Danish Hussain

• Senior Audit Stakeholder Engagement & Reporting: Responsible for all senior management engagement & reporting, relating to IT; spanning full suite of audit related communications such as - Audit Exec-Co reporting, Outcomes reporting & negotiations, Regulatory reporting, Audit commencement & planning memo's, etc.
• Multi-Year Audit planning: Supporting the UK Head of Internal Audit and Portfolio Heads with IT audit cartography, and the development of the multi-year IT audit plan focused on the UK & European hubs.
• Audit Execution & Reporting: Accountable for overseeing a team of 7 IT auditors (ranging from Senior Managers to Associates) to ensure timely delivery of the annual audit plan. This includes detailed scoping of the risk domains, approving testing strategies, agreeing outcomes with the auditee, and signing off on the final report.
• Typical Domains audited: IT Governance Risk & Controls, Application Development, IT Production, IT Resilience, and Cybersecurity (incl. Infrastructure). Also, thematic audits on Data Governance (incl. Data Quality & Privacy), and Operational Resilience (incl. EU Digital Operational Resilience Act (DORA) readiness).
• Annual Risk Assessment: Accountable for the completion of the annual risk assessments that keep an eye on the evolving risk posture of the audit universe. And, discover new entities that merit inclusion into the multi-year IT audit plan.
• Coaching & Recruitment: Responsible for talent identification & recruitment, coaching team members to improve key audit skills, helping design career development path for team members.

Cloud Controls Framework Implementation (CCFI) - Lead:

• Overall accountability for the test, transformation & readiness of the Group’s Public Cloud Platform Controls to host material workloads on multiple providers (i.e. Google, Microsoft Azure).
• Role involved the successful delivery of £1m Cloud Readiness Assurance Program covering key Cloud Controls (that would support material workloads). This was performed by managing a team of 20 (LBG & Supplier) staff that completed control effectiveness testing, daily MI , and SLT reporting at divisional committees.
• Gained understanding of key Cloud concepts - Data Dispersion, Guard-Rails, CI/CD, Immutable, Federated Identity Mgmt., CASB etc.
• Design Effectiveness assessments – Lead: Completed workshops with supplier team & engineers to ensure Design Effectiveness assessments on new Public Cloud Platform controls complied with Risk Mgmt. standards.
• Cloud Controls Framework development: Led the Cloud Engineering team to develop controls in alignment with the CSA Cloud Controls Matrix and Group Risk Management framework to ensure controls are auditable.

Head of QA, Methodology & Framework (QM&F) team:

• Supported the automation of manual controls to enable data driven assurance.
• Developed a new testing approach tailored for legal entities such as Corporate Bank, Insurance & Wealth – to support their risk posture.
• Lead a 7-member QA team to ensure first line testing outcomes comply with Group Testing Methodology.

• Cybersecurity Audits: Delivered group-wide cyber security audits on topics such as: End User Developed Applications (EUDA), Cryptographic Key Mgmt. process, Identity and Access Mgmt. controls, Vulnerability Mgmt. process, Email DLP Change & Alert Mgmt. process, and Cyber Incident Response.
• Issue Validation: Developed a strategy for prioritised delivery of multiple issue validations.

• Service Line Development & Bids: Successfully led the establishment of a near-shore Managed Services offering UK FS clients supporting their Vendor Risk needs (inc. successful bids to win work).
• IAM Governance: Led the development of IAM Policy & Standards for a Global Bank.
• Data Sharing TOM: Developed data sharing strategy, for a UK Retail Bank, to support its compliance with the GDPR & Ring-Fencing regulations.
• Operational Risk Management: Completed residual IT risk assessments for a Global Investment Bank.
• Vendor Risk Assessments: Delivered large scale vendor risk assessment programmes for UK Insurance Companies, and the UK Financial Regulator.

• Data Loss Prevention: Led the delivery of DLP controls enhancements for a UK Retail Bank.
• Identity & Access Management (IAM): Performed application role design for a Global Bank.
• Section 166 Review: Performed fieldwork for a regulatory review of a Global Insurance Company.

• Engineering: IT Infrastructure and Proximity Support. (2010 - 2011)
• Assistance: Production activities such as “Restoration”, and “Encoding”. (2009 – 2010)