About Rana Khan:
As an accomplished GRC Analyst with a proven track record of 5 years, I bring a wealth of robust expertise in IT governance analysis, risk management, and agile project management to the table.
Experience
As an accomplished GRC Analyst with a proven track record of 5 years, I bring a wealth of robust expertise in IT governance analysis, risk management, and agile project management to the table. Major achievements include:
- Collaborated with cross-functional teams to gather requirements for GRC tools, ensuring alignment with business objectives and achieving a 25% improvement in risk assessment accuracy
- Consistent success in implementing risk management strategies, conducting detailed assessments, and offering actionable mitigation recommendations resulting in a 30% reduction in potential threats
- Streamlined security risk management processes by introducing standardized procedures and documentation
- Implemented security controls and best practices, ensuring compliance with regulatory requirements (PCI-DSS, GDPR) demonstrating mastery of NIST CSF, 800-53, MITRE & Cyber Threat Intelligence Frameworks
- Applied dashboarding tools such as Power BI and Tableau to visualize risk assessment data, enabling stakeholders to make informed decisions and resulting in a 50% improvement in data-driven insights
CERTIFICATIONS
|
|
|
|
|
|
|
|
CORE COMPETENCIES
Security Governance I Risk Management I Requirement Gathering I Stakeholder Management I Vendor Selection I Agile Project Management I NIST Frameworks & Compliance Tools I Gap Analysis I Microsoft Power BI I Tableau
CYBERSECURITY EDUCATION PUBLICATIONS
Authored multiple online articles at medium.com/@Rana.Khan to distil complex cybersecurity concepts into user-friendly information for diverse audiences and business sectors:
- Improving Cybersecurity Posture with the NIST Cybersecurity Framework
- Cyber Risk Awareness: How Businesses Can Protect and Grow
- Threat and Risk Assessment: A Vital Element of Security Management
- Mitigating Cyber Risk, Maximizing Security
- Quantitative vs Qualitative Risk Analysis: Which is More Effective?
PROFESSIONAL EXPERIENCE
Cyber Security Analyst | The Fields Institute for Research in Mathematical Sciences 01/2023 - 03/2023
Toronto, Canada | Internship
- Conducted thorough gap analysis to identify areas of improvement in existing risk assessment practices, resulting in a 25% enhancement in risk identification and mitigation
- Utilized strong understanding of security risk management processes to effectively identify and prioritize risks, resulting in a 30% reduction in potential vulnerabilities
- Collaborated with the stakeholders to develop strategies for continuous improvement in risk assessment practices
- Conducted comprehensive risk assessments using NIST frameworks (NIST CSF and NIST 800-53), resulting in the identification and mitigation of critical security risks
IT Governance Analyst | World Vision 01/2022 - 03/2022
Toronto, Canada | Internship
- Proactively monitored and analyzed emerging cyber threats and vulnerabilities, keeping the Information Security team up to date with best practices, resulting in a 40% reduction in potential security incidents
- Managed gap analysis of current risk assessment practices, identifying areas for improvement and implementing remediation strategies that resulted in a 25% increase in risk assessment effectiveness
- Analyzed project risks and controls, identifying potential vulnerabilities and implementing risk mitigation strategies
- Assisted in the development and execution of business continuity and disaster recovery plans
IT Project Manager | Al Safi Danone Co. Ltd 09/2016 - 01/2021
Riyadh, Saudi Arabia | Full-time
- Applied agile and waterfall methodologies to plan, execute, and control multiple, large-scale initiatives on time and within budget for a diverse roster of clients
- Successfully assessed and led the implementation of new GRC tools, resulting in a revamped risk assessment practice for the Information Security group accomplishing a 40% improvement in efficiency
- Led a team of eight members to successfully implement a cyber defence strategy that reduced breaches by 85% through ongoing threat analyses and risk assessments of the organization’s IT systems
- Conducted ongoing technical evaluations of multiple vendor proposals and contributed to final vendor selection to help the organization achieve a cost savings of 20% per year
GRC Analyst | The Centennial Fund 04/2015 - 08/2016
Riyadh, Saudi Arabia | Full-time
- Conducted comprehensive assessment of new GRC tools, analysing their capabilities and aligning them with the needs of the Information Security group, resulting in bringing a 30% improvement in risk assessment practices
- Developed and maintained comprehensive documentation of risk assessment processes, ensuring audit readiness and achieving a 30% improvement in regulatory compliance
- Coordinated negotiations with dozens of vendors to secure contracts for remote access systems that satisfied key requirements at optimal prices to save the organization approximately $0.7 million per year
- Shepherded security awareness training sessions for employees, promoting a culture of security best practices
Education
EDUCATION & TRAINING
Accelerated Cybersecurity Program (Certificate) | University of Toronto 01/2023
Specialization: Governance, Risk and Compliance I Network Security I Offensive & Defensive Security
AWS re/Start Graduate Program (Certificate) | Amazon Web Services 05/2022
Specialization: Analytics & Databases I Cloud Computing I Enterprise Applications
Data Analytics for Business Decision Making (Graduate Certificate) | Durham College 08/2021
Specialization: Data Management I Statistical & Predictive Modelling I Ethical Leadership
Workplace Communication for IT Professionals (Certificate) | Toronto Metropolitan University 01/2022
Specialization: Stakeholder Management I Ethical Leadership I Conflict Resolution
Bachelor of Commerce (B.Comm.) | University of Agriculture 08/2004
Specialization: Business Management I Banking & Finance I Report Writing
Professionals in the same Technology / Internet sector as Rana Khan
Other users who are called Rana
Jobs near Toronto, Ontario
-
Seafood Clerk
4 days ago
Loblaw Companies Mississauga, Canada Part timeReferred applicants should not apply directly to this role. · All referred applicants must first be submitted through Workday by a current Loblaw Colleague. · Come make your difference in communities across Canada, where authenticity, trust and making connections is valued – as w ...
-
Working flair bartender
5 days ago
EightSix Network Inc Toronto, ON, CanadaJob Summary: · Join our team at a premium cocktail bar in the heart of Toronto, where mixology is an art form and innovation knows no bounds. We are seeking a passionate and talented Mixologist to craft extraordinary cocktails, tantalize taste buds, and create unforgettable expe ...
-
Specialist Solutions
6 days ago
Independent Electricity System Operator Toronto, Canada Full timeThe opportunity: · Provide life cycle management of information technology solutions to the core components of IESO business related to operating the IESO Administered Markets, providing reliable operation of the electrical system (IESO controlled grid), and other corporate requi ...