- Reply rate:
- -
- Availability:
- Hourly ($/hour)
- Age:
- 37 years old
- Location:
- Dhaka, Dhaka, Bangladesh
- Experience:
- 3 years
RESUME
OF
MOHAMMAD SHAHEDUR RAHMAN
Address: 3/9/A, Block-B Lalmatia Dhaka-1207
Mobile: -
E-mail:-
Career Objective:
Ensuring best effort to reach a satisfactory standard in the career. Moreover, to secure a robust
position in IT Audit, Information Security, Governance, Risk and Compliance and Domain by virtue
of educating myself with modern age technology with sincerity, experience and skill.
Career Summary:
Hard-working, detail-oriented, self-motivated, quick learner and like to work at a place/position where
I can incorporate and address my own ideas as well as develop skills at the same time.
Special Qualification:
Certified Information Security Auditor (CISA), Certified Lean Six Sigma Black Belt (CLSSBB),
Certified Blockchain Professionals (CBP), Certified Lead Penetration Tester (CLPTP), Certified
Ethical Hacker (CEH), PRINCE2® Practitioner, ISO 27001 Lead Auditor, ISO 27032 Lead
Cybersecurity Manager, ITIL 2011 Foundation Certified, OCP-DBA 10g.
Employment History:
Total Year of Experience: 8+ Years
1. IT Auditor - Bangladesh e-Government CIRT (January 01, 2019 – June 30, 2019)
LICT Project, World Bank Group
Ministry of Posts, Telecommunication and Information Technology
Major responsibilities:
Reviews IT, operational and business risks, functions and activities, and evaluates client relations
in order to determine and recommend nature, scope, direction, and thrust of proposed audits.
Designs audit procedures to execute the annual audit plan, assess controls and to meet audit
objectives.
Assumes responsibility as project leader for special audit projects and provides advisory and
consulting services to management. Recommends appropriate staffing requirements to complete
the audit. Coordinates and directs activities of assigned auditors: Trains and provides guidance of
auditing tasks and procedures; reviews work for completeness; and submits evaluations on
assigned auditors.
Acts as liaison for internal management, external auditors, external audit clients, and business
associates.
Prepares reports for internal and external company executives. Summarizes audit objectives,
scope, findings, conclusions, and management response. Conducts oral and written presentations
to all levels of management, as appropriate, during and upon the completion of audits. Performs
statistical sampling to accomplish audit procedures. Obtains, analyses and appraises supporting
data utilizing various software applications.
Page 1 of 6
Recommends revisions to audit procedures to enhance efficiencies. Reviews internal controls
throughout the company by evaluating the adequacy of system controls and recommends
improvements.
Performs, Reviews and analyses the control structure, perform walkthrough and testing
procedures, documents testing results that are reviewed by external auditors, and communicates
results to the process owners.
Performs other duties as assigned, for example taking training, conducting seminars, assist in
planning.
List of Projects:
Preparing National IT Audit Framework
PAT Committee member for Tier IV Data Centre Project
Member Secretary of the PAT committee of Secure Email and Establishment of Digital Learning
Centre Project.
IT Audit performs in Bangladesh Police Headquarter.
2. Assistant Vice President (AVP) (November 15, 2016 – December 31, 2018)
Eastern Bank Limited,
Department: Information Security and Risk Management
Major responsibilities:
Assessment and Recommendation of IT Security and Information Security Controls
Monitoring of IT general controls and application controls and its operative effectiveness.
Design and Implementation of comprehensive Information Security Program
Implement Information Security and IT Risk Management framework.
Identify the key risks areas of Information System and Information Technology and Conduct
Information System Security Assessment for Servers, Database, Network, and applications etc.
from Risk perspective.
Identify and documenting ICT Risk Appetite, Risk Tolerance and Key Risk Indicator as per
Regulator Body
Member of IT steering, risk and security Committee to participate in the risk mitigation strategy.
Develop, maintain and enforces the System risk management and Information security risk
management framework or methodology as per Regulator Body.
Monitors compliance of the System risk governance methodology, the System risk management
policies and the Information Security Policy (ICT policy, BC & DRP policy etc.) as per Regulator
Body
Perform pre and post Risk Assessment of all the IT Projects.
