Profiles search
Tehsin Ghaffar
Senior IT Auditor | Cybersecurity Risk Assessor | Information Security Consultant | CISSP | CISA | ISO 27001 | Strong Analytical and Problem-Solving skills
Ft. Washington, MD, United States
Details
Experience:
2022 : Present
APL
Cybersecurity Audit and Compliance Officer
Senior member of the Wells Fargo Technology Post-Contract Third Party Security Assessment Team.
• Completed 400+ enterprise information security, infrastructure, physical facility, and application security assessments at firms spanning all sizes, services, and levels of maturity across North America and Asia against NIST, PCI-DSS, and ISO standards.
• Performed audits of third-party IT information security programs including IT general controls, IT infrastructure, security architecture, applications, and datacenters for information security compliance which resulted in reducing supply chain risk to Wells Fargo
• Established business relationships with Wells Fargo line of business stakeholders and external parties to provide a frictionless audit and assessment experience
• Active in compliance policy and risk management process development that provided for continuous process improvement for the team
• Trained four team members in performing assessments which enabled them to independently deliver quality reports within three weeks of onboarding
• Performed data analysis and generated key metrics of team performance which resulted in measurable improvements in the assessment report delivery process.
• Used Agile Scrum methodologies to perform work (daily standup, sprint planning, sprint retrospective meetings, Kanban)
2015 : 2022
Wells Fargo
Cybersecurity Risk Assessor (Lead Technology Business Services Consultant)
Managed the corporate ISO 27001 Information Security Management System (ISMS) compliance and certification program, including assessing audit readiness of world-wide offices and data centers. Provided leadership to a globally distributed team that maintained this program.
• Performed information security risk assessments of in-house IT operations, infrastructure, and applications, as well as external vendors and service providers of technology services; used Bechtel’s Information Risk Assessment System to identify business risks.
• Provided management, leadership, and strategic direction to mitigate the organization’s information security risks by applying established security management and control frameworks, including ISO 27001, NIST SP 800-53 and FISMA to meet compliance and certification requirements.
• Authored, published, and implemented global information security policies, standards, procedures, and guidelines for Bechtel’s Information Security Policy Governance program.
• Planned and managed internal and external audits; conducted management reviews of Information Security Management System (ISMS) with business unit stakeholders and IT Managers for the smooth functioning of the security management program and ensure corrective actions were acknowledged and tracked to closure by the stakeholders.
• Provided oversight of SOC to effectively use output from SIEM, endpoint protection, and vulnerability assessment tools to generate security metrics to track the effectiveness of security controls and investigate security and copyright violations.
• Successfully achieved ISO 27001 certification for the company for the 2009 through 2015 certification cycles.
• Trained and mentored internal staff to perform IS audits
2009 : 2015
Bechtel Corporation
Information Security Senior & ISMS Manager
Performed information security internal audits of IT infrastructure controls, including operating systems, network services, IT operations, applications and databases, HR and Legal controls, physical and environmental security, and disaster recovery.
• Created Annual Audit Plans in preparation for external audits related to ISO 27001 certification
• Documented formal Audit Reports for senior management. Maintained working papers of assessment to ensure that adequate documentation existed to support the audit, and for development of effective issue management, remediation, and corrective action plans
2006 : 2009
Bechtel Corporation
IT Information Security Auditor
Supervised a team of Messaging Engineers to manage the organization’s Global Messaging Infrastructure and Operations.
• Managed the successful upgrade, migration, and consolidation of the corporate e-mail system of 22,000 mailboxes to the latest version of Microsoft Exchange, significantly reducing operational cost and complexity of the messaging operations, while simultaneously improving Information Security.
• Led a Microsoft Exchange messaging infrastructure rationalization effort that achieved a 70% reduction in the number of servers and a 50% reduction in server locations resulting in a strategic reduction of operational costs and management overhead.
• Successfully managed the transition of enterprise messaging operations from an external vendor back to an in-house center of excellence resulting in reduced costs and simultaneous enhancing customer satisfaction.
• Designed and led the team to deploy/upgrade infrastructure from Window NT 4.0 to Windows 2000 Active Directory (AD) Forest and Domain, then Windows 2000 to Windows 2003.
• Implemented Microsoft’s PKI and Certificate Authority (CA) into Window Server 2003 AD and managed the deployment of S/MIME in the Outlook / Exchange environment.
• Architected and deployed an Identity Management Solution to interface Exchange 2003 / Active Directory Forest with SAP HR system using MIIS resulting in a reliable account lifecycle management, user provisioning / de-provisioning and single sign on processes.
ADDITIONAL RELEVANT EXPERIENCE
IT Infrastructure Manager, Hong Kong
Supervised a team of Systems Administrators to deliver IT services to the company’s Asia-Pacific regional offices. Deployed and managed critical IT Infrastructure (LAN, WAN, Messaging) to Asia-Pacific offices in seven countries.
2000 : 2006
Bechtel Corporation
Enterprise Messaging Manager
APL
Cybersecurity Audit and Compliance Officer
Senior member of the Wells Fargo Technology Post-Contract Third Party Security Assessment Team.
• Completed 400+ enterprise information security, infrastructure, physical facility, and application security assessments at firms spanning all sizes, services, and levels of maturity across North America and Asia against NIST, PCI-DSS, and ISO standards.
