Sohaib Mahmood
Toronto,Canada
Summary
Over 19 years of experience in cybersecurity program management and strategy development, technology risk management, data protection, security architecture development and advisory across industries such as financial, telecommunications, and healthcare. I have expertise in leading global teams, advising on data protection, cyber risk management strategies, SDLC third party risk management. I am proficient in designing and implementing enterprise security frameworks, data protection programs. I also have experience in leading transformation projects such as cybersecurity for AI, cloud adoption. Furthermore, I have unique ability to translate business objectives into security initiatives and requirements. Certified professional holding CISSP, CRISK, SABSA, CDPSE, and CCSK credentials with advanced educational background comprising a Master's in Computer Science from Lahore University of Management Sciences.
Overview
14
14
years of professional experience
1
1
Certification
Work History
Director Data Protection & Security Architecture
CGI
Toronto, Ontario
08.2020 - Current
- Program Lead for CGI’s Security Architecture & Advisory Program
- Program Lead for CGI’s corporate data protection program & privacy engineering
- Lead a global team of 10+ multi discipline security architects to support CGI corporate business and transformation initiatives [AI, Data Analytics, Cloud adoption etc] focusing on data protection, architectural advisory, risk management and data protection to satisfy business, compliance & industry requirements. Provide technical leadership to architects, security engineers and developers, fostering a security first philosophy.
- Ensure business alignment by acting as a trusted advisor and partner to business leaders as well as technology leaders to influence security initiatives to mitigate and address business risks, data risks and cyber risks.
- Lead and contribute to several parallel initiatives related data analytics, risk management, Cybersecurity for AI, Digital transformation and data privacy & governance
- Led complex cybersecurity programs with full ownership of scope, budget, resourcing, and stakeholder alignment; delivered tangible results
- Key Accomplishments
- Defined and executed enterprise-wide cybersecurity strategy aligned with business goals, regulatory requirements, and emerging threat landscapes.
- Designed and architected the solution deployments of DLP, SASE, CASB, Zero Trust and Classification Solutions globally.
- Led global data protection transformation, reducing policy exceptions by 60% and automating 75% of control assessments using security tooling (Classification, DLP, CASB, SASE) and analytics platforms.
- Influenced $31M in cybersecurity investment decisions through clear risk-to-business translation and board-level risk based architectural engagements.
Senior Manager - Cyber Risk Advisory
Richter LLP
Toronto, Ontario
11.2018 - 08.2020
- Security & Risk Advisor for Richter clients to improve their security posture and operations.
- Delivered several client engagements related to security gap analyses, risk assessments, security roadmaps and roadmaps.
- Key Accomplishments
- Created a uniform Risk Assessment Methodology for a healthcare client and implemented it through numerous significant risk assessments/privacy assessments and privacy assessments
- Developed Reference Architectures and patterns
- Conducted assessments of DLP and other controls in relation to business requirements and the effectiveness of controls.
Lead Consultant - Data Security
IBM Middle East
Dubai
07.2017 - 10.2018
- Lead SME on IBM’s Critical Data Protection Program.
- Deployment Lead of IBM's then largest data protection transformation project for a telecom client through data discovery, data governance, classification and protection.
- Key Accomplishments
- Participate in business development, GTM strategy and vendor alliances for CDPP progress.
- Deployed Data Classification Solution throughout the telecom with high visibility and recognition from client.
- DLP Assessment to improve control effectiveness, response procedures and measurement approach.
- Deployed Data Access Governance Solution for a commercial Airline.
Cloud Security Consultant
Alibaba Cloud
Dubai
09.2016 - 05.2017
- As a projects based short term consultancy on various assignments within UAE, responsibilities include:
- For Alibaba public cloud in Middle East, evaluated their public cloud security architecture and cloud security offerings to their clientele. Helped build a MSS portfolio and consulting practice.
- For an insurance firm in Abu Dhabi, understanding business requirements during transition to private cloud, performing risk assessment, security architecture, solutions design & controls recommendations, specially focusing on data security, Identities and GRC challenges.
- Designed complex security architecture and blue prints based on business, technology and security objectives involving cloud, data & IAM security issues applying security architecture framework principles.
