SYED ARSHAD NAFIS HASHMI
NEW DELHI
Summary
A highly motivated and seasoned Cyber Security/Information Security professional with nearly 19 years of professional experience with IBM India. Over 15 years of experience leading Cybersecurity programs, IT risk management, IT Audit, and Compliance programs. Exceptionally skilled in designing security architectures, managing incident responses, conducting IT risk assessments & IT Audits, and aligning security strategies with business objectives. A proven track record in implementing robust security measures with all the necessary controls, managing and significantly reducing vulnerabilities, and driving continuous security improvements in a dynamic environment to maintain a consistently moderate security posture for the organization.
Overview
20
20
years of professional experience
1
1
Certification
Work History
Director - Information Security & Risk Management
Anaptyss India Private Limited
Noida
04.2024 - Current
- Directly responsible for policies, procedures and controls to assure compliance with applicable regulatory, legal and audit requirements as well as good business practices.
- Developed and managed the information security risk management program including development, evaluation, and adherence to multiple areas of practices.
- Developed an IT risk strategy that identifies and classifies risks, defines appropriate tolerances, prioritizes mitigation activities, and measures risk levels using the Cyber Security Framework(s).
- Established and oversaw formal risk assessment program for various information services, systems, processes and recognized industry standards.
- Identified, assessed, managed, and tracked remediation of risks related to IT infrastructure, applications, platforms, and suppliers, and drove explicit requirements and timelines in all environments.
- Developed strong relationships with external auditors and key stakeholders to ensure risk management oversight is understood, managed appropriately and current with all standards, guidelines, and regulations that are applicable.
- Liaised with all departments to identify, track and provide remediation guidance for new projects, services and/or third-party contracts in terms of information security assurance.
- Oversaw highest risk initiatives and served as a point of escalation for remediation/mitigation efforts.
- Developed the security compliance strategy and approach and ensured compliance with SOC1, SOC2, ISO27001, CCPA, GDPR, local privacy laws, contractual requirements and globally recognized industry standards and practices.
- Established and oversaw formal vulnerability management, penetration testing, and security posture assessment programs. Identified regulatory, legislative, and industry-specific compliance requirements and define controls that can be used to meet those requirements.
- Oversaw third-party assessment standards and privileged user monitoring as a check on critical system access.
- Managing the organization's vendor audit process, including cloud service providers, engaging in a risk-based approach to determine the depth of each audit, leading the audit, and providing recommendations to management based on the results.
- Reviewed organization contracts as part of the firm's contract review process; assessing and recommending adjustments that serve to minimize security risks in organization agreements.
INFORMATION SECURITY AUDIT & RISK MANAGER
IBM INDIA / KYNDRYL SOLUTIONS PVT. LTD.
NOIDA
05.2020 - 09.2023
- Served as an IT Audit and Information Security Risk Manager for more than 3 years, for our client, a leading European bank. Successfully managed the information system security across the enterprise by defining, developing, and implementing IT control frameworks, key IT processes, relevant technologies, and design of risk-based IT audit control assurance test procedures.
- Addressed non-compliance to information security standards, with a hugely successful record of completing the related actions within the timelines.
- Worked to identify the opportunities to improve risk posture, developing solutions for remediating or mitigating risks, and assessing the residual risk.
- Successfully managed the periodic vulnerability assessments, penetration testing, insider's threat assessment, issue management, application security, and cloud security, etc., of all assets to provision a highly robust security posture.
- Identified and assessed potential security risks to the company's digital platforms and developed plans to mitigate those risks.
- Carried out evaluation of threat assessment, risk assessment, and evolved risk mitigation plan based on the assessment.
- Actively contributed to the Cyber Assessment metrics and GRC reporting to senior management to influence risk-based results.
- An impeccable 100% record of operational compliance level as per the regulations such as COBIT, ISO 27001:2013, PCI-DSS, NIST guidelines, ITGC, Data Privacy, etc.
- Extremely successful in ensuring that the business is fully compliant with data privacy regulation acts like GDPR, HIPAA, etc.