• Performed audits of third-party IT information security programs including IT general controls, IT infrastructure, security architecture, applications, and datacenters for information security compliance which resulted in reducing supply chain risk to Wells Fargo
• Established business relationships with Wells Fargo line of business stakeholders and external parties to provide a frictionless audit and assessment experience
• Active in compliance policy and risk management process development that provided for continuous process improvement for the team
• Trained four team members in performing assessments which enabled them to independently deliver quality reports within three weeks of onboarding
• Performed data analysis and generated key metrics of team performance which resulted in measurable improvements in the assessment report delivery process.
• Used Agile Scrum methodologies to perform work (daily standup, sprint planning, sprint retrospective meetings, Kanban)
2015 : 2022
Wells Fargo
Cybersecurity Risk Assessor (Lead Technology Business Services Consultant)
Managed the corporate ISO 27001 Information Security Management System (ISMS) compliance and certification program, including assessing audit readiness of world-wide offices and data centers. Provided leadership to a globally distributed team that maintained this program.
• Performed information security risk assessments of in-house IT operations, infrastructure, and applications, as well as external vendors and service providers of technology services; used Bechtel’s Information Risk Assessment System to identify business risks.
• Provided management, leadership, and strategic direction to mitigate the organization’s information security risks by applying established security management and control frameworks, including ISO 27001, NIST SP 800-53 and FISMA to meet compliance and certification requirements.
• Authored, published, and implemented global information security policies, standards, procedures, and guidelines for Bechtel’s Information Security Policy Governance program.
• Planned and managed internal and external audits; conducted management reviews of Information Security Management System (ISMS) with business unit stakeholders and IT Managers for the smooth functioning of the security management program and ensure corrective actions were acknowledged and tracked to closure by the stakeholders.
• Provided oversight of SOC to effectively use output from SIEM, endpoint protection, and vulnerability assessment tools to generate security metrics to track the effectiveness of security controls and investigate security and copyright violations.
• Successfully achieved ISO 27001 certification for the company for the 2009 through 2015 certification cycles.
• Trained and mentored internal staff to perform IS audits
2009 : 2015
Bechtel Corporation
Information Security Senior & ISMS Manager
Performed information security internal audits of IT infrastructure controls, including operating systems, network services, IT operations, applications and databases, HR and Legal controls, physical and environmental security, and disaster recovery.
• Created Annual Audit Plans in preparation for external audits related to ISO 27001 certification
• Documented formal Audit Reports for senior management. Maintained working papers of assessment to ensure that adequate documentation existed to support the audit, and for development of effective issue management, remediation, and corrective action plans
2006 : 2009
Bechtel Corporation
IT Information Security Auditor
Supervised a team of Messaging Engineers to manage the organization’s Global Messaging Infrastructure and Operations.
• Managed the successful upgrade, migration, and consolidation of the corporate e-mail system of 22,000 mailboxes to the latest version of Microsoft Exchange, significantly reducing operational cost and complexity of the messaging operations, while simultaneously improving Information Security.
• Led a Microsoft Exchange messaging infrastructure rationalization effort that achieved a 70% reduction in the number of servers and a 50% reduction in server locations resulting in a strategic reduction of operational costs and management overhead.
• Successfully managed the transition of enterprise messaging operations from an external vendor back to an in-house center of excellence resulting in reduced costs and simultaneous enhancing customer satisfaction.
• Designed and led the team to deploy/upgrade infrastructure from Window NT 4.0 to Windows 2000 Active Directory (AD) Forest and Domain, then Windows 2000 to Windows 2003.
• Implemented Microsoft’s PKI and Certificate Authority (CA) into Window Server 2003 AD and managed the deployment of S/MIME in the Outlook / Exchange environment.
• Architected and deployed an Identity Management Solution to interface Exchange 2003 / Active Directory Forest with SAP HR system using MIIS resulting in a reliable account lifecycle management, user provisioning / de-provisioning and single sign on processes.
ADDITIONAL RELEVANT EXPERIENCE
IT Infrastructure Manager, Hong Kong
Supervised a team of Systems Administrators to deliver IT services to the company’s Asia-Pacific regional offices. Deployed and managed critical IT Infrastructure (LAN, WAN, Messaging) to Asia-Pacific offices in seven countries.
2000 : 2006
Bechtel Corporation
Enterprise Messaging Manager
Company:
APL
Spoken Language:
English
About
I have extensive global success in Information Security, IT Auditing, and Risk Management in major multinational, banking, and financial institutions with experience in IT audit, third party risk assessments, risk management, information technology and security governance, compliance, cybersecurity, ISO 27001, and NIST frameworks.
My previous experience includes architecting and managing Microsoft Exchange, Active Directory, Identity Management solutions, and IT Network Infrastructure.
*** Currently seeking new opportunities in IT / Information Systems Audit; Security Governance, Risk Management, and Compliance (GRC); Security Architecture ***
SKILLS AND STRENGTHS
• Information Security Professional
• IT Audit / Security Audits
• Security Risk Assessments
• Information Security Program
• Security Administration & Compliance
• Cybersecurity
• Information Security Policies
• Information Security Risk Management
• Business Continuity Planning (BCP / DRP)
• Security Infrastructure
• Security Architecture
• ISO 27001 Certification
• AWS / Azure Cloud (Fundamentals)
• Linux
• Active Directory / Identity Management
• Microsoft Exchange
• US Citizen, Available for travel 80%. Remote preferred, will consider relocation
Profile Photo
