Md. Shahriar Hussain

A results-driven cybersecurity professional with over 8 years of progressive experience in governance, risk, compliance (GRC), and security assurance within highly regulated sectors including telecommunications and banking. Proven expertise in designing and implementing compliance frameworks, conducting risk assessments, and managing internal and external audits. Adept at translating complex regulatory requirements (such as NIST, ISO 27001) into actionable security policies and controls.

Seeking to leverage my background in leading GRC initiatives to secure and scale compliance posture in the healthcare technology landscape.

EMPLOYMENT EXPERIENCE: April, 2024 – Present Cyber Security Chartered Engineer, Banglalink Digital Communications Ltd.  Spearhead cloud security assessments for Huawei cloud environments, aligning security controls with industry best practices and compliance requirements.  Design and document event response processes, enhancing the organization's incident management and governance capabilities.  Collaborate with engineering, compliance, and leadership teams to execute and refine enterprise-wide security strategies.  Conduct application risk assessments using SAST and DAST methodologies, prioritizing remediation of OWASP Top 10 and CWE Top 25 risks. April, 2021 – March, 2024 Cyber Security & Compliance Lead Engineer, Banglalink Digital Communications Ltd.  Owned the end-to-end compliance lifecycle for critical systems, including Vulnerability Assessment and Penetration Testing (VAPT) and policy compliance auditing for OS and database servers.  Authored comprehensive risk assessment reports for major organizational assets, including Hadoop systems and the MyBL mobile application (Android/iOS), directly contributing to risk mitigation and governance.  Performed security assessments and penetration testing in cloud environments, identifying critical vulnerabilities and driving remediation efforts. 16th June, 2019 – March, 2021 Cyber Security & Governance Specialist Engineer, Banglalink Digital Communications Ltd.  Executed regular vulnerability assessments and penetration testing across the organization's IT landscape.  Played a key role in governance by formulating Request for Proposals (RFPs) for new security solutions and defining security requirements for application designs and source code. 20th June, 2016 - 12th June, 2019 Senior Officer in Information Security Division, Prime Bank Limited, Dhaka  Led the security risk assessment process for web and mobile banking applications through vulnerability assessments and internal penetration testing.  Developed and implemented key hardening guidelines for databases, servers, and network devices, strengthening the bank's security posture.  Formulated RFPs for advanced security solutions (SIEM, DLP, WAF, NBA) and managed compliance projects related to PCI-DSS. February, 2012 – 16th June, 2016 Officer in ICT Division & BASIC Bank Training Institute (BBTI), BASIC Bank Limited, Dhaka  Managed network improvements and hardware/software evaluations.  Developed and delivered training modules on ICT Security Management, Computer Frauds, and the Role of IT Auditors, fostering a culture of security awareness.

PROFFESSIONAL CERTIFICATION:  Certified Ethical Hacker (CEH) | EC-Council  Certified Security Analyst (ECSA) | EC-Council  Red Team Operator (CRTO) | Zero-Point Security Ltd.  Metasploit Pro Specialist | Rapid7  Career Essentials in Cybersecurity | Microsoft & LinkedIn  The Accredited Configuration Engineer (ACE) | Palo Alto Networks  IBM Cybersecurity Analyst | Coursera  Google Cybersecurity Specialization | Coursera