- Promoted trainings, activities, and procedures to create a general awareness about the significance of information security, compliance, and data privacy within the organization.
Deputy Manager Security and Compliance
IBM INDIA PRIVATE LIMITED
Gurgaon
02.2017 - 04.2020
Assistant Manager Security and Compliance
IBM INDIA PRIVATE LIMITED
Gurgaon
03.2013 - 01.2017
Assistant Manager HR and Training (RBA)
IBM INDIA PRIVATE LIMITED
Gurgaon
11.2010 - 02.2013
Lead Security
IBM INDIA PRIVATE LIMITED
Gurgaon
08.2007 - 10.2010
Process Trainer
IBM INDIA PRIVATE LIMITED
GURGAON
01.2006 - 07.2007
Technical Support Executive
IBM INDIA PRIVATE LIMITED
Gurgaon
11.2004 - 12.2005
Education
M.A. ENGLISH -
Dr. R.M.L Avadh University
06.2004
Skills
- Leadership & Team development
- Cyber Security Risk Management
- Incident response
- Security Architecture design
- Network Security
- Application Security
- Data Security
- Penetration Testing & Vulnerability Management
- Cloud Security
- Threat Intelligence and Monitoring
- IT Audit & Management
- IT Risk Management
- Business Continuity & Disaster Recovery
- Third Party & Vendor Risk Management
- Regulatory Compliance
- Adaptability and Flexibility
- Initiative and Problem Solving
Certification
- CISA (Certified Information Systems Auditor from ISACA)
- ITIL V3 INTERMEDIATE (Both - Lifecycle and Capability)
- ITIL V3 FOUNDATION
- IBM CLOUD CERTIFICATION
- PM 99G, IBM
- PM 54G, IBM
Languages
- English
- Hindi
- Urdu
- Arabic
- Punjabi
Timeline
Director - Information Security & Risk Management
Anaptyss India Private Limited
04.2024 - Current
INFORMATION SECURITY AUDIT & RISK MANAGER
IBM INDIA / KYNDRYL SOLUTIONS PVT. LTD.
05.2020 - 09.2023
Deputy Manager Security and Compliance
IBM INDIA PRIVATE LIMITED
02.2017 - 04.2020
Assistant Manager Security and Compliance
IBM INDIA PRIVATE LIMITED
03.2013 - 01.2017
Assistant Manager HR and Training (RBA)
IBM INDIA PRIVATE LIMITED
11.2010 - 02.2013
Lead Security
IBM INDIA PRIVATE LIMITED
08.2007 - 10.2010
Process Trainer
IBM INDIA PRIVATE LIMITED
01.2006 - 07.2007
Technical Support Executive
IBM INDIA PRIVATE LIMITED
11.2004 - 12.2005
M.A. ENGLISH -
Dr. R.M.L Avadh University
- CISA (Certified Information Systems Auditor from ISACA)
- ITIL V3 INTERMEDIATE (Both - Lifecycle and Capability)
- ITIL V3 FOUNDATION
- IBM CLOUD CERTIFICATION
- PM 99G, IBM
- PM 54G, IBM
Similar Profiles
TABASSUM PRAVEENTABASSUM PRAVEEN
Automation Test Engineer (Team Developer) at Anaptyss India Pvt. Ltd.Automation Test Engineer (Team Developer) at Anaptyss India Pvt. Ltd.
Saurabh Kumar SinghSaurabh Kumar Singh
Sr. Solution Specialist at Noventiq Services India Private Limited(Former Softline Services India Private Limited)Sr. Solution Specialist at Noventiq Services India Private Limited(Former Softline Services India Private Limited)
DEBAJIT HAZARIKADEBAJIT HAZARIKA
SENIOR ENGINEER-PRODUCT SUPPORT at GAINWELL COMMOSALES INDIA PRIVATE LIMITED (FORMERLY TRACTORS INDIA PRIVATE LIMITED)SENIOR ENGINEER-PRODUCT SUPPORT at GAINWELL COMMOSALES INDIA PRIVATE LIMITED (FORMERLY TRACTORS INDIA PRIVATE LIMITED)