Khawaja Faisal Javed

From BCMpedia. A Wiki Glossary for Business Continuity Management (BCM) and Disaster Recovery (DR).
Revision as of 13:51, 29 December 2010 by Fistri (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

 

File:KFJ-new pict-3

Currently working as Manager -Operations & ICT Product Certifications in Systems & Services Certifications with SGS Pakistan (Pvt) Ltd. (a third party Certification Body), having diversified experience of almost 18+ years in field of IT Auditing, ISMS Auditing, ICT infrastructure-Networking-LAN/WAN, IT Security (Firewall/IDS/IPS etc.), System Analysis & Design, BPR, Project management, Datacenter Operations, BCP/DRP Implementation / Auditing, IT Budgeting, IT policies deployment, highly conversant with Internet /Intranet Technologies. Currently the only IRCA, UK registered Lead Auditor / Trainer for ISO27001 ISMS, itSMF, UK approved ISO20000 ITSMS & IRCA,UK Certified BS 25999 BCMS in Pakistan. Well-organized, results oriented individual with Solid management skills, capable of leading & motivating individuals to maximize levels of productivity in a team environments. Exceptional communicator & trainer, focus on building strong client relationships.

Professional / Academic Qualification

• CISA – Certified Information System Auditor – ISACA, USA
• CRISC – Certified in the Risk and Information System Control – ISACA, USA
• IRCA, UK Registered / Certified Lead Auditor ISO 27001 ISMS (# 1181844)
• itSMF, UK Registered / Certified Lead Auditor ISO 20000 IT Service Management
• IRCA Certified / Approved Lead Trainer for BS 25999 Business Continuity (BCMS)
• IRCA Certified / Approved Lead Trainer for ISO 27001 Information Security (ISMS)
• IRCA Certified / Approved Lead Trainer for ISO 20000 IT Service Management (ITSMS)
• IRCA Certified / Approved Lead Trainer for ISO 9001 Quality Management (QMS)
• Lead Auditor ISO 9001 QMS
• Lead Auditor ISO 14001 EMS
• Lead Auditor OHSAS 18001 SMS
• MBA with Specialization in Management Information Systems (MIS)
• Post Graduate Diploma (PGD) in System Analysis & Design and Computer Programming
• MCP - Microsoft Certified Professional– Microsoft Inc, USA

Affiliation / Memberships

• Vice President ISACA-USA, Lahore Chapter (Information Systems Audit & Control Association, USA)
• Member IRCA, UK (Int’l Register of Certified Auditors, UK)
• Member itSMF, UK (IT Service Management Forum, UK)
• Member PMI, USA (Project Management Institute, USA)
• Member BCI (Business Continuity Institute, UK )
• European Quality Certification Institute (EQCI) – Lead QMS Auditor

Additional research / publication work

• Co-developer for the IRCA registered Lead Auditor Training Course on BS 25999 Business Continuity Management Systems (BCMS). And among the three IRCA Certified Trainers for SGS worldwide against this standard.

• Co-author of "ISMS Auditing Guide" - for inclusion into ISO 27007 "Information technology - Security techniques - Guidelines for information security management systems auditing" (An upcoming standard on ISMS Auditing by ISO)

Professional Work Experience

2000–Present Manager Operations / Product manager (ICT products) - SGS Pakistan (Pvt) Limited

Highlights of IT Auditing and Information Security Experience:


Overall Auditing Experience - Conducted 900+ third party Audits against ISO 27001 ISMS, ISO 20000 ITSMS (standard based on ITIL), BS 25999 BCM, BS25777 ITSM, ISO9001 (ISO 90003), ISO10006 (Project management), ISO10007 (Configuration Management), ISO 14001 EMS, OHSAS 18001 SMS.

• IT / ISMS Auditing (International / Local)
Has conducted ISO 27001 / BS 7799 ISMS Audits of diverse sectors like:
GIS / Oil & Gas, PKI Infrastructure, B-to-B Marketplace, SAP systems, Software houses / IT Services companies and BPO/Call Centers, Security Operations Centers, Web Portals etc.

Have the privilege to conduct audit and certify FOURTEEN out of total of 16 Certified organizations in Pakistan till date Aug-2010).

• Auditing Experience against other IS Security standards / frameworks / Regulations:

• ERP Auditing - SAP & Oracle Financials Audit
• E-commerce Applications Auditing
• COBIT – Control Objectives for Information and related Technologies by ISACA, USA
• IT Control Objectives for SOX - Sarbanes Oxley Act, 2002, USA
• PKI - Auditing procedure (Public Key Infrastructure)
• WebTrust for CA Standard (Standard for PKI Certification Authorities)
• IT Control Objectives for Basel II Compliance
• PCI-DSS – Payment Card Industry, Data Security Standard
• TSG - TOYOTA Security Guidelines, Japan (Version # 1.2)
• GAISP (Generally Accepted Information Security Principals) by ISSA, USA.
• GMITS – Guidelines for the Management of IT Security (ISO 13335 part-1 to 5)
• ISF Standard for Good Practice of Information Security, issued by Information Security Foundation, USA.
• ISO 27005: 2008 – Information Security Risk Management Standard
• ISO 31000:2009 – Enterprise Risk Management Standard

1997 - 2000 Project Manager – IT & Management Consultants, Inc. Lahore - Pakistan

1995 – 1997 Operations & IS Manager - Ghafoor Cotton Mills Limited, Lahore

1993 – 1995 Asstt. Manager Overseas Operations – Kohinoor Marketing Services, Lahore
           (Subsidiary: Peregrine Financials, USA)

Other Credentials


Exposure to other ISO Standards -
ISO 27005 – Information Security Risk Management
ISO 27006 – Requirements for the Certifications bodies conducting ISMS Certification Audits
ISO 18028-2 – Network Security Controls
BS 25999-2 – Business Continuity Management System
ISO 24762 – IT Disaster Recovery Management
BS25777:2008 (PAS 77:2006) – IT Service Continuity Management
ISO 15504 (Software Process Improvement)
ITU-T – X.1051 – ISMS-T requirements for Telecommunications
ITU-T - X.805 -Security Architecture for Systems Providing End-to-End Communications
ISO 13335 (Improvement of Management of Information Technology Security)
ISO 10006:1997 – Project Management
ISO 10007:1998 – Configuration Management
ISO 90003 – Requirements of ISO 9001:2000 QMS for Software Industry
ISO/IEC12207: 1995 - Standard for Information Technology —Software life cycle processes
SSE-CMM Process Areas (Assessment of Impact, Threat & Security Risk)
COPC - Working knowledge of COPC standards for the BPO / Call & Contact centres
ISO TR 10013:2003 – Guidance for Statistical Techniques for ISO 9001:2000
ISO 10014:2006 – Financial & Economic benefits from ISO 9001 QMS standard