Hi, I’m
Waseem Akram Fareed CISSP, C|CISO, CEH, ISO27001
Toronto,Canada
Summary
Cyber security professional with 13+ years of experience in risk management, threat mitigation, and compliance with industry standards including NIST, GDPR, HIPAA, and ISO 27001. Skilled in conducting Threat Risk Assessments (TRA), Third Party Risk Assessments (TPRM), Compliance assessments, secure network design, and cloud security. Able to align security initiatives with business objectives and effectively communicate technical insights to stakeholders.
Overview
15
years of professional experience
4
Certification
Work History
ONxpress Transportation Partners
Principal Security Advisor- Cybersecurity Architecture and Engineering
03.2024 - Current
Job overview
- Provides Cybersecurity requirements and guidance for any organization-wide implementations and changes
- Perform Security architecture review for applications, network, and infrastructure
- Established and implemented Cybersecurity Threat Risk Assessment process
- Performed Cybersecurity Threat Risk Assessments
- Participated in designing and implementing enterprise-wide security solutions, including vulnerability management systems, endpoint security tools, and GRC platforms, to align with organizational requirements.
- Oversee internal and external application penetration testing and vulnerability assessments for critical systems, collaborate with penetration testers and project teams, and ensure timely remediation of identified vulnerabilities.
Tata Consultancy Services
Senior Cyber Security Consultant
02.2016 - 03.2024
Job overview
- Analyze organization's cybersecurity posture, including its technology stack, policies, and procedures
- Conduct comprehensive cybersecurity risk assessment to understand existing vulnerabilities, threats, and weaknesses
- Involved in creating enterprise security standards and risk management team process workflows
- Define information security policies, procedures, and guidelines
- Provided consultation in developing and implementing ongoing third-party security due diligence processes
- Recommend mitigating controls aligned with organization standards to reduce cyber risks effectively
- Provide security requirements for any new technology implementation in organization
- Developed and executed risk assessment frameworks and methodologies, including control evaluations, vulnerability assessments, and compliance checks
- Review and negotiate information security contracts, including data processing agreements, service level agreements, and vendor contracts
- Establish KPIs and KRIs for Third-party Risk Management to assess effectiveness and identify improvements (e.g., Vendor Risk Assessment Turnaround Time, Vendor Compliance Rate, Due Diligence Completion Rate, and risk mitigation timelines)
- Conduct a quality review of the Third-party security risk assessments completed by team members and provide final approval
- Perform information security Threat Risk Assessment (TRA) and advise on risk mitigations of the Cloud Infrastructure and Applications
- Led a TCS team of 3 members, drove them to complete their security assessments, and mentored them in performing their tasks
- Client: IGM Financial, Canada
Miramed Ajuba
Junior Executive Information System Security
10.2011 - 01.2016
Job overview
- Company Overview: India
- Develop, implement, and manage the organization's ISMS in alignment with relevant standards (e.g., ISO 27001)
- Led the Information Security Task Force Team (30 members team from different business units of the organization) to perform security spot checks and system audits
- Identify security risks and vulnerabilities and develop strategies for risk mitigation
- Examine the organization's overall architecture, including network topology, data storage mechanisms, communication protocols, and components
- Identify potential attack surfaces and entry points for attackers
- Perform security risk assessments/control gap assessments for entire organization operations
- Conducting PCI DSS, and ISO 27001/HIPAA Audits, for the core operations team (US Health Revenue Cycle Management) and Internal Corporate support functions (HR, IT, and Admin Teams)
- Create internal audit reports and follow up for closure of non-conformities.
- Coordinating with independent third-party auditors for ISO 27001:2013, SOC 1 Type II, SOC 2 Type II, and HIPAA certifications
- Responsible for Handling Information Security Incident Analysis and preparing investigation reports
- Coordinate with third-party penetration testing team to perform Vulnerability assessment and Penetration testing for the organization's infrastructure and applications.
Wipro Infotech
Helpdesk Engineer
05.2010 - 10.2011
Job overview
- Company Overview: Contract
- Worked in Contact Center Technology and managed CISCO/NORTEL/AVAYA PABX system
- Managed Aspect Unified Communication system for automatic call distributions for Contact Centre
- Configuring Grand Stream, SNOM IP phones
- Managing backend database of Aspect, Avaya, and calling systems and generating various reports
- Taken care of Call routing and IVR designing
- ManagedPRI lines and handled issues during link fluctuations
- Contract
Education
University of MadrasChennai, Tamilnadu
Bachelor of Science from Computer Science
01.2010
Skills
Cyber Security Frameworks: ISO 27001 and 27002 and NIST Cyber Security Framework (CSF)
GRC: Design cybersecurity strategies, GRC Policy and Standard Development; KPIs and KRIs for Security Performance Measurement, Contract Negotiations
Compliance: PCI DSS, GDPR, HIPAA, PIPEDA, CCPA, OSFI (Technology and Cyber Risk Management Guidelines), SSAE 18 SOC1 and SOC 2, CSA Cloud Control Matrix, and CIAQ Cloud Controls
Cloud Security Knowledge: Experienced in performing risk assessments for applications hosted in Microsoft Azure, AWS, and GCP
Application Security/Software Development Security: Penetration testing, Vulnerability Assessment, SDLC Methodologies, Secure DevOps, and Software Security Testing
Network Security: OSI Models, Network devices (Firewalls, IDS/IPS), SIEM, DLP, DNS, HTTPS & VPN Technologies
GRC Tools: RSA Archer and Service Now
Team leadership and supervision
Languages
English
Full Professional
Certification
- Certified Information Systems Security Professional (CISSP) (ISC2)
- Certified Ethical Hacker (EC Council)
- Certified Chief Information Security Officer - Associate (EC Council)
- ISO 27001:2013 Lead Implementer
Timeline
Principal Security Advisor- Cybersecurity Architecture and Engineering
ONxpress Transportation Partners
03.2024 - Current
Senior Cyber Security Consultant
Tata Consultancy Services
02.2016 - 03.2024
Junior Executive Information System Security
Miramed Ajuba
10.2011 - 01.2016
Helpdesk Engineer
Wipro Infotech
05.2010 - 10.2011
University of Madras
Bachelor of Science from Computer Science
Similar Profiles
Raymond Fraig, PhD, P.Eng.Raymond Fraig, PhD, P.Eng.
Risk Manager (Heavy Civils) at ONxpress Transportation PartnersRisk Manager (Heavy Civils) at ONxpress Transportation Partners
MASHHOOD (MASH) KHANMASHHOOD (MASH) KHAN
Survey Project Manager at ONxpress Transportation PartnersSurvey Project Manager at ONxpress Transportation Partners
Andrew CampbellAndrew Campbell
Survey Supervisor at Onxpress Transportation PartnersSurvey Supervisor at Onxpress Transportation Partners