Summary
Overview
Work History
Education
Skills
Accomplishments
Certification
Affiliations
Professional Development
Timeline
Generic

AZIM SHEIKH

Irvine,California

Summary

A seasoned, methodical, and results-driven executive with extensive experience in information technology, with a focus on IT risk management, information systems auditing, and information security; complemented by a strong background in database administration. Effective leader and concept-to-execution driver; armed with proven expertise in managing various projects from inception to completion and delivery, while overseeing and delivering enterprise integration technology initiatives. Known for strong problem-solving and critical-thinking skills, with proven ability to identify potential issues and provide corrective solutions through sound decisions. Information Security Officer with more than 20 years in information security, compliance and risk management.

Overview

20
20
years of professional experience
1
1
year of post-secondary education
2
2
Certifications
3
3
Languages

Work History

Managing Director

Red Spider Security
11.2022 - Current
  • Supported multiple clients from planning phase to final meeting phase, encompassing providing updates to client executives upon completion of each phase and scheduling executive reviews
  • Spearheaded successful business development initiatives aligned with company's strategy and core competencies
  • Documented processes and drafted SOPs to comply with regulations and company policies
  • Nano Banc: Lead as primary support in outsourcing entire IT function to MSP in Oklahoma City
  • This involved making executive decisions to keep project moving forward
  • Also led effort to complete Cybersecurity Assessment Tool for annual FFIEC requirement
  • Bayshore Mortgage and Unify: Performed ADA scan of their website and provided remediation steps to become fully compliant
  • Community West Bank: Performed vulnerability scans and penetration testing for their internal/external networks
  • CBC Federal Credit Union: Performed gap assessment of current control environment against NIST 800-53 framework.

Chief Information &Technology Officer (CITO)

Friendly Hills Bank
04.2022 - 11.2022
  • Implemented Information Security and IT Risk Management strategy, including strategies to test and address current and emerging risks
  • Implemented Vendor Management program, including due diligence requirements to meet FFIEC guidelines
  • Drafted IT Strategic Plan for 2022 – 2025 with tactical and budget forecast
  • Engaging with management in lines of business to understand new initiatives, providing information on inherent risks of these activities, and outlining ways to mitigate risks
  • Championing security awareness and training campaigns
  • Reporting to Board, steering committees, government agencies, and law enforcement
  • Notable Accomplishment: Completed full set of Information Technology and Information Security Policies and Procedures
  • Implemented Steering Committees for both IT and Information Security including: IT Steering Committee, BC/DR Steering Committee.

Chief Information Security Officer (CISO)

Nano Banc
04.2019 - 04.2022
  • Implemented the Information Security and IT Risk Management strategy, including strategies to test and address current and emerging risks
  • Implemented the Vendor Management program, including the due diligence requirements to meet FFIEC guidelines
  • Drafted the IT Strategic Plan for 2019 – 2022 with a tactical and budget forecast
  • Engaging with management in the lines of business to understand new initiatives, providing information on the inherent risks of these activities, and outlining ways to mitigate the risks
  • Championing security awareness and training campaigns
  • Reporting to the Board, steering committees, government agencies, and law enforcement
  • Notable Accomplishment: Completed a full set of Information Technology and Information Security Policies and Procedures
  • Implemented Steering Committees for both IT and Information Security including: IT Steering Committee, Policy and Standards Steering Committee, BC/DR Steering Committee
  • Ran successful annual DR test for over 42 applications and network connectivity to meet FFIEC requirements.

First Vice President (FVP), Enterprise IT Risk Management

East West Bank
08.2012 - 04.2019
  • Set the strategic direction of two teams including IT Risk Management and Compliance and Business Continuity/Disaster Recovery
  • Demonstrate expertise in conducting cyber-security gap analysis for the Federal Financial Institutions Examination Council (FFIEC) and the National Institute of Standards and Technology (NIST) of over 3600 controls, and formulating and presenting the final memo to the board
  • Perform annual evaluation of all vendors as well as pre-and post-implementation assessments
  • Present security awareness training at quarterly branch manager meetings in San Francisco and Loan Operations and Marketing
  • Take charge of administering more than 16 internal/external audits, involving Hong Kong and China internal or external vulnerability assessments and penetration testing which require documentation and scheduling of Hong Kong and China input, while communicating directly with control owners
  • Lead the execution of the process for: –IT Operations to remediate audit issues; –Delivery of information on vulnerabilities for IT to accept prepared by IA; and –Rollout of all encrypted Universal Serial Bus (USB) for China, Hong Kong, and the United States
  • Work collaboratively with Third Party Risk Management to launch new templates and risk registers for all vendors
  • Provide and handle desktop services with a proposal for LANDesk, allowing patching of laptops over the internet without the device logging into the internal network
  • Exhibit competency in developing all management responses for audit reports
  • Notable Accomplishments: Earned selection to manage and re-establish the BC/DR Department and its reputation by increasing the team’s morale
  • Effectively managed the process change for Information Security, which resulted in the formation of the Vulnerability Management Team
  • Successfully initiated the new process for all audits requiring all senior management to be present while discussing, thus achieving better communication between IT and Internal Audit
  • Headed the implementation of all PeopleSoft changes review, which resulted in standard operating procedures for the majority of Sarbanes Oxley (SOX) applications
  • Established a process including risk and security in all projects requiring IT support, as well as a new process to properly assess the risk of all new vendors incorporated by the Vendor Management Office (VMO).

