Fariha Rahman

Security Senior Analyst, Information Security Governance Jan 2014- Nov 2017

Risk Assessment:
- Conducted risk assessment following NIST Risk Management Framework (RMF), ISO 27001 Risk Assessment Methodology and FAIR (Factor Analysis of Information Risk)
- Improved the number of risks identified and mitigated by 20%.
Information Security Internal and External Audit:
- Conducted audits on projects leveraging in-depth understanding of internal controls, business process, application, and IT controls and auditing against best practices like ISO27K, ITGC, NIST.
- Supported SOX and SOC2 Audit compliance requirements for 4 of Accenture client's BU.
- Confirmed the mitigation of internal and external audit findings with 85% observations closed.
- Passed ISO 27K External Audit by DNV and E&Y with 0 Major findings.
- Conducted physical infrastructural audits in DC and DR (Data Center and Disaster Recovery).
Information Security Control Implementation:
- Established PDCA management cycle while implementing ISMS policy in compliance with Accenture Information Security Management Policy 1457.
- Implemented 50+ Client Data Protection (CDP) controls in the 14 categories of ISO 27001.
- Served as a Business Continuity Manager and executed BCM table-top exercise, yearly simulation tests and walkthrough audits for 3 projects.
- Implemented Oracle Identity & Access Management which streamlined Access Management System Control.
- Achieved Accenture Spot and Industrialization Award for transforming information security practice in Accenture.

About