MUHAMMAD RAZZAQ CHISHTY

• Lead and oversee all aspects of cybersecurity and IT audit engagements, including scoping, planning, execution, and reporting.
• Manage a team of 10+ auditors, providing guidance, mentoring, and performance feedback to ensure the team's continued growth and success.
• Collaborate with cross-functional teams, including IT, information security, business continuity, legal, and business stakeholders, to identify risks, evaluate controls, and develop action plans to remediate any identified vulnerabilities.
• Develop and maintain relationships with external audits, regulatory agencies, and industry associations to stay current on emerging threats, trends, and best practices.
• Implement and continuously improve audit methodologies, processes, and tools to increase efficiency, effectiveness, and quality of deliverables.
• Review and approve audit reports, executive summaries, and presentations for senior leadership and audit committees, ensuring clear and concise communication of audit findings and recommendations.
• Participate in the development and implementation of the cybersecurity strategy and roadmap, providing input on risk management, governance, and compliance initiatives.
• Conduct training and awareness sessions for employees and stakeholders on cybersecurity risks, controls, and best practices.

Key Accomplishments:

• Led the successful completion of over 50 cybersecurity and IT audit engagements, resulting in increased visibility into the organization's cybersecurity posture and improved risk management practices.
• Developed and implemented a risk-based audit approach that focused on key risks and controls, resulting in more targeted and efficient audits.
• Established a cybersecurity audit center of excellence, including the development of standardized templates, checklists, and reporting tools, resulting in improved consistency and quality across all audit engagements.
• Implemented a continuous auditing program, leveraging data analytics and automation tools, resulting in increased coverage and faster identification of potential issues.

• Develop and implement annual IT audit plans, ensuring that they align with the company's overall risk management strategy and regulatory requirements
• Lead a team of 5 IT auditors, providing direction and guidance on audit methodology, risk assessment, and testing procedures
• Conduct complex IT audits across various areas including information security, application controls, IT infrastructure, and data analytics
• Prepare audit reports and presentations for senior management and the Audit Committee, highlighting audit findings, recommendations, and remediation plans
• Collaborate with IT and business stakeholders to provide value-added recommendations to improve controls, reduce risk, and enhance operational efficiency
• Manage relationships with external auditors, regulators, and industry peers, staying up-to-date with emerging IT audit trends and best practices
• Implement and maintain a continuous monitoring program to ensure that audit findings are tracked, remediated, and reported to relevant stakeholders

Key Accomplishments:

• Developed and implemented a new risk-based approach to IT audit planning, resulting in a more efficient and effective use of audit resources and increased coverage of high-risk areas
• Led the successful completion of a comprehensive IT security assessment, identifying and remediating significant gaps in the company's security posture and reducing the risk of data breaches
• Collaborated with IT and business stakeholders to design and implement a new enterprise-wide identity and access management system, improving control over user access and reducing the risk of unauthorized access to sensitive data.

• Conduct comprehensive IT audits of the organization's information systems, applications, and infrastructure to ensure compliance with industry standards, regulatory requirements, and company policies.
• Develop and execute IT audit plans and risk assessments based on the company's strategic goals and objectives, including identification of potential control gaps and recommendations for improvement.
• Evaluate the effectiveness of the IT controls and processes in place and provide recommendations for enhancements to reduce risk exposure and improve operational efficiency.
• Coordinate with cross-functional teams to ensure timely completion of audit projects and collaborate with management to resolve any identified issues.
• Manage and mentor junior audit staff, providing guidance and training to enhance their skills and capabilities.
• Prepare and present audit reports to senior management and audit committee, highlighting key findings, risks, and recommendations for improvement.
• Continuously monitor industry trends and regulatory changes to ensure the organization's IT audit approach remains current and effective.

Key Accomplishments:

• Successfully led the IT audit of a major system implementation project, ensuring the project team adhered to project timelines, budgets, and quality standards, resulting in a successful deployment and minimal disruption to business operations.
• Developed and implemented a new IT risk assessment framework, providing a more comprehensive and systematic approach to identifying, assessing, and reporting IT risks to senior management.
• Mentored and coached several junior audit staff, resulting in improved team productivity, enhanced skills, and career progression opportunities.

• Lead the development and implementation of the company's information security strategy, policies, and procedures to ensure compliance with regulatory requirements and industry best practices.
• Conduct risk assessments and vulnerability scans to identify security gaps and recommend appropriate controls and mitigation measures.
• Oversee the design, configuration, and maintenance of the company's security infrastructure, including firewalls, intrusion detection and prevention systems, and encryption technologies.
• Manage a team of information security professionals, providing technical guidance and mentoring to ensure the delivery of high-quality services.
• Collaborate with cross-functional teams to ensure the timely and effective response to security incidents and breaches, including incident investigation, containment, and resolution.
• Represent the company in industry forums and conferences, sharing insights and best practices with peers and stakeholders.

• Designed and implemented security controls for the company's IT systems and applications, including access control, authentication, and encryption mechanisms.
• Conducted penetration testing and vulnerability assessments to identify and remediate security weaknesses in the company's infrastructure and applications.
• Provided technical support to internal and external customers on security-related issues, including security incidents and investigations.
• Participated in security incident response activities, including investigation, containment, and recovery.
• Collaborated with cross-functional teams to ensure the secure design and deployment of new IT systems and applications.
• Developed and delivered security awareness and training programs to educate employees on best practices for protecting sensitive information.