Performs system risk and information security risk assessment and gap analysis scheduled
activities for all technologies and technology related functions,
Reviews and verifies the System risk and information security risk related policies, standards and
procedures documentation and highlighting loopholes of Information Security Policy and
enforcement of organization-wide information system security policy and related guidelines,
operating procedures and technical standards.
Perform annual mandatory information security awareness seminars and training to alert
employees to the information security and best practices with the aid of HR.
List of Projects and Applications:
Developing Business Continuity Plan (BCP) for EBL IT Services
Risk Assessment for Core Banking Systems, Card Management Systems.
Risk Analysis and Control Monitoring, IT Security Audit conduct and SPOC of EBL
Page 2 of 6
3. Assistant Manager (February 15, 2015 – November 14, 2016)
KPMG Bangladesh,
Department: IT Advisory (Cyber Security Wing)
Major responsibilities:
System security, Network Security and computer forensics analysis;
Service Level Management (SLM) Consistent interface to the business for all IT service related
issues, feedback on service failure or breaches and taking resolution action;
Preparing RFP and Technical Proposal for the IT Security Audit Projects.
Technology assessment on network design, server management, incident management, network
and system penetration test, vulnerability assessment;
Worked on IT policy/procedure/guideline development as per international standard such as ISO
27001 (for security), ITIL (for service delivery) and COBIT (for governance), which shall also be
in compliance with Bangladesh Banks IT security guideline.
Information Risk Management (IRM) as part of statutory audit.
Information Security Risk Management, Risk analysis by using CCTA Risk Analysis and
Management Method (CRAMM) utilization.
IT System review for financial institutions to evaluate the following controls to ensure that
Information system goals are met and identified risks are mitigated.
Reviewing As Is business processes for General Banking and Credit Administration
Identifying gaps and pain points from the business process and existing system.
Suggesting To be process, process flow designing in MS VISIO & sign off from Business
Process Owner.
List of Projects and Applications:
ASA Microfinance Organization in Bangladesh. (AMMS and ACS)
Omera Petroleum Limited, Bangladesh (Oracle EBS)
Bangladesh Bank, (Central Bank of Bangladesh) (BACH, SAP, CBS)
Bangladesh Bank, (Central Bank of Bangladesh) (IT Security Audit)
Dhaka Bank Limited (IT Security Audit)
NCC Bank Limited (IT Security Audit)
Prime Bank Limited (IT Security Audit)
Brac Bank Limited (IT Security Audit)
Al-Arafah Islami Bank Limited (IT Security Audit)
4. Senior Programmer (ERP) ( January 1, 2014 - February 5, 2015)
IBCS-Primax Software Bangladesh Ltd.
Department: ERP (J.D.Edward and EBS)
Major responsibilities:
Business analysis, Requirement Analysis and solution development for clients.
Vendor management along with Client Management.
Coordination with Project team for any new Business requirement
Acknowledging Business Intelligence Team for any new business Rule
AS-IS and TO-BE document preparing in Inventory and Purchase Module & Documentation
signup.
Manual Process automation and optimization along with enhancement.
Installing and Configuring JDE Standalone Database Demo
Service Level Agreement (SLA) management and Ensuring Compliance
Page 3 of 6
End user training and other consulting services.
Design and Develop Business Solution for Client using Interactive Technical Tools
Maintaining Key Performance Indicator (KPI) within the service.
Database maintenance, security, purging, backup and monitoring.
Capacity planning along with Internal Service Request (ISR) placing and Budget planning.
Database maintenance, security, purging, backup and monitoring.
Application Deployment & Systems Integration
List of Projects and Applications:
GMS Knitting and Composite Limited
Rupali Bank Limited (AS-IS Session)
Teletalk warehouse Management
5. Assistant IT Specialist (October 1, 2012 - December 23, 2013)
IBM Bangladesh Private Limited
Department: Telecom Billing Operation (Airtel Bangladesh Project)
Major responsibilities:
Business analysis, Requirement Analysis and solution development for clients.
Vendor management along with Client Management.
