Upwork home
Sign Up
Secondary
Shahzad Rana Y.

Shahzad Rana Y.

KarachiPakistan
Job Success
Top Rated

CISSP, CDPSE, & CISA Certified Senior Info Sec & Compliance Consultant

I am certified and experienced IT professional. Over the past 15 years, I have accumulated a vast range of experience which entails me to tackle most IT situations. My core area is assessment of internal control environment for information systems and critical IT processes; evaluating system of internal control and risk management; pre & post implementation reviews; security reviews of operating system, database and applications/ERP(s). I have specialized in information and cybersecurity management and compliance, IT security risk, IT audit and policy writing with 15 years of experience (CISA, CDPSE and CISSP certifications), and proven ISO 27001 Lead Implementation practice. I can help organizations with ISO 27001, SOC 2, HIPAA, and PCI-DSS compliance framework implementation identifying the best solutions and managing the whole process (requirements identification, solution selection, implementation, documentation, certification). If your company need to update its policies and procedures or need to create new ones for: - a due diligence process/RFP security questioner, - you want to be compliant for regulatory reasons (PCI-DSS, GDPR, CCPA, HIPPA,) - you are aiming at security certification (ISO 27001, SOC 2, HITURST CSF, HIPAA IRAP, FEDRAM, GDPR), - you just would like to level up your maturity in the security domain - simply just would like to consult and get informed of security best practices and need professional advice. Please don't hesitate to contact me! My skills in Information (IT) and Cybersecurity includes: - Information Security Policies based on NIST guidelines or ISO 27001 including Incident Response Plan, Acceptable Use, Encryption Policy, Risk management, Audit logging, and monitoring policy, User account and access management, Asset management, Data Classification, Change Management, Vulnerability and patch management, Asset Disposal, Third-party Management, Security Configuration, and many more. - Business Continuity Planning and Disaster Recovery Planning (BCP, DRP), PIA & TRA, investigating cyber and information security incidents, - Policy reviews, GAP analysis, - IT audit - Risk assessment, - Evaluation of operation/technology/procedure against current industry best practices or regulatory requirements. - Information security awareness training and training material - Compliance specific training (GDPR, SOC2, NIST. RISK management). My Certifications: CISSP - Certified Information Security Professional - Certification No 302621 CISA - Certified Information System Auditor - Certification No 161318 83 ITIL Foundation, CBAP - Certified Business Analysis Professional As a Project Manager some of the solution technologies I have managed the projects on AWS, GCP, Unix, Linux, Oracle, CISCO, Solarwind, Windows Server Tools: Pen-testing/InfoSec Tools: Kali Linux, Acunetix WVS, Nmap and Metasploit pro SIEM: ManageEngine, Solarwind , OSSIM Project Management: MS project, Asana, JIRA, Slack and ZenDesk Office tools: Google Docs, Drop box, and office 365 Specialties.
Rating is 5 out of 5.
5.00 Oct 6, 2021 - Nov 15, 2021
Private earnings
Rating is 5 out of 5.
5.00 Oct 14, 2020 - Jan 16, 2021

"Excellent work. Will work with him again"

Private earnings
Rating is 2.8 out of 5.
2.80 Aug 15, 2020 - Dec 29, 2020

"Missed deadlines he set himself on multiple occasions."

"Client is supportive but unfortunately corona virus hit my immediate family members within timeframe of 3 months. missed deadlines in existing milestone and refunded full amount."

Private earnings
Rating is 5 out of 5.
5.00 Aug 8, 2020 - Oct 17, 2020

"Excellent thanks."

Private earnings
Rating is 5 out of 5.
5.00 Nov 19, 2019 - Dec 3, 2019

"Very prompt with great communication. Thanks Shahzad!"

Private earnings
Rating is 4.85 out of 5.
4.85 Feb 26, 2019 - Jul 2, 2019

"Shahzad has helped us with constructing learning material for IT-related subjects. He has done the work very professionally, and was cooperative and willing to make any required changes. It was a pleasure working with him and I'd highly recommend his services."

Private earnings
Rating is 1.4 out of 5.
1.40 Sep 15, 2017 - Oct 19, 2017
Private earnings
Rating is 4.8 out of 5.
4.80 Oct 25, 2016 - Oct 27, 2016

"Great"

Private earnings
Jan 25, 2015 - Oct 27, 2016

No feedback given

Private earnings
Apr 4, 2015 - Jul 24, 2015

No feedback given

Private earnings
Shahzad Rana Y. has more jobs. Create an account to review them

Portfolio

• ORIX IT Data Centre design and re-build project with logical, Physical & Environmental standards
ORIX Data Centre
• Integration and implementation of Tier-3 Network Infrastructure (wired and wireless) along with layered security on country ORIX network wide (36 locations)
Tier-3 Network Infrastructure (wired and wireless)
Want to see more? Create Account

Skills

Shahzad Rana Y.

Shahzad Rana Y.

