Download - Nassers Pitchbook 112109 Blue1
PITCHBOOKPITCHBOOK
Nasser Khan, MBA, CISANasser Khan, MBA, CISA
NA
SS
ER’S
BR
AN
DA
ND
PR
OF
ILEBrandBrand
Nasser is a seasoned leader and a growth visionary supporting senior executive leadership in taking the companies to the next level of
enhancing profitability by managing enterprise risk.
Nasser Khan’s experience, skills, training and background brings a unique perspective to enterprise growth efforts. No matter what the
economic times are, Nasser Khan is able to add value with his deep and broad experience. Some of the elements that build Nasser’s brand
are:
1. Governance, Risk & Compliance (GRC) Professional
2. ERP Application Security and Controls
3. Business Systems & Process Transformation
4. Information Systems Auditor
5. MBA
6. Deep Multi-Industry Experience
7. Build Knowledge Networks
8. Educator & Trusted Adviser Integrity Excellence
Client-Centric
…Service
Philosophy
ProfileProfile
•Over twenty one years of combined industry and
professional services experience including Leadership,
Operations, Management, Audit, Security & Controls
Implementation. Business consulting experience spans
across industries with clients in Education, Financial Services,
Energy, Manufacturing, Healthcare, and Public Sectors.
•Led business-critical implementations and performed risk
management assessments within the information systems
functions. Key focus areas have been Application &
Infrastructure Security, Controls, Privacy and Compliance
with COSO, COBIT (ITGC), SOX, Privacy Act, and MFIPPA
regulations. Areas of expertise extend to Governance, Risk,
& Compliance (GRC) tools where he utilizes best practices in
Audit Approach & Implementation Methodology
•A proven track record in business development and client
management involving all levels of executives belonging to
Fortune 100 organizations.
•GRC experience encompasses implementing GRC systems,
performing and managing audit operations, User Access
Management, Security in PeopleSoft and other ERP systems,
Enterprise Risk Management and Identity Management.
•Led the Application Integrity Center of Excellence, focused
on Oracle ERP packages offered by Deloitte nationally
•Delivered presentations at several conventions held in the
U.S., Canada and Europe covering topics relating to I.T Audit,
GRC, and Security
Nasser Khan’s PitchbookNasser Khan’s Pitchbook
ACHIEVEMENTS & CAPABILITIESACHIEVEMENTS & CAPABILITIES
AC
HIE
VE
ME
NT
SA
ND
CA
PA
BILIT
IES
GRC Practice DevelopmentGRC Practice Development
�Built Oracle GRC capabilities across the US, by driving key
enablement initiatives including growth, delivery and
training.
�Assisted the regional centers develop and grow the practice
by improving their skill set of pursuing sales, enhancing
relationships and increasing footprints at existing clients.
�Educated to implement Oracle’s GRC applications and tools
including the Oracle GRC Controls Suite, Oracle GRC
Manager and Oracle GRC Intelligence products, and the
technologies of Oracle GRC applications.
�Teamed cross-functionally to build joint capabilities of
delivery and sales of solutions. Joint tasks included building
the pipeline, pursuing sales leads and assisting in the
delivery of solutions.
�Spearheaded the initiatives to build solutions labs for
Technology Risk AdvisoryTechnology Risk Advisory
�Designed and implemented Governance, Risk & Compliance
(GRC), Identity Management projects, strategy, planning,
coordinating, and consulting on the analysis and
identification of key risks, development of business and
systems.
�Performed assessment of security and controls in ERP and
supporting applications and systems against various
regulatory compliance frameworks.
�Designed, built or assessed risk and controls objectives,
design of controls activities, narratives, flowcharts, test
plans and testing of operating effectiveness.
�Conducted Privacy Impact Assessments in systems and
processes.
CA
PA
BILIT
IES�Spearheaded the initiatives to build solutions labs for
learning and use-case demo purposes.Business Process TransformationBusiness Process Transformation
�Consulted on application use optimization and business
process re-engineering of PeopleSoft modules, and
decommissioning of redundant processes and sub-
processes.
�Reviewed of As-Is payroll processes in order to streamline
diverse operations, identify efficiencies and synergies
between operating regions and reduce expenses.
�Consulted on system configuration alternatives and
opportunities for standardization.
�Reformed current business processes that vary from
delivered ‘best-practices’ in PeopleSoft. Determine gaps,
success criteria and recommendations.
Application Security & ControlsApplication Security & Controls
�Designed security management best practices, controls in
environment management, access management, access
provisioning, and security administration processes.
�Lead Security & Control build workshop sessions for
PeopleSoft and JD Edwards with functional areas Subject
Matter Expert Teams to determine organizational roles and
functions.
�Designed and built Security testing strategy.
�Identified data owners, control table responsibilities and
row level security structure for various business units.
�Designed authentication interface within the enterprise
context for PeopleSoft applications, HCM and Financials.
Lead the Fit/Gap effort and specified gap resolutions.