Coordination with Project team for any new Business requirement
Acknowledging Business Intelligence Team for any new business Rule
Service Level Agreement (SLA) management and Ensuring Compliance
Maintaining Key Performance Indicator (KPI) within the service.
Database maintenance, security, purging, backup and monitoring.
Manual Process automation and optimization along with enhancement.
Capacity planning along with Internal Service Request (ISR) placing and Budget planning.
Change Request Management, Incident Management, knowledge management, Problem
management and Documentation Management for trained up Business Users.
Telecom Billing Operation compliance spoke personal and compliance issue management.
List of Projects and Applications:
Prepaid Top-up System (PreTUPS)
Airtel Web Portal Administration
Push Pull SMS Systems
Unified Desktop Applications
6. Junior Business Analyst ( March 1, 2011 - September 30, 2012)
Semicon Private Limited
Major responsibilities:
Business analysis, Requirement Analysis and solution development for clients.
Working with users to formulate and document business requirements.
Identifying, investigating, and analysing business processes, procedures and work practices
Acknowledging Business Intelligence Team for any new business Rule
Service Level Agreement (SLA) management and Ensuring Compliance
Maintaining Key Performance Indicator (KPI) within the service.
Page 4 of 6
Identifying and evaluating inefficiencies and recommending optimal business practices,
Taking responsibility for deploying functional solutions, such as creating, adopting and
implementing system test plans, which ensure acceptable quality and integrity of the system
creating user and training documentation, and conducting formal training classes.
Developing functional specifications for use by system developers using data and process
modelling techniques to create clear system specifications for the design and development of
system software
Acting as a central reference and information source, providing guidance and assistance in the
system project decision making process.
Change Request Management, Incident Management, knowledge management, Problem
management and Documentation Management for trained up Business Users.
Academic Qualification:
Exam
Concentration/
Major
Information System
Security
Institution
Result
Passing
Year
2017
Bangladesh University of
Professionals (BUP)
CGPA –
4.0/4.0
University of Dhaka
CGPA3.70/4.00
CGPA3.17/4.00
2016
HSC
Management
Information System
Computer Science
and Engineering
(CSE)
Science
2005
SSC
Science
Adamjee Cantonment
Public School
GPA5.00/5/00
GPA4.88/5.00
Masters in Information
System Security
(MISS)
Master’s in Business
Administration (MBA)
Bachelor of Science
(BSc)
Bangladesh University of
Engineering and
Technology (BUET)
Notre Dame College
2011
2003
Publications:
(A) Journals
1. Mohammad Shahedur Rahman., “Risk Management in Emerging Online Retail Transactions in
Financial Sectors: In The Context of Cyber Law of Bangladesh”, International Journal Recent and
Innovation Trends in Computing and Communication (IJRITCC) Volume: 7, Issue: 9, Impact Factor: 5.837,
ISSN-. Mohammad Shahedur Rahman., “A Comprehensive Study on ICT Auditing in Bangladesh Bank”,
Working Paper Series on ICT for Development.
Professional Certification:
Certification
Certified Lean Six Sigma Black Belt (CLSSBB)
Certified Blockchain Professionals (CBP)
Certified Information Systems Auditor (CISA)
ISO 27032 Certified Lead Cyber Security Manager
PRINCE2 ® Practitioner
Certified Lead Penetration Tester Professional (CLPTP)
ISO 27001 Lead Auditor
Certified Ethical Hacker
ITIL® Foundation Certificate in IT Service Management
Oracle Certified Profession (DBA-10g)
Institution
IGC
EC-Council
ISACA
PECB
Axelos
PECB
PECB
EC-Council
Axelos
Oracle
Year-
Page 5 of 6
Professional Training:
Supply Chain Management for Non Supply Chain Professionals
Overview of Capability Maturity Model Integration (CMMI) for Development
Overview of Live Quality Management System and Artifacts
Personal Details:
Father's Name
Mother's Name
Date of Birth
Gender
Nationality
Religion
Permanent Address
Current Location
:
:
:
:
:
:
:
:
Late Abdur Rahman
Sayma Rahman
November 25, 1988
Male
Bangladeshi
Islam
3/9/A, Block-B Lalmatia Dhaka-1207
Dhaka
References:
Can be provided on Request.
Page 6 of 6