- For a government organization in Dubai. providing continual improvement consultancy to ISO 27K compliance program. Also involved in policies enhancements and serve as security liaison between various stakeholders and senior/executive management.
Principal Security Architect
HPE
Dubai
07.2015 - 09.2016
- Lead security architect in Strategy and Risk Management practice across MEMA region.
- Focus areas identity and access management, data protection, mobile security, security architecture.
- Participate in vendor management, Market strategy, pre sales activities and technical account management activities.
- Developed collaterals and artefacts for client engagements (risk assessment, control analysis, gap analysis)
- Key Accomplishments
- Lead Security Architect for Dubai Smart City (Multimillion dollar unique project for dubai government involving several government departments and ministries.
- Data Analytics Protection for turkish bank.
- Mobile Security for State bank in UAE
Security & Risk Services Lead
Kualitatem Inc
Lahore
06.2011 - 12.2012
- Develop Security & Risk Services practice and delivery department (Risk Assessments) Security Architecture Reviews & Designs, Standards Compliance, Gap Assessment, Professional services).
- Do technical account management during project delivery to ensure successful delivery in line with scope of work & business requirements.
- Carrying out business planning, development and practice enhancements.
- Keeping abreast with emerging security challenges and creating awareness in client base catering for business challenge accordingly with appropriate services.
- Introducing niche consulting services such as DLP Program and cloud security assessments.
- Leading delivery of complex security projects involving assessments & deployments.
Education
Masters of Computer Science -
Lahore University of Management Sciences
01.2005
BSc Hons. - Computer Science and Engineering
University of Central Punjab
01.2002
Skills
- Cyber Security Program Management
- Cyber Security Strategy & Transformation
- Risk Management Certified
- Cloud Security Certified (CCSK)
- Chartered Security Architect
- Cyber Security Strategy & Program Development
- Data Security & Privacy Protection
- Governance, Risk & Compliance
- Privacy Engineering & Analytics
- Security for Artificial Intelligence
- CASB Solutions (Zscaler, Netskope, Forcepoint, Skyhigh)
- Privacy Enhancing Tools
- GRC Solutions (Archer, Resolver)
- SIEM Solutions
- Endpoint Detection & Response (EDR)
- Data Classification Solutions (MPIP, Titus, Boldon James, Janus)
- Data Access Governance (Stealthbits, Sailpoint)
- Program Management
- Financial Management
- Excellent Communication skills
- Stakeholder Management and Collaboration
- Analytical mindset
- Strong interpersonal skills
- Agile Approach
- Team Leadership
Certification
- CISSP
- SABSA
- CCSK
- CDPSE
- CRISC
Projects
Data Classification - CGI, Data Leakage Prevention - CGI, Security Architecture - Healthcare Organization in Ontario, Products & Applications TRA - Healthcare organization in Ontario, Data Protection - Telecom in UAE, Dubai Smart City - Security Architecture Lead, IAM Transformation - UAE Commercial Sector, Data Security Program - Bank In Oman, Security Controls Review Program - Ford Of Europe, Advanced Data Analytics Security - Bank In Turkey
Timeline
Director Data Protection & Security Architecture
CGI
08.2020 - Current
Senior Manager - Cyber Risk Advisory
Richter LLP
11.2018 - 08.2020
Lead Consultant - Data Security
IBM Middle East
07.2017 - 10.2018
Cloud Security Consultant
Alibaba Cloud
09.2016 - 05.2017
Principal Security Architect
HPE
07.2015 - 09.2016
Security & Risk Services Lead
Kualitatem Inc
06.2011 - 12.2012
Masters of Computer Science -
Lahore University of Management Sciences
BSc Hons. - Computer Science and Engineering
University of Central Punjab
Similar Profiles
Paul Pradeep SPaul Pradeep S
Lead Analyst at CGILead Analyst at CGI
Ricardo TaboraRicardo Tabora
Petroleum/Chemical Inspector at CGIPetroleum/Chemical Inspector at CGI
Neha KumariNeha Kumari
Software Developer at CGISoftware Developer at CGI
Genna MissettGenna Missett
Senior Consultant at CGISenior Consultant at CGI
Venkat MuruganVenkat Murugan
Associate Director, Murex Business Specialist at RBC Capital MarketsAssociate Director, Murex Business Specialist at RBC Capital Markets