Post on 06-May-2015
PITCHBOOKPITCHBOOK
Nasser Khan, MBA, CISANasser Khan, MBA, CISA
NASSER’S BRAN
D AN
D PRO
FILEBrandBrand
Nasser is a seasoned leader and a growth visionary supporting senior executive leadership in taking the companies to the next level of enhancing profitability by managing enterprise risk.Nasser Khan’s experience, skills, training and background brings a unique perspective to enterprise growth efforts. No matter what the economic times are, Nasser Khan is able to add value with his deep and broad experience. Some of the elements that build Nasser’s brand are:
1.Governance, Risk & Compliance (GRC) Professional 2.ERP Application Security and Controls 3.Business Systems & Process Transformation 4.Information Systems Auditor 5.MBA6.Deep Multi-Industry Experience 7.Build Knowledge Networks 8.Educator & Trusted Adviser
ProfileProfile
•Over twenty two years of combined industry and professional services experience including Leadership, Operations, Management, Audit, Security & Controls Implementation. Business consulting experience spans across industries with clients in Education, Financial Services, Energy, Manufacturing, Healthcare, and Public Sectors. •Led business-critical implementations and performed risk management assessments within the information systems functions. Key focus areas have been Application & Infrastructure Security, Controls, Privacy and Compliance with COSO, COBIT (ITGC), SOX, Privacy Act, and MFIPPA regulations. Areas of expertise extend to Governance, Risk, & Compliance (GRC) tools where he utilizes best practices in Audit Approach & Implementation Methodology
•A proven track record in business development and client management involving all levels of executives belonging to Fortune 100 organizations. •GRC experience encompasses implementing GRC systems, performing and managing audit operations, User Access Management, Security in PeopleSoft and other ERP systems, Enterprise Risk Management and Identity Management. •Led the Application Integrity Center of Excellence, focused on Oracle ERP packages offered by Deloitte nationally •Delivered presentations at several conventions held in the U.S., Canada and Europe covering topics relating to I.T Audit, GRC, and Security
Nasser Khan’s PitchbookNasser Khan’s Pitchbook
IntegrityIntegrity ExcellenceExcellence
Client-CentricClient-Centric
…Service Philosophy
ACHIEVEMENTS & CAPABILITIESACHIEVEMENTS & CAPABILITIES
ACHIEVEM
ENTS AN
D CAPABILITIES
GRC Practice DevelopmentGRC Practice Development
Built Oracle GRC capabilities across the US, by driving key enablement initiatives including growth, delivery and training.Assisted the regional centers develop and grow the practice by improving their skill set of pursuing sales, enhancing relationships and increasing footprints at existing clients.Educated to implement Oracle’s GRC applications and tools including the Oracle GRC Controls Suite, Oracle GRC Manager and Oracle GRC Intelligence products, and the technologies of Oracle GRC applications.Teamed cross-functionally to build joint capabilities of delivery and sales of solutions. Joint tasks included building the pipeline, pursuing sales leads and assisting in the delivery of solutions.Spearheaded the initiatives to build solutions labs for learning and use-case demo purposes.Business Process TransformationBusiness Process Transformation
Consulted on application use optimization and business process re-engineering of PeopleSoft modules, and decommissioning of redundant processes and sub-processes.Reviewed of As-Is payroll processes in order to streamline diverse operations, identify efficiencies and synergies between operating regions and reduce expenses.Consulted on system configuration alternatives and opportunities for standardization. Reformed current business processes that vary from delivered ‘best-practices’ in PeopleSoft. Determine gaps, success criteria and recommendations.
Technology Risk AdvisoryTechnology Risk Advisory
Designed and implemented Governance, Risk & Compliance (GRC), Identity Management projects, strategy, planning, coordinating, and consulting on the analysis and identification of key risks, development of business and systems. Performed assessment of security and controls in ERP and supporting applications and systems against various regulatory compliance frameworks.Designed, built or assessed risk and controls objectives, design of controls activities, narratives, flowcharts, test plans and testing of operating effectiveness. Conducted Privacy Impact Assessments in systems and processes.Mapped Privacy Act to process controls.
Application Security & ControlsApplication Security & Controls
Designed security management best practices, controls in environment management, access management, access provisioning, and security administration processes.Lead Security & Control build workshop sessions for PeopleSoft and JD Edwards with functional areas Subject Matter Expert Teams to determine organizational roles and functions.Designed and built Security testing strategy.Identified data owners, control table responsibilities and row level security structure for various business units.Designed authentication interface within the enterprise context for PeopleSoft applications, HCM and Financials. Lead the Fit/Gap effort and specified gap resolutions.
