SHAHNAWAJ KHAN

• Developed and implemented ISO 27001 controls and procedures to meet security standards.
• Delivered training on compliance, cybersecurity awareness, and best practices.
• Supported risk assessments by identifying and addressing potential threats.
• Monitored systems and user activity to detect suspicious behavior.
• Worked with external auditors during ITGC audits, providing required documentation.
• Maintained strong cybersecurity practices aligned with regulations and industry standards.

• Developed and enforced IT security policies to ensure regulatory compliance and mitigate risks.
• Conducted comprehensive audits for ISO 27001, SOC 2, NIST, and GDPR standards to align with best practices.
• Performed cybersecurity risk assessments, identifying vulnerabilities and implementing mitigation strategies.
• Led AI compliance initiatives, evaluating systems against industry regulations and ethical frameworks.
• Facilitated external compliance assessments for SOC 2 and GDPR to enhance security posture.
• Delivered training programs on cybersecurity practices and compliance obligations to improve organizational awareness.
• Integrated advanced security controls within cloud infrastructure, ensuring adherence to regulatory requirements.
• Implemented Business Continuity Plans to bolster operational resilience and minimize disruption.

• Developed and implemented IT security policies and procedures to ensure regulatory compliance and risk mitigation, mitigating organizational risks.
• Implemented effective remediation strategies to address security vulnerabilities and minimize risk.
• Established real-time response to security incidents.
• Ensured compliance with SOC 2 and PCI DSS standards through continuous policy alignment and audits.
• Collaborated with DevOps and IT support teams to secure infrastructure and deployment pipelines.
• Conducted employee awareness training sessions to promote a strong security culture across the organization.
• Investigated security incidents, prepared detailed reports, and provided actionable feedback.
• Deployed comprehensive security measures during system rollouts to ensure safe deployments.
• Installed and managed endpoint protection solutions to secure sensitive data across devices.
• Developed, maintained, and enforced organization-wide information security policies and procedures.
• Implemented robust cybersecurity controls to prevent unauthorized access and data breaches.
• Streamlined encryption processes to enhance data confidentiality and regulatory compliance.
• Coordinated with third-party security consultants to perform external assessments and audits.
• Managed security infrastructure, including firewalls, antivirus software, and monitoring tools.
• Monitored systems for anomalies, and responded swiftly to mitigate emerging threats.
• Authored comprehensive breach reports detailing root cause analysis, impact, and remediation.
• Conducted risk assessments to identify and prioritize vulnerabilities in systems and processes.

• Conducted audits to ensure PCI DSS, ISO 27001, SOC 2, and GDPR compliance.
• Led recertification efforts for ISO 27001, PCI DSS, and SOC 2 standards.
• Created and enforced IT security policies and procedures.
• Improved cybersecurity with advanced controls and risk mitigation strategies.
• Managed vulnerability assessments and worked with teams to fix security issues.
• Trained staff on cybersecurity best practices and compliance updates.
• Maintained IT infrastructure, including servers, networks, and security tools.
• Applied security controls to meet PCI DSS and ISO 27001 requirements.
• Oversaw resources to meet goals while staying within budget.
• Advised management on IT and facility needs to improve operations.
• Investigated and resolved issues affecting service delivery.
• Performed regular system and security audits, ensuring timely remediation.
• Managed access controls, encryption, and data protection measures.
• Supported external audits and helped resolve audit findings.
• Provided IT support, reducing downtime and maintaining operations.
• Created reports to track performance and compliance metrics.
• Negotiated with vendors for cost-effective services and solutions.
• Managed procurement, inventory, and budget tracking.

• Configured and maintained routers, switches, and firewalls for secure network operations.
• Created and updated system configuration and procedure documentation.
• Reviewed IT policies to align with best practices and compliance standards.
• Managed user accounts and access rights to ensure data security.

GPA: 3.8 / 4.0