SYED ARSHAD NAFIS HASHMI

• Led the development and implementation of the organization’s information security strategy, aligning it with business goals and regulatory requirements.
• Established a cybersecurity GRC framework using ServiceNow IRM integrated with ISO 27001 and NIST CSF.
• Oversaw SOC operations and collaborated with the SIEM team on tuning detection rules using IBM QRadar and Microsoft Sentinel.
• Drove vulnerability management program with Qualys and ensured SLAs on remediation with IT and development teams.
• Conducted a full DR drill across two locations with a 95% recovery rate within RTO/RPO targets.
• Initiated an enterprise-wide cyber risk awareness program reducing phishing incident rates by 60% within 3 months.
• 
  

Key Achievement:
→ Successfully reduced third-party cyber risk by 40% through implementation of a structured vendor risk management program in under 4 months.

• Delivered GRC services to the client, a global Tier-1 bank, including risk assessments, IT audits, and regulatory compliance (SOX, EBA, GDPR).
• Integrated QRadar SIEM and IBM Resilient SOAR for real-time incident response.
• Facilitated BIA and DR drills across the organization and its subsidiaries , ensuring 100% test success and audit compliance.
• Implemented vulnerability management lifecycle using Qualys and BigFix with >90% SLA compliance.
• Ensured regulatory compliance by conducting thorough audits of information systems and security controls.
• Managed internal audits and external audits conducted by EY and PWC etc.

ACHIEVEMENTS & PROJECT HIGHLIGHTS

• Security Transformation Project (Client - a leading European Bank):
  Led the implementation of SOAR playbooks using IBM Resilient, reducing incident response time by 50%.
• GDPR & ISO 27001 Compliance:
  Successfully drove GDPR readiness and ISO recertification across the organization and it's subsidiaries , with zero major NCs.
• Global BCP Program:
  Designed and conducted 20+ DR simulation exercises, leading to 100% business impact test pass rate.
• SOC Modernization:
  Migrated legacy SOC to integrated SIEM-XDR-SOAR stack, increasing threat detection accuracy by 45%.

• Managed security governance, IT risk assessments, policy compliance, and audit readiness for enterprise clients across BFSI, telecom, and healthcare sectors.
• Spearheaded implementation of international frameworks including ISO 27001, NIST CSF, SOC 2, PCI DSS, and BCMS (ISO 22301).
• Conducted Business Impact Analyses (BIA), risk assessments, and tabletop exercises for business continuity and disaster recovery.
• Oversaw Third-Party Risk Management (TPRM) processes and vendor security assessments.
• Led ServiceNow GRC module implementations for real-time risk and compliance management.
• Provided security transition support for Mergers and Acquisitions (M&A), including due diligence, policy alignment, and compliance integration.

• Delivered Security Awareness Training and Risk & Compliance dashboards to senior leadership.
• Managed third-party risk assessments and created risk mitigation roadmaps.
• Developed and rolled out cyber awareness modules across departments.
• Led cross-functional audits for employee access review and compliance.
• Improved customer satisfaction by addressing and resolving complaints promptly.

• Managed the New Hire inductions, onboarding , soft skills & process trainings for the first 3 months.
• Actively participated in the new hire recruitment program in collaboration with the HR recruitment team and ensured that only the suitable candidates are hired for our Technical services competency.

Achievement :

Successfully brought down the new hire attrition rate from 13% to 4%, during the first 3 months.

• Monitored SOC dashboards, escalated incidents, and coordinated with CSIRT teams.
• Designed physical and logical security policies, improving access control effectiveness.

• Trained new hires in security protocols and ITIL practices.
• Conducted simulation-based assessments improving knowledge retention by 30%.

• Supported technical troubleshooting for Quick Books accounting software users and professional advisors, with a 98% customer satisfaction rate.
• Delivered exceptional technical assistance through both phone and email channels while maintaining professionalism at all times.
• Enhanced customer satisfaction by efficiently resolving technical issues and providing exceptional support.