Nasser Khan’s PitchbookNasser Khan’s Pitchbook
ERP IMPLEM
ENTATIO
NS AN
D I.T. AU
DIT
PeopleSoft Work Highlights
Application supports role based in I.T. supporting HRMS, Benefits, Payroll, GL, A/P, P/O and AR modules as a business analystFrequently applied minor upgrades working with data models of configuration and transaction tablesWorked with Data Mover, App Engine, Component Interface and other integration toolsDeep understanding of security implications , control capabilities and sensitivity of configuration and transaction tables in PeopleSoft HCM and Financials 7.0 to 9.0Designed, implemented and configured HCM modules
I.T Audit and Controls Work
Assessed PeopleSoft for security and controls designAssessed PeopleSoft implementations for optimization of useAssessed PeopleSoft implementations of quality of project management, governance, security and controlsSeveral SOD analysis and redesignsBuilt own SOD tool for PeopleSoft HCM, Financials and JD EdwardsConducted system compliance audits for compliance with Municipal Freedom of Information and Privacy Act (Privacy Act)Mapped statutes and sections in regulations to data elements and controls activities in PeopleSoft and Infrastructure environment to demonstrate how and where the control is compliance.Taught Auditing I.T function on behalf of IIAParticipated in design course for auditing PeopleSoft on behalf of IIA
Nasser Khan’s PitchbookNasser Khan’s Pitchbook
EMPLOYERS &TIMELINESEMPLOYERS &TIMELINES
CAREER TIMELIN
E
7Nasser Khan’s PitchbookNasser Khan’s Pitchbook
1986 1987 1992 1998 2000 2005 2007 2008 20091986 1987 1992 1998 2000 2005 2007 2008 2009
Career progressionCareer progression
MBA
AgfaProduct Manager
SAB, Inc.Sales ManagerB2B Sales
Crown CorkCommercial ManagerManufacturing
Region of YorkPeopleSoft BSA
PeopleSoftSr. HCM Consultant
DeloitteManager Enterprise Risk
Oracle Acquires PeopleSoft
Founded Nasrhuma Inc. Business & Technology Risk Consulting
DeloitteSr. ManagerEnterprise Risk
CISA
Named Security Product
Lead
EMPLO
YMEN
TEmployers and Positions
Nasser Khan’s Pitchbook
Nasser Khan’s Pitchbook
•February 2009-Current•Formed Nasrhuma Inc. in US and Canada.
•A system integration professional services organization providing consulting advice in Technology Risk, GRC, ERP Roadmap and Strategy, and ERP implementation.
• August 2005-February 2009•Deloitte & Touché LLP- Costa Mesa, CA (managed team of max 11)
•Senior Manager in Enterprise Applications Integrity Practice-Technology Risk•Lead the Oracle GRC Enablement Initiative Nationally•SME for PeopleSoft Security & Controls
•Deloitte & Touché Ltd.- Toronto, ON (managed teams of max 7)•Manager in Enterprise Applications Integrity Practice-Technology Risk
•Technology Risk Management•PeopleSoft & JD Edwards Security & Controls
• June 2000- August 2005•Oracle Consulting Services-Mississauga, ON
•Principal Consultant in Business Consulting HCM, Financials & Security•PeopleSoft Consulting Services
•Senior HCM Consultant Business •Global Security Product Co-Lead
•December 1998-June 2000•Region of York
•PeopleSoft Business Systems Analyst•Implemented and supported production environments of PeopleSoft HR and Financials
•July 1992-December 1998•Crown Cork & Seal Co., Inc
•Commercial Manager•B2B Sales and marketing at a manufacturing unit for packaging
•February 2009-Current•Formed Nasrhuma Inc. in US and Canada.
•A system integration professional services organization providing consulting advice in Technology Risk, GRC, ERP Roadmap and Strategy, and ERP implementation.
• August 2005-February 2009•Deloitte & Touché LLP- Costa Mesa, CA (managed team of max 11)
•Senior Manager in Enterprise Applications Integrity Practice-Technology Risk•Lead the Oracle GRC Enablement Initiative Nationally•SME for PeopleSoft Security & Controls
•Deloitte & Touché Ltd.- Toronto, ON (managed teams of max 7)•Manager in Enterprise Applications Integrity Practice-Technology Risk
•Technology Risk Management•PeopleSoft & JD Edwards Security & Controls
• June 2000- August 2005•Oracle Consulting Services-Mississauga, ON
•Principal Consultant in Business Consulting HCM, Financials & Security•PeopleSoft Consulting Services
•Senior HCM Consultant Business •Global Security Product Co-Lead
•December 1998-June 2000•Region of York
•PeopleSoft Business Systems Analyst•Implemented and supported production environments of PeopleSoft HR and Financials
•July 1992-December 1998•Crown Cork & Seal Co., Inc
•Commercial Manager•B2B Sales and marketing at a manufacturing unit for packaging
QU
ALIFICATION
SEducation & CertificationEducation & Certification
Nasser Khan’s PitchbookNasser Khan’s Pitchbook
Certified Information Systems Auditor, ISACA, USACertified PeopleSoft Consultant
MBA Finance & Marketing-1986Institute of Business AdministrationUniversity of Karachi, Pakistan
BBA Marketing-1985Institute of Business AdministrationUniversity of Karachi, Pakistan
Bcomm-Accounting-1982St Patrick’s College, Karachi
Memberships:
Project Management InstituteCanadian Management AssociationISACAISC2
The Indus Entrepreneurs, TiE
Website
http://nasserkhan.com
Email: NasserKhan@Nasrhuma.com