Summary
Overview
Work History
Skills
Certification
Timeline
Generic

FARAH HASAN

Toronto,Canada

Summary

Detail-oriented, analytical IT Audit and GRC Analyst with over 5 years of experience in cybersecurity, audit readiness, and governance, risk, and compliance (GRC) in the finance, legal, and consulting industries. Proven ability in developing and implementing effective cloud governance models and security policies on AWS, and GCP. Skilled in mapping IT controls to compliance frameworks like ISO 27001, NIST, PCI DSS, and GDPR. Experienced in the use of Archer, ServiceNow, AWS Config, Audit Manager, and GRC tools like Vanta, OCRA, ProcessUnity, and MetricStream. Experienced in risk assessment, third-party/vendor management, DLP, Power BI dashboarding, and SIEM/SOAR-based incident response.

Overview

9
9
years of professional experience
1
1
Certification

Work History

Cyber Security Analyst

FIS Canada
08.2024 - 12.2024
  • Conducted detailed risk and threat analysis to identify vulnerabilities, and proposed mitigation techniques for applications and infrastructure.
  • Led security testing activities, including network penetration testing, web application testing, and endpoint scanning.
  • Utilized SIEM (Splunk) and SOAR tools for actively detecting, investigating, and responding to threats in real time.
  • Carried out compliance audits against ISO 27001, PCI DSS, and GDPR; coordinated with external auditors, and ensured remediation of findings.
  • Exercised oversight of incident response workflows, conducted forensic analysis, and developed post-incident reports for executive leadership.
  • Developed and refined security policies, data loss prevention (DLP) procedures, and access controls.
  • Created Power BI dashboards to monitor security posture and compliance KPIs in real time.
  • Acted as a security consultant to IT and business stakeholders for policy adherence and regulatory compliance.
  • Supported project teams by identifying vulnerabilities and recommending remediation based on risk assessments.
  • Reviewed vulnerability scans (SAST, DAST, IAST, SCA), and penetration test reports to prioritize security fixes.
  • Served as the first point of contact for security issues, like identity access management, endpoint protection, and network troubleshooting.

Senior Cyber Security Analyst

HCL
07.2019 - 08.2023
  • Conducted ISO 27001 and NIST CSF-compliant risk assessments and gap analyses.
  • Assisted with internal and external audits (SOX, PCI DSS), with evidence gathering and remediation tracking.
  • Managed risk registers and recorded control gaps with written evidence.
  • Performed third-party/vendor risk assessments, and collaborated on SLA compliance.
  • Organized tabletop exercises, and developed business continuity plans.
  • Developed and revised cybersecurity policies and incident response plans.
  • Enhanced incident response, reducing average response time by 25%.
  • Deployed EDR solutions (CrowdStrike, Microsoft Defender), and facilitated threat hunting.
  • Offered cloud security scanning for AWS and Azure deployments.
  • Conducted penetration testing, reducing vulnerabilities by 15%.
  • Directed cybersecurity awareness campaigns: a 30% reduction in user-related incidents.

Senior Cyber Security Analyst

CAPGEMINI
03.2016 - 06.2019
  • Implemented internal audits and compliance checks on access controls and vulnerability remediation.
  • Enabled reconciliation of controls to ISO 27001, Annex A, and ITGC compliance requirements.
  • Implemented GRC tools to track compliance metrics and risk-mitigation efforts.
  • Enabled real-time incident triage with QRadar and vulnerability management.
  • Conducted phishing simulations and internal awareness campaigns.
  • Conducted firewall and router hardening, resulting in a 25% reduction of network risks.
  • Conducted penetration testing using Metasploit; identified and fixed more than 150 high-priority vulnerabilities.
  • I wrote monthly security bulletins for better staff awareness and a decrease of 40% in incidents.
  • Participated in tracking SLA and KPI for incident and audit management.
  • Kept and reviewed security incident logs to identify and prevent threats proactively.

Skills

Professional Skills:

  • Leadership, Communication, IT Audit Support, Control Design, and Risk Assessments
  • Security Policy Development, BCP/DR, Vendor Risk Assessment
  • Compliance Frameworks: ISO 27001, NIST, PCI DSS, GDPR, SOX, CIS Controls, CISCA, COBIT, SOC 2
  • Software Development Life Cycle (SDLC), Audit Readiness, Regulatory Alignment

Cybersecurity Tools:

  • Wireshark, Snort, Metasploit, Splunk, Qualys, Palo Alto Networks, Cisco ASA, Metasploit, Kali Linux, OWASP, Vulnerability Management (Qualys), SIEM (Splunk, QRadar), SOAR Integration

Programming Languages:

  • Python, PowerShell ,SQL

Operating Systems:

  • Linux, Windows, macOS

Networking:

  • TCP/IP, DNS, VPN, LAN/WAN, Firewall Configurations, Network Monitoring

Cloud & GRC Tools:

  • AWS Config, Audit Manager, IAM, CloudTrail, CloudWatch
  • GCP Security Command Center
  • Archer, ServiceNow GRC, MetricStream, ProcessUnity, Vanta, OCRA
  • JIRA, GitHub, Microsoft Defender, CrowdStrike

Certification

CERTIFICATIONS (In Progress)

  • CISSP – Certified Information Systems Security Professional
  • CompTIA Security+
  • CompTIA CySA+
  • Certified in Cybersecurity (CC)

EDUCATION

  • Cyber Security Operations, York University, Toronto, ON
  • Project Management, Conestoga College, Kitchener, ON
  • Bachelor of Engineering in Medical Electronics, Dr. Ambedkar Institute of Technology, Bengaluru

Timeline

Cyber Security Analyst

FIS Canada
08.2024 - 12.2024

Senior Cyber Security Analyst

HCL
07.2019 - 08.2023

Senior Cyber Security Analyst

CAPGEMINI
03.2016 - 06.2019

Similar Profiles

  • Priyanka Duggal

    Priyanka DuggalPriyanka Duggal

    Lead Business Systems Analyst at FIS CanadaLead Business Systems Analyst at FIS Canada

  • Rajivgandhi Baskar

    Rajivgandhi BaskarRajivgandhi Baskar

    Business System Analyst Senior at FIS Financial Solutions Canada IncBusiness System Analyst Senior at FIS Financial Solutions Canada Inc

  • SHYAM JJ

    SHYAM JJSHYAM JJ

    Senior Service Delivery Manager at FIS, Digital OneSenior Service Delivery Manager at FIS, Digital One

  • Venkat Murugan

    Venkat MuruganVenkat Murugan

    Associate Director, Murex Business Specialist at RBC Capital MarketsAssociate Director, Murex Business Specialist at RBC Capital Markets

  • AJIKE SOMUYIWA

    AJIKE SOMUYIWAAJIKE SOMUYIWA

    Business Analyst/ Project Associate at The Marketing StoreBusiness Analyst/ Project Associate at The Marketing Store

CREATE PROFILE
FARAH HASAN