Nasser Khan’s PitchbookNasser Khan’s Pitchbook
ER
P IM
PLE
ME
NT
AT
ION
SA
ND
I.T. A
PeopleSoft Work Highlights
�Application supports role based in I.T. supporting HRMS, Benefits, Payroll, GL, A/P, P/O and AR modules as a business analyst
�Frequently applied minor upgrades working with data models of configuration and transaction tables
�Worked with Data Mover, App Engine, Component Interface and other integration tools
�Deep understanding of security implications , control capabilities and sensitivity of configuration and transaction tables in
PeopleSoft HCM and Financials 7.0 to 9.0
�Designed, implemented and configured HCM modules
I.T Audit and Controls Work
�Assessed PeopleSoft for security and controls design
�Assessed PeopleSoft implementations for optimization of use
�Assessed PeopleSoft implementations of quality of project management, governance, security and controls
�Several SOD analysis and redesigns
�Built own SOD tool for PeopleSoft HCM, Financials and JD Edwards
I.T. A
UD
IT
�Built own SOD tool for PeopleSoft HCM, Financials and JD Edwards
�Conducted system compliance audits for compliance with Municipal Freedom of Information and Privacy Act (Privacy Act)
�Mapped statutes and sections in regulations to data elements and controls activities in PeopleSoft and Infrastructure
environment to demonstrate how and where the control is compliance.
�Taught Auditing I.T function on behalf of IIA
�Participated in design course for auditing PeopleSoft on behalf of IIA
Nasser Khan’s PitchbookNasser Khan’s Pitchbook
EMPLOYERS &TIMELINESEMPLOYERS &TIMELINES
CA
RE
ER
TIM
ELIN
E
1986 1987 1992 1998 2000 2005 2007 2008 2009
Career progressionCareer progression
MBA
Crown Cork
Commercial
Manager
Manufacturing
PeopleSoft
Sr. HCM
ConsultantOracle
Acquires
PeopleSoft
Formed
Nasrhuma Inc.
CISA
7Nasser Khan’s PitchbookNasser Khan’s Pitchbook
Agfa
Product
Manager
SAB, Inc.
Sales Manager
B2B Sales
Region of York
PeopleSoft BSA
Deloitte
Manager
Enterprise RiskDeloitte
Sr. Manager
Enterprise Risk
Named
Security
Product
Lead
EM
PLO
YM
EN
TEmployers and Positions
•February 2009-Current•Formed Nasrhuma Inc. in US and Canada.
•A system integration professional services organization providing consulting advicein Technology Risk, GRC, ERP Roadmap and Strategy, and ERP implementation.
• August 2005-February 2009•Deloitte & Touché LLP- Costa Mesa, CA (managed team of max 11)
•Senior Manager in Enterprise Applications Integrity Practice-Technology Risk•Lead the Oracle GRC Enablement Initiative Nationally•SME for PeopleSoft Security & Controls
•Deloitte & Touché Ltd.- Toronto, ON (managed teams of max 7)•Manager in Enterprise Applications Integrity Practice-Technology Risk
•Technology Risk Management•PeopleSoft & JD Edwards Security & Controls
• June 2000- August 2005
•February 2009-Current•Formed Nasrhuma Inc. in US and Canada.
•A system integration professional services organization providing consulting advicein Technology Risk, GRC, ERP Roadmap and Strategy, and ERP implementation.
• August 2005-February 2009•Deloitte & Touché LLP- Costa Mesa, CA (managed team of max 11)
•Senior Manager in Enterprise Applications Integrity Practice-Technology Risk•Lead the Oracle GRC Enablement Initiative Nationally•SME for PeopleSoft Security & Controls
•Deloitte & Touché Ltd.- Toronto, ON (managed teams of max 7)•Manager in Enterprise Applications Integrity Practice-Technology Risk
•Technology Risk Management•PeopleSoft & JD Edwards Security & Controls
• June 2000- August 2005
Na
sser K
ha
n’s P
itchb
oo
kN
asse
r Kh
an
’s Pitch
bo
ok
• June 2000- August 2005•Oracle Consulting Services-Mississauga, ON
•Principal Consultant in Business Consulting HCM, Financials & Security•PeopleSoft Consulting Services
•Senior HCM Consultant Business •Global Security Product Co-Lead
•December 1998-June 2000•Region of York
•PeopleSoft Business Systems Analyst•Implemented and supported production environments of PeopleSoft HR and Financials
•July 1992-December 1998•Crown Cork & Seal Co., Inc
•Commercial Manager•B2B Sales and marketing at a manufacturing unit for packaging
• June 2000- August 2005•Oracle Consulting Services-Mississauga, ON
•Principal Consultant in Business Consulting HCM, Financials & Security•PeopleSoft Consulting Services
•Senior HCM Consultant Business •Global Security Product Co-Lead
•December 1998-June 2000•Region of York
•PeopleSoft Business Systems Analyst•Implemented and supported production environments of PeopleSoft HR and Financials
•July 1992-December 1998•Crown Cork & Seal Co., Inc
•Commercial Manager•B2B Sales and marketing at a manufacturing unit for packaging
QU
ALIF
ICA
TIO
NS
Education & CertificationEducation & Certification
Certified Information Systems Auditor, ISACA, USA
Certified PeopleSoft Consultant
MBA Finance & Marketing-1986
Institute of Business Administration
University of Karachi, Pakistan
BBA Marketing-1985
Institute of Business Administration
University of Karachi, Pakistan
Bcomm-Accounting-1982
St Patrick’s College, Karachi
Nasser Khan’s PitchbookNasser Khan’s Pitchbook
Memberships:
�Project Management Institute
�Canadian Management Association
�ISACA
�ISC2
�The Indus Entrepreneurs, TiE
Website
http://nasserkhan.com
Email: [email protected]
• 15333 Culver Drive, Suite 340 # 586, Irvine, CA 92604
• (949) 551-6080IrvineIrvine
• Russell View Rd.
Mississauga, ON L5M 5V8
(647) 829-6850
TorontoToronto