profile-img

Irshad Irfan

Risk Advisory Senior Analyst at Deloitte Touché Tohmatsu Limited

Colombo, Sri Lanka

Work Experience

  • Risk Advisory Senior AnalystFull Time

    Deloitte Touché Tohmatsu Limited

    Feb 2020 - Present -5 yrs, 4 months

    Sri Lanka , Colombo

    • Job Details:IT policy, control design and risk identification/mitigation reviews. • Business process mapping and analyzing to identify the risk areas. • Cloud security configuration review and cloud secure matrix reviews. • Data migration post implementation review covering application functionality controls review. • SOD and Access privilege review • Standard and custom reports integrity, accuracy and completeness testing. • Database (SQL), operating systems / platforms (UNIX) and network configuration and security reviews. • Data convention review including data quality and integrity reviews. • Identify weaknesses in the system and create action plan to prevent security breaches • ITGC and application control review. • Plan internal and external audit procedures and create audit reports. • Business process review and revenue cycle analytics.

  • Security EngineerFull Time

    Exodynamic Technologies

    Aug 2017 - Feb 2020 -2 yrs, 6 months

    Sri Lanka , Colombo

    • Job Details:Planning, implementing, managing, monitoring and upgrading security measures for the protection of the organizations data, systems and networks. • Troubleshooting security and network problems. • Responding to all system and/or network security breaches. • Ensuring that the organization's data and infrastructure are protected by enabling the appropriate security controls. • Participating in the change management process. • Testing and identifying network and system vulnerabilities. • Daily administrative tasks, reporting and communication with the relevant departments in the organization.

  • Security EngineerInternship

    ICore Technology

    Jan 2017 - Aug 2017 -7 months

    • Job Details:Mobile Applications and Web Application Audit • Investigate arising incidents caused by malicious activities, and identified false positives • Documented security events daily to create a baseline of activity for the client network • Intrusion Prevention and Detection System • Investigated alerts created by IDS/IPS including malicious file uploads, compromised servers, SQL injections, and port scanning • Performed in-depth forensics on workstation hard drives

    • Education

    • BSc in Computer Security in Computer Security

      University of Plymouth

      Jan 2013 - Jan 2017 - 4 yr

    • Technical Diploma in Banking Management

      All India Institute of Management Studies (AIIMS)

      Jan 2017 - Jan 2017 - 0 Month

    Skills

    • IT Audit
    • Information Technology (IT)
    • Risk Advisory
    • Network Security
    • COBIT
    • NIST
    • COSO
    • CMMI
    • ISO 27001

    Languages

    • English

      Fluent

    • Tamil

      Fluent

    • Arabic

      Intermediate

    • Urdu

      Intermediate

    Training & Certifications

    • ISO/IEC 27001 INFORMATION SECURITY ASSOCIATE™

      Skill Front·2021

    • IBM Cloud Essentials - V3

      IBM Developer Skills Network 2·2021

    • NSE 2 Network security Associate

      Fortinet·2021

    • Financial Risk Analytics

      Great Learning Academy·2021
    Share this Profile