Certificate, Cyber Security
Punjab Technical University - Bachelor of Computer Applications, Computer Applications Development
SHAHNAWAJ KHANCISM,CPISI,ISO 27001 Lead Auditor