Asif Iqbal

Manage Organization's Information Security policies and procedures. Administers the Integrated Risk Management tool in Service Now to update controls, policies, procedures and evidence used as part of the Security Compliance program. Performs periodic testing of process that are executed to achieve compliance with Information Security policies and procedures. Assist internal IT and Business control owners to prepare for HITRUST requirements.

Support development, implementation and maintenance of information security policies, standards and processes to prevent, detect, analyse, and respond to information security incidents. Lead and contribute to the development, operations and maintenance of the Security incident management process, awareness trainings and campaigns, vulnerabilities management and penetration testing. Support risk based implementation of security controls for protection of information systems, networks and applications. Support BAU IT security operations including Security Incident & Event Management (SIEM) processes, threat and incident management to mitigate risks. Proactively research and develop technical solutions/security tools to help mitigate security vulnerabilities and automate repeatable tasks. Collaborate with IT Support, IT Shared Services and IT Architecture & Strategy teams to ensure systems, applications and networks are secure by design.

Carry out internal Audits. Audits in compliance to ISO 27001. Risk Assessment and Information Security Audits. Review to ensure compliance with client's policy procedures requirements. Provide information security awareness training to organization personnel. Serve as a focal point of contact for the Client information security team and the organization. Follow and maintain the corporate Information Security Monitoring related policies and procedures.

Conduct vulnerability assessment using scanners like Nessus, Nmap, Acunetix, etc. Exploit vulnerabilities using tools, small program codes. Review asset discovery and vulnerability assessment data. Provide real-time guidance on network configuration, security settings and policies, and attack mitigation procedures. Audits in compliance to ISO 27001. Perform Network VAPT, SIEM deployment, and Access Protection.

Deploying 24* 7 Honeypot in the Datacenter. Implementation of Information Security Management System (ISMS) based on ISO 27001. To map applicable industry standard practices and guidelines. Threat Intelligence using Open Source Tools. Recommend and suggest roadmap towards mitigating the risk. Assist in developing processes, tools, and techniques to enhance the performance of technical network security audits. Manage audits independently and perform audits end to end. Security of the entire network on a regular basis using widely acknowledged best practices. Measure users' security awareness with password audits and social engineering campaigns. Complete Network Security Scanning, Vulnerability, Network Assessment & Patch Management. Implement cyber security risk management practices in line with defined strategy. Lead / facilitate meetings to debate and understand the risk. Conduct Field Cyber Crime investigation of computers, networks & Mobile (including Physical memory extraction) investigation.

Give current knowledge of industry developments in technology affecting database and application development. Contribute to the ongoing development and enhancement of the university's LMS, including customized enhancements to be contributed back to the open source developer community. Contribute to the development and maintenance of LMS interfaces with custom student information systems. Assist training personnel in developing LMS-related curricula.

Design and Install ICT networking systems. Timely upgrade of LAN infrastructure and Internet connectivity to meet Microsoft - Partners In Learning Project requirements. Ensure secured LAN through configuration of firewalls. Ensure all technical requirements are met in all projects. Ensure that the desktop and network resources of Microsoft - Partners In Learning Project are protected from malicious virus attacks. Troubleshooting and providing service support in diagnosing, resolving and repairing server-related hardware and software malfunctions. Monitoring of backup and restoration procedures for both server and local drives. Liaising with security vendors, suppliers, service providers and external resources; Train new categories of staff to use the various tools. Support the knowledge management unit for effective Training and survey data analysis.