You will get ISO 27001:2022 readiness and gap analysis support
Rising Talent

Rising Talent

Project details
This engagement delivers a comprehensive ISO/IEC 27001:2022 readiness assessment for your organisation — identifying where you stand today, what gaps exist, and exactly what needs to be done to achieve certification.
Delivered by a certified ISO/IEC 27001 Lead Auditor (PECB) and CISA with direct implementation experience, including the full deployment of GTI's Pathfinder information security platform at a Grant Thornton International member firm.
What you receive: ► Full gap analysis against ISO 27001:2022 requirements and controls ► Each gap rated by severity — critical, major, or minor ► Specific remediation recommendation per gap ► Overall readiness score ► Prioritised 30/60/90-day action plan ► Phased certification roadmap ► One review call to walk through findings and answer questions
This engagement does not include ISMS documentation writing or implementation — it is an assessment and roadmap. Implementation support is available as a separate engagement.
Ideal for organisations that are beginning their ISO 27001 journey, preparing for a certification audit, or need an independent view of their current security posture before committing to a full implementation programme.
Delivered by a certified ISO/IEC 27001 Lead Auditor (PECB) and CISA with direct implementation experience, including the full deployment of GTI's Pathfinder information security platform at a Grant Thornton International member firm.
What you receive: ► Full gap analysis against ISO 27001:2022 requirements and controls ► Each gap rated by severity — critical, major, or minor ► Specific remediation recommendation per gap ► Overall readiness score ► Prioritised 30/60/90-day action plan ► Phased certification roadmap ► One review call to walk through findings and answer questions
This engagement does not include ISMS documentation writing or implementation — it is an assessment and roadmap. Implementation support is available as a separate engagement.
Ideal for organisations that are beginning their ISO 27001 journey, preparing for a certification audit, or need an independent view of their current security posture before committing to a full implementation programme.
Cybersecurity Expertise
Data Protection, Risk Assessment, Gap AnalysisCybersecurity Regulation
ISOWhat's included
| Service Tiers |
Starter
$299
|
Standard
$899
|
Advanced
$1,599
|
|---|---|---|---|
| Delivery Time | 5 days | 15 days | 30 days |
Compliance Plan | |||
Gap Analysis | - | ||
Implementation | - | - |
Optional add-ons
You can add these on the next page.
Fast Delivery
+$150 - $600About Amjad
FCA (Chartered Accountant) | CISA | ISO27001
Dhaka, Bangladesh - 7:52 pm local time
I am a Fellow Chartered Accountant (FCA), Certified Information Systems Auditor (CISA), and ISO/IEC 27001 Lead Auditor with 25+ years of progressive experience across Big 4-affiliated audit practices, capital markets, and cross-border advisory. This combination is rare. It means I can lead a statutory audit, conduct an IT general controls review, design an information security management system, and advise on digital transformation — not as separate specialists, but as one person who understands how all four connect.
What sets my profile apart beyond credentials is demonstrated technical capability. I have designed and built a full-stack cloud-based Practice Management System for a CA firm — six integrated modules on React and Supabase/PostgreSQL, with multi-role access control and real-time workflows. I have published free professional audit tools (materiality, sampling, fee, and PIE calculators) used by practising accountants. This is not advisory from a distance. It is applied capability at every level.
WHAT I DELIVER FOR MID-SIZE COMPANIES:
► IT Governance & IS Audit — CISA-led IT general controls reviews, cybersecurity compliance assessments, and digital forensics readiness. Experience includes IT General Controls review of Bangladesh Bank and the Global Cybersecurity Compliance Review of Grant Thornton Philippines under GTI's international programme.
► SOC 1 Type 2 / ISAE 3402 — Independent attestation of internal controls for service organisations. Delivered as engagement partner, including a full SOC 1 Type 2 attestation for ReCom Consulting Limited covering the calendar year 2023.
► ISO/IEC 27001 — Implementation and audit of information security management systems. Lead Implementer of GTI's Pathfinder information security platform at Grant Thornton Bangladesh, achieving full compliance with GTI's global standards.
► Business Valuation — Business, property, and employee benefit valuations (IAS 19, IFRS 13) for investors, transactions, and financial reporting. Delivered for banks, listed entities, and institutional investors.
► Risk & Internal Audit — IIA-standard internal audit engagements with integrated IT risk assessment using CISA methodology. Available as a single-cycle engagement or ongoing retainer.
► Financial Advisory & IFRS — IFRS implementation, financial due diligence, and CFO-level advisory. Former Head of Finance and Company Secretary at Southeast Bank Capital Services Limited with full CFO remit across a licensed merchant bank.
► Digital Transformation Advisory — Vendor-neutral technology advisory for finance functions and professional services firms, grounded in direct system-building experience rather than theory.
CREDENTIALS & MEMBERSHIPS:
Fellow Chartered Accountant — ICAB | CISA — ISACA, USA | ISO/IEC 27001 Lead Auditor — PECB | FRC Enlisted Auditor (Credential: CA-001-093) | Certified VAT Consultant — NBR Bangladesh | Registered PES — ACCA | Member — IIA, USA
I work with mid-size companies that need senior-level expertise without the overhead of a Big 4 engagement. Every project is led by me personally — not delegated to a junior team.
Available for both hourly and fixed-price engagements. Happy to discuss the scope on an introductory call.
Steps for completing your project
After purchasing the project, send requirements so Amjad can start the project.
Delivery time starts when Amjad receives requirements from you.
Amjad works on your project following the steps below.
Revisions may occur after the delivery date.
Kick-off & scoping call
We align on your organisation's scope, boundaries, key assets, and certification objectives. I review any existing documentation you have provided before the call.
Documentation review
I review your existing policies, procedures, access controls, and any prior audit findings to understand your current information security baseline.