About
Offering 5 of comprehensive and diverse experience in IT with proven track record in Governance, Risk, and Compliance, Technology Risk and Controls, Cyber Security, Business Continuity, Disaster Recovery, Data Privacy Regulations like GDPR and Emerging technology trends.
Skills & Expertise (42)
Work Experience
Analyst - Governance risk and Compliance
Wipro Limited
Nov 2023 - Present
Create, review, and update cyber security policy documents, including incident response plans, data protection policies, and compliance frameworks. Ensure all policies comply with relevant regulations industry-specific standards. Develop and maintain security policies, procedures, and standards aligned with financial industry regulations, Implement security controls for data protection, access management, and network security. Designed and implemented IT Risk & Control frameworks aligned with industry best practices such as COBIT, NIST Cybersecurity Framework, ISO 27001, and ITIL. Assisted in the implementation and monitoring of Information Security Management Systems (ISMS). Provided recommendations to enhance governance, risk, and compliance (GRC) processes and reduce operational risk. Monitor and analyze real-time security alerts, threats, and incidents, performing triage, investigation incident response and Conduct security audits and coordinate with internal auditors for compliance certifications. Manage cloud IAM policies and enforce least‑privilege access, conduct cloud infrastructure security risk assessments based on cloud security best practices. Perform regular patching, updates, and vulnerability remediation for endpoints to minimize risks and security gaps. Assisted in incident response and forensic investigation for malware, unauthorized access, and data loss attempts. Conducted user awareness support for endpoint security best practices, improving compliance across teams. Proposing and implementing improvements to risk management processes and control frameworks. Assist in planning activities, development of audit program, and execution of internal audits and IT control assessments for IT strategy and governance, IT operations, network and infrastructure security, cloud and third-party risk, programs and projects, automation, ITGC and application controls, and Maintain risk registers and track remediation plans for identified risks, ensuring information security risks are addressed. Strong project management skills to drive cloud initiatives, manage timelines, and deliver successful outcomes. Perform risk assessments on third party vendors that provide hardware, software, and technology-based services. Perform third-party risk assessment process including initial due diligence, onboarding, and periodic reviews. Develop and maintain the TPRM framework, policies, and procedures in line with industry best practices and regulatory expectations. Perform risk assessments (IT, cybersecurity, Operational, third-party) and develop mitigation strategies.
Security engineer
Concentrix
Jan 2021 - Jan 2023
Conduct manual penetration testing on web, mobile, API, and network systems. Designed and implemented cloud-native security controls across AWS and Azure environments, ensuring compliance with CIS benchmarks and NIST standards. Identify, validate, and reproduce application and infrastructure vulnerabilities. Perform threat modeling and risk assessments to uncover potential attack vectors. Implementation of effective risk management strategies to mitigate identified risks, ensuring alignment with industry best practices and regulatory requirements. Assess risks and controls over operating systems, databases, infrastructure, and applications. Proven experience in IT general control processes understanding, identifying risks and weaknesses, developing and executing audit procedures. Execute tests to validate the design and Operating Effectiveness of InfoSec Controls. Identify areas for process improvement and implement strategies to enhance efficiency, effectiveness, and quality. To assess the design and operating effectiveness of internal controls to mitigate the risks. Interacting with device platform and service platform for the execution of the function. Regularly review vendor performance and risk exposure, working with procurement and legal teams as necessary. Supported implementation of GRC platform by defining workflows, control mappings, and reporting structures alignment of system configurations with frameworks like ISO/IEC 27001 and SOC 2.
Education
Bachelor of Engineering in Electronics and Telecommunication - SGBAU
- 2018 · Afghanistan
Certifications
Certified in Cyber Security
ISC2 · 2025
ISACA CRISC
· 2025
CISSP
· 2025
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Citizen
Relocation
Open to Relocation
Skills (42)
Click a skill to find developers with the same skill
