Fariha Rahman

Security Senior Analyst, Information Security Governance                                               Jan 2014- Nov 2017

Accenture 

• Risk Assessment:
  • Conducted risk assessment following NIST Risk Management Framework (RMF), ISO 27001 Risk Assessment Methodology and FAIR (Factor Analysis of Information Risk)
  • Improved the number of risks identified and mitigated by 20%. 
• Information Security Internal and External Audit: 
  • Conducted audits on projects leveraging in-depth understanding of internal controls, business process, application, and IT controls and auditing against best practices like ISO27K, ITGC, NIST. 
  • Supported SOX and SOC2 Audit compliance requirements for 4 of Accenture client's BU.
  • Confirmed the mitigation of internal and external audit findings with 85% observations closed.
  • Passed ISO 27K External Audit by DNV and E&Y with 0 Major findings.
  • Conducted physical infrastructural audits in DC and DR (Data Center and Disaster Recovery). 
• Information Security Control Implementation: 
  • Established PDCA management cycle while implementing ISMS policy in compliance with Accenture Information Security Management Policy 1457.
  • Implemented 50+ Client Data Protection (CDP) controls in the 14 categories of ISO 27001. 
  • Served as a Business Continuity Manager and executed BCM table-top exercise, yearly simulation tests and walkthrough audits for 3 projects. 
  • Implemented Oracle Identity & Access Management which streamlined Access Management System Control. 
  • Achieved Accenture Spot and Industrialization Award for transforming information security practice in Accenture. 

ISO27K and Security+