Summary
Overview
Work History
Education
Skills
Websites
Certification
Timeline
Faisal Ashraf

Faisal Ashraf

Summary

Performance driven and proven information security leader with over twenty years of experience. Led multiple teams, engagements and initiatives focusing on security, privacy, compliance, risk assessments, and technical security reviews. Operationalized information security functions, performance metrics and forecasted budgets. Spearheaded a series of practical security assurance practices that aligned with the business objectives.

Overview

18
18
years of professional experience
4
4
Certifications

Work History

Head of Information Security & Corporate IT

Stylitics
1 2022 - Current
  • Led and developed information security strategy and roadmap
  • Pioneered Stylitics information security program which included policy development, policy governance structure, vulnerability management practices, compliance reviews and risk management
  • Led and developed the privacy program including an extensive review of EU and US Privacy regulation and requirements
  • Operationalized Information Security and Information Technology practices
  • Led and managed corporate IT initiatives, including operations
  • Managed the system integration plan for affiliate acquisition
  • Constructed the Stylitics Risk Register program with quarterly reviews by risk owners while leading initiatives for remediation, establishing key timelines, and deliverables
  • Formulated and allocated a dedicated budget for the InfoSec program at Stylitics that included annual engagements, assessments, and resources.

Director Information Security

Affirm
01.2020 - 01.2022
  • Led and developed multiple workflows for information security, privacy, and compliance initiatives to strengthen the organization's information security posture
  • Directed the Merger and Acquisitions (M&A) information security activities for Affirm affiliates, which included an integration plan for approx
  • 50 systems, execution of the readiness assessment plan, and remedial activities to close the transaction
  • Formulated and presented quarterly dashboards to review the health of the information security/posture of the program, while identifying metrics or KPIs with key business stakeholders across Affirm and affiliates
  • Led, spearheaded & corresponded to the security incident response exercises for Affirm by providing guidance on defense in depth strategies, documenting the details of the incident, reviewing all required actions, and conducting a postmortem exercise with key stakeholders
  • Conducted a data transformation exercise for the data logging collection process while aligning with privacy industry best practices and protecting sensitive data
  • Operationalized information security practices to align with the NIST CSF framework and identified areas for improvement.

Director Information Security

Flipp Corporation
01.2017 - 01.2020
  • Resolved key deficiencies within the information security & data protection practices by achieving the key half-year goals/objectives
  • Led the California Consumer Privacy Act (CCPA) compliance initiative, which included interpretation of the CCPA obligations, data transformation efforts across multiple data repositories/systems, and alignment with key stakeholders across multiple business functions.

Information Security & Privacy Manager

Alida
01.2014 - 01.2017
  • Led and managed the compliance program against SOC2 which included all five trust principles for both Type I and Type II reporting
  • Conducted regular security reviews of configurations for network appliances such as firewalls, network filtering, IDS, vulnerability management and email filtering
  • Assessed security practices available in the Alida private cloud, Amazon AWS (EC2, S3, Trusted Advisor, etc.), and MS Azure.

Corporate Security Analyst

Blackberry
01.2011 - 01.2013
  • Collaborated with key internal BlackBerry stakeholders to identify key information security risks, issues, and reporting them to the designated the security functional teams
  • Led multiple engagements as the lead security architect, assessing the project scope in evaluating the proposed network infrastructure design and application functionality against ISO 27001 and PCI-DSS certifications.

Senior IT Auditor

WestJet Airlines
01.2010 - 01.2011
  • Performed IT General Computing Controls (SOX) and PCI-DSS compliance assessments.

Senior Consultant

Deloitte LLP
01.2007 - 01.2010
  • Performed TRA (Threat and Risk Assessments), PIA (Privacy Impact Assessment), Automated Controls Review, business cycle reviews.

Senior Associate

Price Waterhouse Coopers LLP
01.2006 - 01.2007
  • Assessed IT General Controls audits and threat and risk assessments while evaluating the business impact.

Education

B.Comm. (Hons) - MIS -

University of Manitoba

B.A. - Psychology - undefined

University of Winnipeg

Skills

Google Workspace Administration

Certification

Cert. Info. Privacy Manager (CIPM), 2015

Timeline

Director Information Security - Affirm
01.2020 - 01.2022
Director Information Security - Flipp Corporation
01.2017 - 01.2020
Information Security & Privacy Manager - Alida
01.2014 - 01.2017
Corporate Security Analyst - Blackberry
01.2011 - 01.2013
Senior IT Auditor - WestJet Airlines
01.2010 - 01.2011
Senior Consultant - Deloitte LLP
01.2007 - 01.2010
Senior Associate - Price Waterhouse Coopers LLP
01.2006 - 01.2007
Head of Information Security & Corporate IT - Stylitics
1 2022 - Current
University of Manitoba - B.Comm. (Hons) - MIS,
University of Winnipeg - B.A. - Psychology,

Similar Profiles

  • Nicole Leather

    Nicole LeatherNicole Leather

    Director of Operations at StyliticsDirector of Operations at Stylitics

  • Mostafa Mabrouk

    Mostafa MabroukMostafa Mabrouk

    Corporate Information Security Manager | Chief Information Security Officer at Magrabi Hospitals and CentresCorporate Information Security Manager | Chief Information Security Officer at Magrabi Hospitals and Centres

  • Darren Dannen

    Darren DannenDarren Dannen

    Director, Corporate Information Security at Wellmark Blue Cross Blue ShieldDirector, Corporate Information Security at Wellmark Blue Cross Blue Shield

  • Prakash Nalugade

    Prakash NalugadePrakash Nalugade

    Associate consultant/ Physical Security Consultant / Corporate Security Head at Mahindra Special Services Group (Mahindra Defense systems limited) Project - Lupin Limited (HO)Associate consultant/ Physical Security Consultant / Corporate Security Head at Mahindra Special Services Group (Mahindra Defense systems limited) Project - Lupin Limited (HO)

  • SUMIT KUMAR

    SUMIT KUMARSUMIT KUMAR

    Senior Google Workspace Administrator | Subject Matter Expert at Infosys Ltd.Senior Google Workspace Administrator | Subject Matter Expert at Infosys Ltd.

CREATE PROFILE
Faisal Ashraf