SHAHNAWAJ KHAN
CISM,CPISI,ISO 27001 Lead Auditor
Gurugram,Haryana
Summary
Results-driven Cybersecurity Professional with 9+ years of experience securing enterprise IT environments, managing compliance frameworks (ISO 27001, SOC 2, PCI DSS, GDPR), and implementing effective risk mitigation strategies.
Overview
10
10
years of professional experience
5
5
Certification
Work History
Lead IT Security Compliance Auditor
OFB Tech Pvt Ltd
Gurugram
03.2024 - 03.2025
- Developed and implemented ISO 27001 controls and procedures to meet security standards.
- Delivered training on compliance, cybersecurity awareness, and best practices.
- Supported risk assessments by identifying and addressing potential threats.
- Monitored systems and user activity to detect suspicious behavior.
- Worked with external auditors during ITGC audits, providing required documentation.
- Maintained strong cybersecurity practices aligned with regulations and industry standards.
Information Security Manager
Senseforth AI Research Pvt Ltd
Bengaluru
07.2022 - 03.2024
- Developed and enforced IT security policies to ensure regulatory compliance and mitigate risks.
- Conducted comprehensive audits for ISO 27001, SOC 2, NIST, and GDPR standards to align with best practices.
- Performed cybersecurity risk assessments, identifying vulnerabilities and implementing mitigation strategies.
- Led AI compliance initiatives, evaluating systems against industry regulations and ethical frameworks.
- Facilitated external compliance assessments for SOC 2 and GDPR to enhance security posture.
- Delivered training programs on cybersecurity practices and compliance obligations to improve organizational awareness.
- Integrated advanced security controls within cloud infrastructure, ensuring adherence to regulatory requirements.
- Implemented Business Continuity Plans to bolster operational resilience and minimize disruption.
Information Security Analyst
StreamSource Technology
Gurugram
05.2021 - 07.2022
- Developed and implemented IT security policies and procedures to ensure regulatory compliance and risk mitigation, mitigating organizational risks.
- Implemented effective remediation strategies to address security vulnerabilities and minimize risk.
- Established real-time response to security incidents.
- Ensured compliance with SOC 2 and PCI DSS standards through continuous policy alignment and audits.
- Collaborated with DevOps and IT support teams to secure infrastructure and deployment pipelines.
- Conducted employee awareness training sessions to promote a strong security culture across the organization.
- Investigated security incidents, prepared detailed reports, and provided actionable feedback.
- Deployed comprehensive security measures during system rollouts to ensure safe deployments.
- Installed and managed endpoint protection solutions to secure sensitive data across devices.
- Developed, maintained, and enforced organization-wide information security policies and procedures.
- Implemented robust cybersecurity controls to prevent unauthorized access and data breaches.
- Streamlined encryption processes to enhance data confidentiality and regulatory compliance.
- Coordinated with third-party security consultants to perform external assessments and audits.
- Managed security infrastructure, including firewalls, antivirus software, and monitoring tools.
- Monitored systems for anomalies, and responded swiftly to mitigate emerging threats.
- Authored comprehensive breach reports detailing root cause analysis, impact, and remediation.
- Conducted risk assessments to identify and prioritize vulnerabilities in systems and processes.
Assitant Manager IT Compliance
DreamFolks Services Pvt Ltd
Gurugram
01.2016 - 06.2021
- Conducted audits to ensure PCI DSS, ISO 27001, SOC 2, and GDPR compliance.
- Led recertification efforts for ISO 27001, PCI DSS, and SOC 2 standards.
- Created and enforced IT security policies and procedures.
- Improved cybersecurity with advanced controls and risk mitigation strategies.
- Managed vulnerability assessments and worked with teams to fix security issues.
- Trained staff on cybersecurity best practices and compliance updates.
- Maintained IT infrastructure, including servers, networks, and security tools.
- Applied security controls to meet PCI DSS and ISO 27001 requirements.
- Oversaw resources to meet goals while staying within budget.
- Advised management on IT and facility needs to improve operations.
- Investigated and resolved issues affecting service delivery.
- Performed regular system and security audits, ensuring timely remediation.
- Managed access controls, encryption, and data protection measures.
- Supported external audits and helped resolve audit findings.
- Provided IT support, reducing downtime and maintaining operations.
- Created reports to track performance and compliance metrics.
- Negotiated with vendors for cost-effective services and solutions.
- Managed procurement, inventory, and budget tracking.
IT Administrator
Propnix Realty Pvt Ltd
Gurugram
01.2015 - 12.2015
- Configured and maintained routers, switches, and firewalls for secure network operations.
- Created and updated system configuration and procedure documentation.
- Reviewed IT policies to align with best practices and compliance standards.
- Managed user accounts and access rights to ensure data security.
Education
Post-Graduate Certificate - Cyber Security
01-2025
Bachelor of Computer Applications - Computer Applications Development
11-2010
GPA: 3.8 / 4.0
Skills
- Cybersecurity compliance
- Data Privacy
- Consent management
- Risk assessment
- Data protection strategies
- Cloud security
- WAF
- Incident response
- IT security policy
- IT Audit
- MDR (Seqrite, CrowdStrike)
- SIEM (ManageEngine Log360)
- O365 Defender
- Azure,AWS, Google Cloud Platform
- AWS
- GCP
- GRC Tool (Sprinto,GT,Secureframe)
- Vulnerability Assessment and Penetration Test
Affiliations
- HDFC EVA
- ICICI SmartSearch
- Axis Axa
- UMANG India
- MYGOV.IN
- VOICINGAI
Certification
- CISM (ISACA)
- ISO 27001 Lead Auditor (Exemplar Global, Inc)
- CPISI (SISA Infosec)
- Microsoft Azure Administrator Associate
- Cybersecurity Asset Management (QualysQualys)
- Network Security Expert (Fortinet)
Languages
- English
- Hindi
- Urdu
Timeline
Lead IT Security Compliance Auditor - OFB Tech Pvt Ltd
03.2024 - 03.2025
Information Security Manager - Senseforth AI Research Pvt Ltd
07.2022 - 03.2024
Information Security Analyst - StreamSource Technology
05.2021 - 07.2022
Assitant Manager IT Compliance - DreamFolks Services Pvt Ltd
01.2016 - 06.2021
IT Administrator - Propnix Realty Pvt Ltd
01.2015 - 12.2015
Great Lakes Institute of Management - Post-Graduate Certificate, Cyber Security
Punjab Technical University - Bachelor of Computer Applications, Computer Applications Development
Similar Profiles
ANKIT SHARMAANKIT SHARMA
Senior Executive at OFB Tech. Pvt. Ltd.Senior Executive at OFB Tech. Pvt. Ltd.
SHIVANI KANOJIASHIVANI KANOJIA
Maharashtra State Head – Sales & Client Relations (TMT Steel) at OFB Tech Pvt. Ltd. (OfBusiness)Maharashtra State Head – Sales & Client Relations (TMT Steel) at OFB Tech Pvt. Ltd. (OfBusiness)
Rahul SharmaRahul Sharma
Business Head at Accordd Organics Pvt Ltd ( OFB Tech Group )Business Head at Accordd Organics Pvt Ltd ( OFB Tech Group )
YOGESH YADAVYOGESH YADAV
Software Development Engineer (Backend) at Vetic (Petpai Technologies)Software Development Engineer (Backend) at Vetic (Petpai Technologies)
R Adesh TilakR Adesh Tilak
Consulting Senior Analyst at KPMG Global Service India Pvt Ltd.Consulting Senior Analyst at KPMG Global Service India Pvt Ltd.