Muhammad Farooq Khan

Key Achievements:

• Information Security & Privacy Information Management Systems (ISMS & PIMS) for ISO 27001 & 27701, SOC 2, and PCI-DSS certifications
• Established a technical vulnerability management program to identify, report, and help in remediation of security vulnerabilities on an ongoing basis
• Established and led a Business Information Security program that provides advisory services to leaders from Sales, Marketing, Legal, HR & Operations
• Set up and led a global Security Operations Center (SOC)
• Established & led a "Third Party Risk Management (TPRM)" program to facilitate responses to RFQ/RFP, Vendor onboarding, external audits & contractual compliance
• Established a privacy working group to address various global and state regulations (GDPR, CCPA/CPRA notably)

General responsibilities:

• Developing a cybersecurity strategy to address business security, contractual, legal, and regulatory requirements
• Developing and implementing a threat prevention, detection, response, and incident recovery program
• Evaluating and identifying potential cyber threats and vulnerabilities, and work with internal teams to mitigate risks appropriately
• Developing and ensuring implementation of organizational policies, procedures, and standards that align with industry standards and regulations
• Overseeing the security operations center (SOC), including reviews of the runbook, creation of playbooks, and incident response coordination
• Working closely with the Legal team to review customer and service provider contracts, agreements, and interpret technical jargon for them to provide accurate legal response to the risk situations
• Becoming a single authoritative point of contact for internal and external customers and auditors for providing appropriate risk responses
• Establish credibility as a trusted advisor to stakeholders including executives, peers, and employees.

• As the Program Manager Information Security, I lead a team of experienced consultants and specialists to deliver professional services in following areas:
• Vulnerability Assessment & Penetration Testing (Web application & Infrastructure)
• Vendor solutions (Firewall, SIEM, End-point-protection, web gateway, Email messaging security etc.)
• Compliance based on ISO 27001:2013, FedRAMP (NIST 800-53 Rev4)
• FedRAMP for Collab9, a subsidiary of EnPointe Inc.

• Completed several vulnerability assessment and penetration testing assignments for network infrastructure & web applications
• Developed information security policies and procedures for the implementation of an effective ISMS based on the requirements of ISO/IEC 27001
• Deliver professional trainings for CISSP, CISA, CISM and Ethical Hacking and Penetration Testing (Hands-on) 3-5 days training with extensive lab exercises

• Monitored systems for indications of threats, security breaches or intrusions.
• Provided technical support related to security product installation and use.
• Maintained documentation of security and disaster recovery policies and procedures.
• Investigated information security breaches to identify vulnerabilities and evaluate damage.
• Directed vulnerability assessments or analysis of information security systems.

• Documented and reported on key risks and recommended mitigation strategies.
• Developed and documented risk management systems.
• Monitored risk assessments and assessed validity using industry-specific methods.

• Performed network, application, system and mobile penetration testing across company's product suite.
• Delivered recommendations for enhancements to IT security environments to prevent successful attacks.
• Communicated findings and strategy to stakeholders, technical staff and executive leadership.