Umair Ahmad
New York,NY
Summary
Director of Information Security and Risk at Moore International with expertise in strategic cybersecurity planning and compliance oversight. Led initiatives that strengthened organizational resilience and minimized risk exposure. Demonstrated leadership in incident response and crisis management, utilizing technical skills in security tools to enhance performance and facilitate stakeholder communication.
Overview
16
16
years of professional experience
1
1
Certification
Work History
Director Information Security and Risk
Moore International
Manama, Bahrain
09.2017 - Current
- Fulfilled multiple roles as Chief Information Security Officer for different clients and a key contributor to the Risk Management Committee, delivering insightful monthly and quarterly reports.
- Utilized specialized industry tools to manage comprehensive Information Security functions, achieving excellence in risk assessment and strategic planning.
- Developed strategic initiatives to enhance Information Security organizational performance and efficiency.
- Conducted in-depth analytics to detect cybersecurity anomalies, enhancing security postures and reducing risk profiles.
- Led execution of auditing, certification, and compliance for standards such as PCI-DSS, ISO 27001, GDPR, NIST, and SWIFT.
- Created and oversaw deployment of audit frameworks and annual plans, strengthening incident management and organizational resilience.
- Proactively identified technology and operational risks, implementing controls that addressed vulnerabilities and enhanced system integrity.
- Provided expert advice on security considerations for Digital Transformation initiatives across banking, oil & gas, and telecommunications sectors.
- Represented clients before regulatory bodies, ensuring regulatory requirements were articulated during critical audits.
Information Security and Risk Specialist
Abraj Energy Services S.A.O.G
03.2016 - 08.2017
- Designed, implemented, and tested the Information Security function from scratch to maturity.
- Formulated, conducted, managed, and evaluated exercises for Cyber Risk Management.
- Designed complete annual audit plans based on multiple standards for Operational Tech.
- Evaluation and Testing the Disaster Recovery and Business Continuity Plans and testing.
- Conducted a thorough Information Security Risk Assessment of all the information processing facilities and business functions.
Senior Executive – Information Security Compliance
Ufone – Etisalat
07.2013 - 03.2016
- Maintenance of security governance, risk and compliance issues on the in-house developed applications, databases, network components, and web applications.
- Formulated, implemented, and tested Business Continuity and Disaster Recovery Plans.
- Acted as a Leader and Subject Matter Expert in the organizational body Information Security Management Forum.
- Risk Assessment and Management against ISO 27005, NIST 800-30, OCTAVE and FAIR.
- Conducted Staff Awareness on Information Security (EC-CSCU) for over 2000 participants in different physical sessions.
- Worked as Team Lead for adopting ISMS ISO 27001:2013 organization-wide.
- Drafted and implemented a Framework of Information Security Policies, Procedures, and guidelines.
- Active Incident handling and management from their identification until the resolution.
Governance, Risk & Compliance (GRC) Analyst
Trillium Information Security Systems
09.2011 - 06.2013
- PCI-DSS Audits and Implementation.
- Risk Assessment using FAIR, OCTAVE, ISO/ IEC27005 and NIST SP 800-30.
- Conducting Risk assessment and providing a framework of Risk Management to Certain Banks and Public Sector Organizations.
- ISO 27001 Implementation and pre-certification Audit for Commercial Banks and public sector organizations.
- Designing Business Continuity and Disaster Recovery Plans for certain clients.
- Assisted clients with design of a security operations center.
- Providing Information Security Awareness to certain clients.
IT Security Officer
The Bank of Khyber
02.2010 - 09.2010
- Information System Audits in liaison with the Internal Audit Department.
- Information Security Policy formulation and implementation.
- Configuration and maintenance of security considerations for network services, equipment, and devices.
- Log management of Networking devices and Servers.
- Formulation and management of Computer Emergency Response Team.
- Member of Information Security Awareness Team in the Bank.
- Planning and supporting Security infrastructure.
- Analysis of security risks to servers, and workstations.
- Management of user accounts, permissions, email, anti-virus, anti-spam.
Education
MS - Information Security
National University of Sciences and Technology (NUST)
01.2011
BS - Information Technology
University of Engineering & Technology
01.2009
Skills
- Strategic cybersecurity planning
- Information security governance
- Risk assessment and management
- Compliance and regulatory expertise
- Incident response and crisis management
- Business continuity planning
- Security architecture design
- Cybersecurity analytics
- Threat intelligence analysis
- Digital transformation security
- Stakeholder communication
- Team leadership and development
- Technical proficiency in security tools
- Audit and certification oversight
- Vendor risk management
- Performance measurement through KRIs and KPIs
- Policy formulation and procedure development
Certification
- CRISC, ISACA, 221844006
- CDPSE, ISACA, 2008191
- CISSP, ISC2
- CISM, ISACA, 1840727
- ISO 27001 LI, IRCA Global
- AWS Certified Cloud Practitioner, AWS, JM9TXXD2BBQ1QC39
- C|HFI, EC-Council, ECC 95177009097
- Information security foundation based on ISO/IEC 27002, BSI, 4762088
Awards
- Business Development Leader, 12/01/22, BT ME
- Speaker, 02/01/21, World Cyber Security Summit
- Team Management, 05/01/20, Baker Tilly
- Employee Appreciation, 01/01/19, Baker Tilly
- Business Development and Consultant, 12/01/18, Baker Tilly
- IS Training for all employees, 06/01/16, AES, Oman
- Employee Appreciation from the Management, 01/01/15, Ufone
- Silver Medal, 12/01/10, UET Peshawar
Affiliations
- Dec 2010 - Silver Medal – UET Peshawar (Bachelor’s Degree)
Languages
English
First Language
Arabic
Intermediate (B1)
B1
Urdu
Proficient (C2)
C2
Pashto
Proficient (C2)
C2
Accomplishments
- Dec 2022 – Business Development Leader – BT ME
- Feb 2021 – Speaker – World Cyber Security Summit
- May 2020 – Team Management – Baker Tilly
- Jan 2019 – Employee Appreciation – Baker Tilly
- Dec 2018 – Business Development and Consultant – Baker Tilly
- Jun 2016 – IS training for all employees – AES, Oman
- Employee appreciation from the management (three times) – Ufone
- Dec 2010 - Silver Medal – UET Peshawar (Bachelor’s Degree)
References
References available upon request.
Timeline
Director Information Security and Risk
Moore International
09.2017 - Current
Information Security and Risk Specialist
Abraj Energy Services S.A.O.G
03.2016 - 08.2017
Senior Executive – Information Security Compliance
Ufone – Etisalat
07.2013 - 03.2016
Governance, Risk & Compliance (GRC) Analyst
Trillium Information Security Systems
09.2011 - 06.2013
IT Security Officer
The Bank of Khyber
02.2010 - 09.2010
MS - Information Security
National University of Sciences and Technology (NUST)
BS - Information Technology
University of Engineering & Technology