Tauseef Aslam

Tauseef Aslam CISO | Head of Information Security | DPO | GRC Advisor | Security Architect & Program manager CONTACT ME --linkedin.com/in/tauseefaslam Karachi, Pakistan EDUCATION Accomplished Chief Information Security Officer (CISO) with 15+ years of extensive experience across multiple industries digital, banking, telecommunications, and ICT sectors. Demonstrated expertise in Cyber Security leadership, Security Architecture, Security GRC, Data protection, Security Strategy & action plans, Maturity models, Security transformation programs, Zero trust architecture; and security culture. Served as CISO for UBL Pakistan, UBL UAE, UBL Qatar, and UBL Bahrain—a prominent commercial bank with a strong digital footprint and 15,000+ employees serving over 11 million customers in Pakistan and the Gulf region. Former CISO for Telenor Pakistan, overseeing security for an organization with over 1,500 employees and 49 million customers. Also held the role of Cluster Business Security Officer (vCISO) for Emerging Asia Telenor. Committed to continuous professional development, holding 10+ internationally recognized certifications, including CIPP/E, SABSA, CISSP, CCSK, CISM, CRISC, CISA, and CEH. In addition to my professional roles, I actively contribute to the cybersecurity community through volunteer positions as President of ISC2 Islamabad Chapter, General Secretary of CSA-PK, Director at ISACA Islamabad Chapter, and CISO Forum member. WORK EXPERIENCE Executive Vice President May 2022 - Present CISO UBL l Pakistan CISO for UBL Pakistan & UBL UAE, Qatar, and Bahrain. Building trust for 11 million customers in digital & traditional banking with Cyber Security & Data protections. Successfully developed and implemented a comprehensive information security strategy and action plan to achieve regulatory & international standard compliance. Successfully lead implementation of number of security initiatives, including a PCI DSS, ISO 27001 compliance. Maintained a strong compliance posture with industry regulations, such as NESA, ETGRM, Swift etc. Cluster Business Security Officer (CISO) 2020 - 2022 M.S Computer Science Telenor l Asia University of Engineering and Technology, Lahore IIt was a SecurityLeadership (vCISO) role reporting to Group CISO of Telenor. Security Leadership role for Emerging Asian Business units of Telenor and core member of Telenor GroupSecurity management team. Ensured effective collaboration among security functions of Asian business units to achieve Security KPI’s for the Asia cluster like culture, defendable security architecture.. 2005 - 2008 B.Sc. (HONS) Computer Science University of Engineering and Technology, Lahore 1999 - 2003 CERTIFICATIONS Business Security Officer (CISO) 2013 - 2022 Telenor l Pakistan It was Security Leadership(CISO) role for Telenor Pakistan, reporting to CTO and Group CISO of Telenor Group. Delivered many important regional and domestic projects and accomplished career growth four times during my stay at Telenor. As a custodian of Security Policy key role was to ensure a high standard of cyber security, uplifitng security baseline and establishing a secure architecture, compliance with regulatory and international security standards with the help of head of Security GRC, Head of SOC, head of physical security & head of service fraud. Kept management abreast of security risks to business, and continually transform security strategy to manage the cyber security risks. Notably improved & maintained a high performing team to achieve KPI with good engagement and enablement. Head of IT & IS Compliance 2010 - 2013 ZED GROUP, AEDesign (Pvt) Ltd l Lahore, Pakistan Led and delivered the ISMS ISO 27001 certification project. Managed the IT service desk and delivered customer-oriented support. Led multiple technology enrichment projects to improve IT security and availability. Conducted security audits and assessments based on ISO 27001. Delivered a training program to cross-train my team and remove personal dependencies. SKILLS Leadership and Management skills Security Architecture & Advisory Data Governance Business acumen Enterprise GRC & regulatory compliance Planning and strategic management Cyberwarfare and Incident Response Communication and Presentation Strategic Thinking Vendor and Third-Party Management Continuous learning appetite Emerging Technology Awareness Critical Thinking & Problem solving. FACILITATOR Facilitated corporate trainings and workshops. CISA Ministry of IT). CISSP workshop (Ericsson). CCSK (Oracle UK & France) Data privacy & protection workshop (NUST) Ethical Hacking (UET Peshawar) Security Awareness for end users. TRAINING AND WORKSHOPS Leadership skills Trainings: Strategy execution program (SEP2.0) by INSEAD Business School. Strategy execution program (SEP) 3.0 by Deloitte, Accelerate Expert Program by Telenor Academy, Leadership workshop by Schuitema institute, Advanced Presentation skills, RED ways, Communication for Success. Technical Trainings: Generative AI Security. Advance concepts in Infrastructure security design & architecture (CCIE Security 5.0). Software Defined Networks (Nuage, Cisco ACI). Zero Trust Security Architecture. TOGAF (The Open Group Enterprise Architecture) PCI DSS (v3.2) by PCI Council. WAF - BIG IP/F5 & Imperva. HP ArcSight (SIEM solution) & SPLUNK. Web application Security testing. Digital Forensic. ISO 27001 LA and LI. CCNA, Advance Linux, MCSE 2003, Ethical Hacking Workshop. Assistant Manager, IT/IS 2006 - 2010 Confidential l Islamabad A people manager role in IT & Security. Assistant Network Admin 2004 - 2005 WORLDCALL l Lahore Pakistan Successfully maintained setup IT infrastructure on windows/Linux. VOLUNTEER EXPERIENCE President, (ISC)² Islamabad Chapter 2021 – 2023 Leadership role to establish the chapter and promote security awareness under chapter bylaws. General Secretary, CSA PK, Cloud Security Alliance 2016 – 2020 As volunteer run affairs of CSA Pk chapter and promote awareness on cloud & security. Cofounder | Member Core Council, CISO Forum 2020 – present A Security leadership driven platform (NPO), enabling Modern Enterprises and Nations. Director Marketing | ISACA Islamabad Chapter 2014 – 2020 As a volunteer, run affairs of ISACA Islamabad chapter and promote chapter activities. PROJECTS Security Transformation & Security Architecture Led the security transformation for Telenor's enterprise network, developing a defendable security architecture based on zero trust security for enterprise IT and EasyPaisa mobile banking platforms. this project involved Cisco, Microsoft, Oracle, MSSP’s among others key solution and suppliers. Worked as central security lead and security Architect for all Asian Business Units of Telenor in core network transformation program; building a private cloud using OpenStack to run core telecom function using NFV and ensuring security by design to achieve a defendable security architecture. Risk Assessment & Reviews Led the security agenda in digital transformation of core banking solutions using Openshift and Temenos technologies and ensured a robust security architecture to derisk the UBL digital journey. Conducted security risk assessments, control design reviews, and security audits of the EasyPaisa mobile banking transformation project. Led the review and audits of fintech systems, including EasyPaisa. Risk assessment of 100+ projects and initiatives in career, including ISO 31000. Incident Responce Managed a crucial incident response project for handling advanced threats, detection, containment and eviction. This project involved detailed analysis of threat actors, key design & architecture vulnerabilities and gradually uplifting the baseline for successful incident response. Security Advisor Served as security lead & advisor for multiple projects, including mobile banking transformation, CRM, CC, DWH modernization, digital consolidation and e-commerce, payroll management system. Regulatory compliance and standarization Delivered the ISMS ISO 27001 certification project from scratch to certification in multiple organizations. PCI DSS, SWIFT, NESA (UAE), ETGRM (SBP), CTDISR (PTA), NIST etc. Infrastructure Security Deployed technical solutions such as DLP, endpoint protection, virtualization, and IT service desk, Nexty genertion firewall, IPS, Tier III data centre etc.