mahpara amil

In various capacities in Professional Services companies leading to my present assignment as an Information Security Analyst, I have acquired skills in internal and external audits, monitoring, awareness training, finding vulnerabilities in applications, and evaluating the security systems that protect an organization’s Assets and help in the development of Information security systems and ensure organization Confidentiality, Integrity, and Availability

Information Security Analyst, SDS IT, Payactiv, Islamabad

Achievements and responsibilities: 

• Actively assisted Payactiv in obtaining PCI DSS level 1 certification for the first time.
• Managing internal and external Audits of SOC2, ISO 27001, and PCI DSS.
• Coordinate with the CISO and other teams to develop, design, and maintain information 
security policies, and security across the organization, including performing audits of security 
systems to maintain compliance with standards and protocols.
• Support evidence collection regarding various security compliance frameworks including PCIDSS, ISO 27001, and SOC assessments.
• Work with Account Executives and the Sales team to complete client questionnaires.
• Work with internal business units to coordinate responses to assurance requirements from 
clients.
• Monitoring, reporting, and remediation of internal and external risks, as well as the creation 
and implementation of corrective action plans
• Collaborate with Security Awareness activities, presenting the security program to employees 
and new hires using the KnownBe4 portal.
• Keep track of and manage ISMS's key performance indicators that help in enterprise security 
growth.
• Analyzing, updating, and modifying procedures and processes to identify and 
continuously implement process improvements.
• Participate in change management sessions held with the information security team during 
each sprint deployment. 
• Maintain and update the risk assessment register of the organization on an annual basis or in 
case of any major changes in the organization.
• Defining, reviewing, and editing the information security policies based on SOC2, ISO27001, 
PCI DSS requirements, environmental and operational conditions, and changes in technology 
to improve business performance.  Executives and the Sales team to complete client questionnaires. 

• Work with internal business units to coordinate responses to assurance requirements from clients. 

• Monitoring, reporting, and remediation of internal and external risks, as well as the creation and implementation of corrective action plans

 • Collaborate with Security Awareness activities, presenting the security program to employees and new hires using the KnownBe4 portal. 

• Keep track of and manage ISMS's key performance indicators that help in enterprise security growth. • Analyzing, updating, and modifying procedures and processes to identify and continuously implement process improvements. 

• Participate in change management sessions held with the information security team during each sprint deployment. 

• Maintain and update the risk assessment register of the organization on an annual basis or in case of any major changes in the organization. 

• Defining, reviewing, and editing the information security policies based on SOC2, ISO27001, PCI DSS requirements, environmental and operational conditions, and changes in technology to improve business performance.

National University of Computer and Emerging Sciences

(Aug 2015 – June 2019) 

Computer Science: 

Introduction to Computing 

Computer Programming 

Database Data Structure