UMAR KASHIF
Milton,Canada
Summary
Dynamic Senior Information Security Advisor with extensive experience at CIBC, excelling in threat risk assessments and third-party risk management. Proven track record in implementing Zero Trust Security Architecture and enhancing compliance with NIST and ISO 27001. Strong communicator and collaborator, delivering actionable insights to executive leadership while driving security initiatives across diverse environments.
Overview
14
14
years of professional experience
1
1
Certification
Work History
Senior Information Security Advisor
CIBC
Toronto, Canada
05.2024 - Current
- Leading Threat Risk Assessments (TRA) across a variety of banking platforms, cloud services, and infrastructure initiatives.
- Conducting Third-Party Risk Assessments for vendors, ensuring compliance with internal policies, regulatory obligations, and industry standards (e.g., NIST, ISO 27001, PCI-DSS).
- Collaborating with enterprise architecture and legal teams to align third-party onboarding with data protection and cybersecurity requirements.
- Providing expert advisory on security architecture reviews, solution design assessments, and risk mitigation strategies for new technology implementations.
- Tracking security exceptions, risk acceptance, and remediation plans with business stakeholders and control owners.
- Delivering clear, actionable risk summaries and recommendations to executive leadership and governance committees.
Senior Information Security Analyst – Advisory
The Salvation Army
Toronto, Canada
06.2021 - 05.2024
- Acted as Risk Advisor for information security projects, leading over 50 Threat Risk Assessments (TRA) and ad hoc risk assessments.
- Assessed infrastructure against the NIST CSF, documenting likelihood, impact, and mitigation recommendations.
- Enhanced data protection workflows using OneTrust, improving GDPR, PIPEDA, and PHIPA compliance.
- Designed and implemented a Zero Trust Security Architecture.
- Directed Business Continuity Planning and oversaw Disaster Recovery Program reviews.
- Strengthened DLP and endpoint security controls across 10,000+ devices.
- Led cybersecurity operations including SOC response, threat hunting, and incident runbook creation.
- Oversaw Patch and Vulnerability Management program for enterprise systems, ensuring critical and high-risk vulnerabilities were identified, prioritized, and remediated in accordance with risk-based SLAs.
- Coordinated monthly vulnerability scans using tools such as Rapid7, analyzed scan results, and worked closely with infrastructure and application teams to remediate findings.
- Developed and tracked Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) related to patching cadence and vulnerability remediation.
- Reported on patch compliance and residual risk posture to senior leadership and security governance committees.
- Supported internal and external audits by providing documentation and evidence of patch and vulnerability management activities.
- Collaborated with vendors for IAM, DLP, SEIM, and endpoint protection.
- Remediated over 400 partner ministry units to align with security standards.
- Trained 5,000+ employees via security awareness programs.
Senior Information Security Analyst – Advisory
Scotiabank
Toronto, Canada
10.2013 - 06.2021
- Conducted 100+ Threat Risk Assessments across cloud and banking environments.
- Guided secure SDLC, DevSecOps, and compliance practices.
- Led migration from Oracle Waveset to SailPoint IdentityIQ.
- Managed IAM governance, custom workflows, and regulatory reporting.
- Directed certificate remediation project for 25,000 Entrust PKI certs.
- Designed security monitoring processes and managed assessments.
Information Security Analyst
Suncor Energy
Mississauga, Canada
02.2012 - 07.2013
- Conducted SOX compliance and technical risk assessments.
- Developed cloud delivery risk questionnaire.
- Provided guidance on security control implementation.
- Supported RSA SecurID, Blue Coat, TrendMicro, and encryption tools.
Education
MBA – Master of Business Administration - Marketing
Lahore, PakistanPostgraduate Diploma - Banking & Capital Markets
University of Westminster
London, UKAdvanced Diploma - Information Technology
NetSoft College of Technology
Mississauga, ONSkills
- Governance, risk, and compliance
- threat risk assessments
- third-party risk assessments
- security architecture reviews
- zero trust security architecture
- vulnerability management
- information security management
- compliance auditing
- cybersecurity operations
- effective communication
- problem solving
- collaboration skills
- attention to detail
- security awareness training
- Intrusion detection
- Data protection
- Penetration testing
- Security architecture
- Threat analysis
- Identity management
- Incident response
- Disaster recovery
- Encryption technologies
- Cloud security
- Access control
- Secure coding
- Network security
- Access management
- Two-factor authentication
- Policy updates
- Security policy development
- Team building
- Active listening
- Managing security breaches
- COBIT
- ISO 27001
- NIST
- PCI-DSS
- SOX
- GDPR
- HIPAA
- PIPEDA
- Threat Risk Assessment
- Risk Advisory
- TRA
- Ad Hoc Risk Assessments
- RSA Archer
- Identity & Access Management
- SailPoint
- OneIdentity
- Delinea
- Entra ID
- CyberArk
- Centrify
- AD
- LDAP
- Kerberos
- SAML
- OAuth
- JWT
- API authentication mechanisms
- Security Operations
- Threat Detection
- LogRhythm
- Securonix
- Rapid7
- Qualys
- CrowdStrike
- DEVO
- Azure Sentinel
- XSOAR
- Meraki
- Fortinet Firewalls
- GPOs Implementation
- Data Protection
- DLP
- OneTrust
- KnowBe4
- Netskope
- MS Purview
- Cloud Security
- Zero Trust Security
- Azure
- AWS
- CASB
- Zero Trust Framework
- Change Management
- Configuration Management
- ServiceNow
- Certificate Services
- Entrust PKI
- MSPKI
- ADFS
- Venafi
Certification
- CISSP – Certified Information Systems Security Professional
- MCITP – Microsoft Certified Information Technology Professional
Accomplishments
- Conducted 100+ TRA for financial institutions including CIBC and Scotiabank
- Risk Advisor for enterprise information security initiatives at The Salvation Army
- Led remediation of 400+ ministry units and 25,000+ Entrust certificates
- Winner of 'Best of the Best' Award – Scotiabank
Personal Information
Title: MBA, CISSP
Technical Skills
8+, COBIT, ISO 27001, NIST, PCI-DSS, SOX, GDPR, HIPAA, PIPEDA, 8+, TRA, NIST, Ad Hoc Risk Assessments, 8+, SailPoint, OneIdentity, Delinea, Entra ID, CyberArk, Centrify, AD, LDAP, Kerberos, SAML, OAuth, JWT, API authentication mechanisms, 8+, LogRhythm, Securonix, Rapid7, Qualys, CrowdStrike, DEVO, Azure Sentinel, XSOAR(Paloalto), Meraki and Fortinet Firewalls, GPOs Implementation, 8+, OneTrust, KnowBe4, Netskope, MS Purview, 3+, Azure, AWS, CASB, Zero Trust Framework, 6+, ServiceNow, 4+, Entrust PKI, MSPKI, ADFS, Venafi
Timeline
Senior Information Security Advisor
CIBC
05.2024 - Current
Senior Information Security Analyst – Advisory
The Salvation Army
06.2021 - 05.2024
Senior Information Security Analyst – Advisory
Scotiabank
10.2013 - 06.2021
Information Security Analyst
Suncor Energy
02.2012 - 07.2013
MBA – Master of Business Administration - Marketing
Postgraduate Diploma - Banking & Capital Markets
University of Westminster
Advanced Diploma - Information Technology
NetSoft College of Technology