KarachiPakistan
Job Success
Top Rated
99
Total Jobs
546
Total Hours

View profile

CISSP, CDPSE, & CISA Certified Senior Info Sec & Compliance Consultant

Specializes in
I am certified and experienced IT professional. Over the past 15 years, I have accumulated a vast range of experience which entails me to tackle most IT situations. My core area is assessment of internal control environment for information systems and critical IT processes; evaluating system of internal control and risk management; pre & post implementation reviews; security reviews of operating system, database and applications/ERP(s). I have specialized in information and cybersecurity management and compliance, IT security risk, IT audit and policy writing with 15 years of experience (CISA, CDPSE and CISSP certifications), and proven ISO 27001 Lead Implementation practice. I can help organizations with ISO 27001, SOC 2, HIPAA, and PCI-DSS compliance framework implementation identifying the best solutions and managing the whole process (requirements identification, solution selection, implementation, documentation, certification). If your company need to update its policies and procedures or need to create new ones for: - a due diligence process/RFP security questioner, - you want to be compliant for regulatory reasons (PCI-DSS, GDPR, CCPA, HIPPA,) - you are aiming at security certification (ISO 27001, SOC 2, HITURST CSF, HIPAA IRAP, FEDRAM, GDPR), - you just would like to level up your maturity in the security domain - simply just would like to consult and get informed of security best practices and need professional advice. Please don't hesitate to contact me! My skills in Information (IT) and Cybersecurity includes: - Information Security Policies based on NIST guidelines or ISO 27001 including Incident Response Plan, Acceptable Use, Encryption Policy, Risk management, Audit logging, and monitoring policy, User account and access management, Asset management, Data Classification, Change Management, Vulnerability and patch management, Asset Disposal, Third-party Management, Security Configuration, and many more. - Business Continuity Planning and Disaster Recovery Planning (BCP, DRP), PIA & TRA, investigating cyber and information security incidents, - Policy reviews, GAP analysis, - IT audit - Risk assessment, - Evaluation of operation/technology/procedure against current industry best practices or regulatory requirements. - Information security awareness training and training material - Compliance specific training (GDPR, SOC2, NIST. RISK management). My Certifications: CISSP - Certified Information Security Professional - Certification No 302621 CISA - Certified Information System Auditor - Certification No 161318 83 ITIL Foundation, CBAP - Certified Business Analysis Professional As a Project Manager some of the solution technologies I have managed the projects on AWS, GCP, Unix, Linux, Oracle, CISCO, Solarwind, Windows Server Tools: Pen-testing/InfoSec Tools: Kali Linux, Acunetix WVS, Nmap and Metasploit pro SIEM: ManageEngine, Solarwind , OSSIM Project Management: MS project, Asana, JIRA, Slack and ZenDesk Office tools: Google Docs, Drop box, and office 365 Specialties.
Rating is 5 out of 5.
5.00 Oct 6, 2021 - Nov 15, 2021
Private earnings
Rating is 5 out of 5.
5.00 Oct 14, 2020 - Jan 16, 2021

"Excellent work. Will work with him again"

Private earnings
Rating is 2.8 out of 5.
2.80 Aug 15, 2020 - Dec 29, 2020

"Missed deadlines he set himself on multiple occasions."

"Client is supportive but unfortunately corona virus hit my immediate family members within timeframe of 3 months. missed deadlines in existing milestone and refunded full amount."

Private earnings
Rating is 5 out of 5.
5.00 Aug 8, 2020 - Oct 17, 2020

"Excellent thanks."

Private earnings
Rating is 5 out of 5.
5.00 Nov 19, 2019 - Dec 3, 2019

"Very prompt with great communication. Thanks Shahzad!"

Private earnings
Rating is 4.85 out of 5.
4.85 Feb 26, 2019 - Jul 2, 2019

"Shahzad has helped us with constructing learning material for IT-related subjects. He has done the work very professionally, and was cooperative and willing to make any required changes. It was a pleasure working with him and I'd highly recommend his services."

Private earnings
Rating is 1.4 out of 5.
1.40 Sep 15, 2017 - Oct 19, 2017
Private earnings
Rating is 4.8 out of 5.
4.80 Oct 25, 2016 - Oct 27, 2016

"Great"

Private earnings
Jan 25, 2015 - Oct 27, 2016

No feedback given

Private earnings
Apr 4, 2015 - Jul 24, 2015

No feedback given

Private earnings
Shahzad Rana Y. has more jobs. Create an account to review them

Portfolio

• ORIX IT Data Centre design and re-build project with logical, Physical & Environmental standards
ORIX Data Centre
• Integration and implementation of Tier-3 Network Infrastructure (wired and wireless) along with layered security on country ORIX network wide (36 locations)
Tier-3 Network Infrastructure (wired and wireless)
Want to see more? Create Account

Skills

Less than 30 hrs/week

Browse similar freelancers

Sign up to discuss your project with Shahzad Rana Y.