PITCHBOOKPITCHBOOK

Nasser Khan, MBA, CISANasser Khan, MBA, CISA

NA

SS

ER’S

BR

AN

DA

ND

PR

OF

ILEBrandBrand

Nasser is a seasoned leader and a growth visionary supporting senior executive leadership in taking the companies to the next level of

enhancing profitability by managing enterprise risk.

Nasser Khan’s experience, skills, training and background brings a unique perspective to enterprise growth efforts. No matter what the

economic times are, Nasser Khan is able to add value with his deep and broad experience. Some of the elements that build Nasser’s brand

are:

1. Governance, Risk & Compliance (GRC) Professional

2. ERP Application Security and Controls

3. Business Systems & Process Transformation

4. Information Systems Auditor

5. MBA

6. Deep Multi-Industry Experience

7. Build Knowledge Networks

8. Educator & Trusted Adviser Integrity Excellence

Client-Centric

…Service

Philosophy

ProfileProfile

•Over twenty one years of combined industry and

professional services experience including Leadership,

Operations, Management, Audit, Security & Controls

Implementation. Business consulting experience spans

across industries with clients in Education, Financial Services,

Energy, Manufacturing, Healthcare, and Public Sectors.

•Led business-critical implementations and performed risk

management assessments within the information systems

functions. Key focus areas have been Application &

Infrastructure Security, Controls, Privacy and Compliance

with COSO, COBIT (ITGC), SOX, Privacy Act, and MFIPPA

regulations. Areas of expertise extend to Governance, Risk,

& Compliance (GRC) tools where he utilizes best practices in

Audit Approach & Implementation Methodology

•A proven track record in business development and client

management involving all levels of executives belonging to

Fortune 100 organizations.

•GRC experience encompasses implementing GRC systems,

performing and managing audit operations, User Access

Management, Security in PeopleSoft and other ERP systems,

Enterprise Risk Management and Identity Management.

•Led the Application Integrity Center of Excellence, focused

on Oracle ERP packages offered by Deloitte nationally

•Delivered presentations at several conventions held in the

U.S., Canada and Europe covering topics relating to I.T Audit,

GRC, and Security

Nasser Khan’s PitchbookNasser Khan’s Pitchbook

ACHIEVEMENTS & CAPABILITIESACHIEVEMENTS & CAPABILITIES

AC

HIE

VE

ME

NT

SA

ND

CA

PA

BILIT

IES

GRC Practice DevelopmentGRC Practice Development

�Built Oracle GRC capabilities across the US, by driving key

enablement initiatives including growth, delivery and

training.

�Assisted the regional centers develop and grow the practice

by improving their skill set of pursuing sales, enhancing

relationships and increasing footprints at existing clients.

�Educated to implement Oracle’s GRC applications and tools

including the Oracle GRC Controls Suite, Oracle GRC

Manager and Oracle GRC Intelligence products, and the

technologies of Oracle GRC applications.

�Teamed cross-functionally to build joint capabilities of

delivery and sales of solutions. Joint tasks included building

the pipeline, pursuing sales leads and assisting in the

delivery of solutions.

�Spearheaded the initiatives to build solutions labs for

Technology Risk AdvisoryTechnology Risk Advisory

�Designed and implemented Governance, Risk & Compliance

(GRC), Identity Management projects, strategy, planning,

coordinating, and consulting on the analysis and

identification of key risks, development of business and

systems.

�Performed assessment of security and controls in ERP and

supporting applications and systems against various

regulatory compliance frameworks.

�Designed, built or assessed risk and controls objectives,

design of controls activities, narratives, flowcharts, test

plans and testing of operating effectiveness.

�Conducted Privacy Impact Assessments in systems and

processes.

CA

PA

BILIT

IES�Spearheaded the initiatives to build solutions labs for

learning and use-case demo purposes.Business Process TransformationBusiness Process Transformation

�Consulted on application use optimization and business

process re-engineering of PeopleSoft modules, and

decommissioning of redundant processes and sub-

processes.

�Reviewed of As-Is payroll processes in order to streamline

diverse operations, identify efficiencies and synergies

between operating regions and reduce expenses.

�Consulted on system configuration alternatives and

opportunities for standardization.

�Reformed current business processes that vary from

delivered ‘best-practices’ in PeopleSoft. Determine gaps,

success criteria and recommendations.

Application Security & ControlsApplication Security & Controls

�Designed security management best practices, controls in

environment management, access management, access

provisioning, and security administration processes.

�Lead Security & Control build workshop sessions for

PeopleSoft and JD Edwards with functional areas Subject

Matter Expert Teams to determine organizational roles and

functions.

�Designed and built Security testing strategy.

�Identified data owners, control table responsibilities and

row level security structure for various business units.

�Designed authentication interface within the enterprise

context for PeopleSoft applications, HCM and Financials.

Lead the Fit/Gap effort and specified gap resolutions.