IT Compliance and Governance Consultant

Tangible Compliance Solutions LLC
09.2011 - 08.2012
  • Expertly directed and supported multiple clients from the planning phase to the final meeting phase, encompassing providing updates to engagement executives upon completion of each phase and scheduling executive reviews
  • Notable Accomplishments: Provided first-rate consulting services to the LBMC and a group of select clients, which included the following: Mississippi Health Association: Completion of IT risk assessment for three hospitals within the association
  • Vanguard Health Systems: Delivery of IT current state assessment for the recent acquisition of two locations
  • Blue Cross Blue Shield of South Carolina and ViPS: Administration of annual Federal Information Security Management Act (FISMA) assessment
  • Jack Henry and Associates: Carrying out of yearly Statement on Standards for Attestation Engagements No
  • 16 (SSAE 16) assessment
  • EFT Source: Implementation of Payment Card Industry assessment on an annual basis
  • The Vincit Group: Fulfillment of IT risk assessment for annual audit.

IT Compliance Specialist

Fishnet Security LLC
04.2010 - 09.2011
  • Directed and supported multiple compliance projects ranging from SOX testing to PCI reviews
  • Performed walkthroughs of all critical processes
  • Created process documentation diagrams with the corresponding risks and controls associated with each step of the process
  • Notable Accomplishment: Capitalized on industry expertise in leading and accomplishing the Emdeon Project through the following initiatives: Utilization of PCI DSS 2.0 framework for various applications including new service offerings to conduct gap assessments and impact analysis; Upgrading of risk assessment and analysis management (RSAM) documentation repository for PCI validations; Design of PCI, Electronic Healthcare Network Accreditation Commission (EHNAC) e-Prescribing Accreditation Program (ePAP) and EHNAC Home Network Administration Protocol (HNAP), Control Objectives for Information and Related Technologies (COBIT), and National Institute of Standards and Technology (NIST) 800-53 frameworks to import; Introduction of remediation dashboard for PCI and EHNAC testing, process binder to capture IT and business risks and controls, and desk procedures earned income tax credit (EITC) Department; Review of request for proposal (RFP), request for information (RFI), and questionnaires sent by Marketing for security-related items; and Provision of support with the creation of process flows for departmental procedures and framework for the Centers for Medicare and Medicaid Services (CMS) Information Security Acceptable Risk Safeguards (ARS) framework.

IT Audit Senior

UHY Advisors
07.2009 - 08.2010
  • Rendered hands-on assistance with the institution of a new national PCI and security practice
  • Drove strategic efforts in establishing the model for pricing vulnerability assessments and penetration testing, and for all IT general controls (ITGC) and security work execution, as well as a remediation dashboard for clients which used nationally
  • Assumed full accountability in authoring over 20 proposals for new services, while collaborating closely with the local and international Qualified Security Assessor Company
  • Notable Accomplishments: Made a significant contribution in generating over $150K of additional services within the first year of employment
  • Expertly administered numerous clients and spearheaded various projects from planning to the final meeting phase.

IT Audit Senior III

Ernst & Young
10.2007 - 01.2009
  • Held responsibility in organizing personnel schedules and executive reviews along with the engagement executives
  • Exemplified proficiency in conceptualizing planning memos and statements of work (SOWs)
  • Informed engagement executives upon completion of each phase
  • Notable Accomplishments: Led the development of several projects for the following well-known clients toward business growth and advancement.

Education

Undergraduate - Computer And Information Sciences

Collin County Community College District
Plano, TX
08.2002 - 12.2003

Skills

    Network Penetration Testing

Vulnerability Assessment

Disaster Recovery AdministrationStaff Leadership and TrainingClient RelationsStrategic PlanningCybersecurity Awareness Training

Audit oversight

Risk mitigation strategies

IT Risk Management Best Practices

Employee supervision

Accomplishments

  • Head of multiple departments and was in charge of several programs that were audited multiple times a year for compliance and regulatory examinations.
  • Drafted and implemented a five year IT strategic plan with a budget of over $2MM
  • Implemented several software solutions for security analysis as well as Board collaboration.
  • Collaborated with a team of 30 in the development of an additional biometric security layer for a banking wire platform.
  • Built and implemented several IT Risk Management programs along with Enterprise Risk Management programs.
  • Implemented a layered security framework to best protect the organization's network.
  • Performed multiple gap assessments based on various compliance frameworks.

Certification

Network+ | CompTia

Affiliations

  • Chief Information Security Officers (CISO) Coalition | Information Sharing and Analysis Center (ISAC)
  • Corporate Executive Board Global | Financial Services Information Sharing and Analysis Center (FS-ISAC)

Professional Development

  • 40-Hour Cyber-Terrorism Incident Handling and Response, University of Arkansas – Criminal Justice Institute
  • 500-Hours 10 Domains of Information Technology Security Training, CCI Training Center
  • 80-Hours Basics of Oracle to Advanced Administration, Oracle University
  • 80-Hour SQL Server Training, Rational

Timeline

Managing Director

Red Spider Security
11.2022 - Current

Chief Information &Technology Officer (CITO)

Friendly Hills Bank
04.2022 - 11.2022

Chief Information Security Officer (CISO)

Nano Banc
04.2019 - 04.2022

First Vice President (FVP), Enterprise IT Risk Management

East West Bank
08.2012 - 04.2019

IT Compliance and Governance Consultant

Tangible Compliance Solutions LLC
09.2011 - 08.2012

IT Compliance Specialist

Fishnet Security LLC
04.2010 - 09.2011

IT Audit Senior

UHY Advisors
07.2009 - 08.2010

IT Audit Senior III

Ernst & Young
10.2007 - 01.2009

Undergraduate - Computer And Information Sciences

Collin County Community College District
08.2002 - 12.2003

Similar Profiles

CREATE PROFILE
AZIM SHEIKH