Nasser Khan’s PitchbookNasser Khan’s Pitchbook

ER

P IM

PLE

ME

NT

AT

ION

SA

ND

I.T. A

PeopleSoft Work Highlights

�Application supports role based in I.T. supporting HRMS, Benefits, Payroll, GL, A/P, P/O and AR modules as a business analyst

�Frequently applied minor upgrades working with data models of configuration and transaction tables

�Worked with Data Mover, App Engine, Component Interface and other integration tools

�Deep understanding of security implications , control capabilities and sensitivity of configuration and transaction tables in

PeopleSoft HCM and Financials 7.0 to 9.0

�Designed, implemented and configured HCM modules

I.T Audit and Controls Work

�Assessed PeopleSoft for security and controls design

�Assessed PeopleSoft implementations for optimization of use

�Assessed PeopleSoft implementations of quality of project management, governance, security and controls

�Several SOD analysis and redesigns

�Built own SOD tool for PeopleSoft HCM, Financials and JD Edwards

I.T. A

UD

IT

�Built own SOD tool for PeopleSoft HCM, Financials and JD Edwards

�Conducted system compliance audits for compliance with Municipal Freedom of Information and Privacy Act (Privacy Act)

�Mapped statutes and sections in regulations to data elements and controls activities in PeopleSoft and Infrastructure

environment to demonstrate how and where the control is compliance.

�Taught Auditing I.T function on behalf of IIA

�Participated in design course for auditing PeopleSoft on behalf of IIA

Nasser Khan’s PitchbookNasser Khan’s Pitchbook

EMPLOYERS &TIMELINESEMPLOYERS &TIMELINES

CA

RE

ER

TIM

ELIN

E

1986 1987 1992 1998 2000 2005 2007 2008 2009

Career progressionCareer progression

MBA

Crown Cork

Commercial

Manager

Manufacturing

PeopleSoft

Sr. HCM

ConsultantOracle

Acquires

PeopleSoft

Formed

Nasrhuma Inc.

CISA

7Nasser Khan’s PitchbookNasser Khan’s Pitchbook

Agfa

Product

Manager

SAB, Inc.

Sales Manager

B2B Sales

Region of York

PeopleSoft BSA

Deloitte

Manager

Enterprise RiskDeloitte

Sr. Manager

Enterprise Risk

Named

Security

Product

Lead

EM

PLO

YM

EN

TEmployers and Positions

•February 2009-Current•Formed Nasrhuma Inc. in US and Canada.

•A system integration professional services organization providing consulting advicein Technology Risk, GRC, ERP Roadmap and Strategy, and ERP implementation.

• August 2005-February 2009•Deloitte & Touché LLP- Costa Mesa, CA (managed team of max 11)

•Senior Manager in Enterprise Applications Integrity Practice-Technology Risk•Lead the Oracle GRC Enablement Initiative Nationally•SME for PeopleSoft Security & Controls

•Deloitte & Touché Ltd.- Toronto, ON (managed teams of max 7)•Manager in Enterprise Applications Integrity Practice-Technology Risk

•Technology Risk Management•PeopleSoft & JD Edwards Security & Controls

• June 2000- August 2005

•February 2009-Current•Formed Nasrhuma Inc. in US and Canada.

•A system integration professional services organization providing consulting advicein Technology Risk, GRC, ERP Roadmap and Strategy, and ERP implementation.

• August 2005-February 2009•Deloitte & Touché LLP- Costa Mesa, CA (managed team of max 11)

•Senior Manager in Enterprise Applications Integrity Practice-Technology Risk•Lead the Oracle GRC Enablement Initiative Nationally•SME for PeopleSoft Security & Controls

•Deloitte & Touché Ltd.- Toronto, ON (managed teams of max 7)•Manager in Enterprise Applications Integrity Practice-Technology Risk

•Technology Risk Management•PeopleSoft & JD Edwards Security & Controls

• June 2000- August 2005

Na

sser K

ha

n’s P

itchb

oo

kN

asse

r Kh

an

’s Pitch

bo

ok

• June 2000- August 2005•Oracle Consulting Services-Mississauga, ON

•Principal Consultant in Business Consulting HCM, Financials & Security•PeopleSoft Consulting Services

•Senior HCM Consultant Business •Global Security Product Co-Lead

•December 1998-June 2000•Region of York

•PeopleSoft Business Systems Analyst•Implemented and supported production environments of PeopleSoft HR and Financials

•July 1992-December 1998•Crown Cork & Seal Co., Inc

•Commercial Manager•B2B Sales and marketing at a manufacturing unit for packaging

• June 2000- August 2005•Oracle Consulting Services-Mississauga, ON

•Principal Consultant in Business Consulting HCM, Financials & Security•PeopleSoft Consulting Services

•Senior HCM Consultant Business •Global Security Product Co-Lead

•December 1998-June 2000•Region of York

•PeopleSoft Business Systems Analyst•Implemented and supported production environments of PeopleSoft HR and Financials

•July 1992-December 1998•Crown Cork & Seal Co., Inc

•Commercial Manager•B2B Sales and marketing at a manufacturing unit for packaging

QU

ALIF

ICA

TIO

NS

Education & CertificationEducation & Certification

Certified Information Systems Auditor, ISACA, USA

Certified PeopleSoft Consultant

MBA Finance & Marketing-1986

Institute of Business Administration

University of Karachi, Pakistan

BBA Marketing-1985

Institute of Business Administration

University of Karachi, Pakistan

Bcomm-Accounting-1982

St Patrick’s College, Karachi

Nasser Khan’s PitchbookNasser Khan’s Pitchbook

Memberships:

�Project Management Institute

�Canadian Management Association

�ISACA

�ISC2

�The Indus Entrepreneurs, TiE

Website

http://nasserkhan.com

Email: NasserKhan@Nasrhuma.com

• 15333 Culver Drive, Suite 340 # 586, Irvine, CA 92604

• (949) 551-6080IrvineIrvine

• Russell View Rd.

Mississauga, ON L5M 5V8

(647) 829-6850

TorontoToronto