Summary
Overview
Work History
Education
Skills
Certification
Timeline
Domain Experience
Generic
Danish Hussain

Danish Hussain

London

Summary

C-Suite/Senior Leadership Engagement:

  • Trusted to build strong and dependable relationships with Senior Leaders (SMF’s) such as CIO’s, CISO’s, CRO’s, and CIA’s - to support them with clear insights on matters impacting their technology & risk strategies.


Key Accomplishments & Recognition:

  • In Audit - Achieved a step-change in the “Audit-to-Risk” culture via strong outcomes from recently concluded IT & Cyber audits on one of the largest European commercial banking entities.
  • In Risk Management - Delivered the first Public Cloud Assurance Program across multiple platform providers, for a large UK Retail bank.
  • In Consulting - Led the creation of a new revenue generating service line following the successful delivery of multiple Vendor Risk assessments.


Value Add & Commercial mindset: Initiatives delivered led to enhanced business value, improved efficiencies and contributed to commercial gain.

  • In Audit - Leading an initiative to automate annual Risk Assessments on audit units by leveraging AI tooling which will generate deep insights and operational efficiencies. Also, established a new approach to achieving wider assurance with fewer audits on business units, resulting in low audit fatigue.
  • In Risk Management - Reduced assurance costs via adoption of new testing strategies on business units.
  • In Consulting – 7+ years of experience in winning and retaining B2B clients in a highly price conscious and regulated marketplace by leading strong bids and delivering high quality work.


Domain Experience:

  • End to End IT & Cyber Risk Assurance Program delivery (audits, risk assessments, controls testing).
  • Cloud Risk & Controls Framework development (governance, testing).
  • Technology Risk Advisor with well-rounded knowledge & experience on key cyber risk areas such as - Governance Risk & Control, Infrastructure Security, Cloud Adoption, Data Risk, Access Mgmt. etc...

Overview

16
16
years of professional experience
3
3
Certification

Work History

DIRECTOR, IT & Cybersecurity Audit

BNP PARIBAS (Hub UK)
10.2022 - Current
  • Senior Audit Stakeholder Engagement & Reporting: Responsible for all senior management engagement & reporting, relating to IT; spanning full suite of audit related communications such as - Audit Exec-Co reporting, Outcomes reporting & negotiations, Regulatory reporting, Audit commencement & planning memo's, etc.
  • Multi-Year Audit planning: Supporting the UK Head of Internal Audit and Portfolio Heads with IT audit cartography, and the development of the multi-year IT audit plan focused on the UK & European hubs.
  • Audit Execution & Reporting: Accountable for overseeing a team of 7 IT auditors (ranging from Senior Managers to Associates) to ensure timely delivery of the annual audit plan. This includes detailed scoping of the risk domains, approving testing strategies, agreeing outcomes with the auditee, and signing off on the final report.
  • Typical Domains audited: IT Governance Risk & Controls, Application Development, IT Production, IT Resilience, and Cybersecurity (incl. Infrastructure). Also, thematic audits on Data Governance (incl. Data Quality & Privacy), and Operational Resilience (incl. EU Digital Operational Resilience Act (DORA) readiness).
  • Annual Risk Assessment: Accountable for the completion of the annual risk assessments that keep an eye on the evolving risk posture of the audit universe. And, discover new entities that merit inclusion into the multi-year IT audit plan.
  • Coaching & Recruitment: Responsible for talent identification & recruitment, coaching team members to improve key audit skills, helping design career development path for team members.

SENIOR RISK MANAGER, Cloud Controls Implementation

LLOYDS BANK
12.2019 - 09.2022


Cloud Controls Framework Implementation (CCFI) - Lead:

  • Overall accountability for the test, transformation & readiness of the Group’s Public Cloud Platform Controls to host material workloads on multiple providers (i.e. Google, Microsoft Azure).
  • Role involved the successful delivery of £1m Cloud Readiness Assurance Program covering key Cloud Controls (that would support material workloads). This was performed by managing a team of 20 (LBG & Supplier) staff that completed control effectiveness testing, daily MI , and SLT reporting at divisional committees.
  • Gained understanding of key Cloud concepts - Data Dispersion, Guard-Rails, CI/CD, Immutable, Federated Identity Mgmt., CASB etc.
  • Design Effectiveness assessments – Lead: Completed workshops with supplier team & engineers to ensure Design Effectiveness assessments on new Public Cloud Platform controls complied with Risk Mgmt. standards.
  • Cloud Controls Framework development: Led the Cloud Engineering team to develop controls in alignment with the CSA Cloud Controls Matrix and Group Risk Management framework to ensure controls are auditable.


Head of QA, Methodology & Framework (QM&F) team:

  • Supported the automation of manual controls to enable data driven assurance.
  • Developed a new testing approach tailored for legal entities such as Corporate Bank, Insurance & Wealth – to support their risk posture.
  • Lead a 7-member QA team to ensure first line testing outcomes comply with Group Testing Methodology.

Asst. VICE PRESIDENT (AVP), Internal Audit

BARCLAYS BANK
05.2017 - 11.2019
  • Cybersecurity Audits: Delivered group-wide cyber security audits on topics such as: End User Developed Applications (EUDA), Cryptographic Key Mgmt. process, Identity and Access Mgmt. controls, Vulnerability Mgmt. process, Email DLP Change & Alert Mgmt. process, and Cyber Incident Response.
  • Issue Validation: Developed a strategy for prioritised delivery of multiple issue validations.

MANAGER, IT Risk & Assurance (FS Sector)

ERNST & YOUNG LLP
02.2014 - 04.2017
  • Service Line Development & Bids: Successfully led the establishment of a near-shore Managed Services offering UK FS clients supporting their Vendor Risk needs (inc. successful bids to win work).
  • IAM Governance: Led the development of IAM Policy & Standards for a Global Bank.
  • Data Sharing TOM: Developed data sharing strategy, for a UK Retail Bank, to support its compliance with the GDPR & Ring-Fencing regulations.
  • Operational Risk Management: Completed residual IT risk assessments for a Global Investment Bank.
  • Vendor Risk Assessments: Delivered large scale vendor risk assessment programmes for UK Insurance Companies, and the UK Financial Regulator.

ASSOCIATE, Technology Risk Consulting

KPMG LLP
10.2011 - 01.2014
  • Data Loss Prevention: Led the delivery of DLP controls enhancements for a UK Retail Bank.
  • Identity & Access Management (IAM): Performed application role design for a Global Bank.
  • Section 166 Review: Performed fieldwork for a regulatory review of a Global Insurance Company.

ENGINEER, Multimedia Production

PRIME FOCUS Ltd.
01.2009 - 09.2011
  • Engineering: IT Infrastructure and Proximity Support. (2010 - 2011)
  • Assistance: Production activities such as “Restoration”, and “Encoding”. (2009 – 2010)

Education

Masters in Information Technology (IT) -

University of Sydney
01.2008

Bachelors in Engineering (BE) - undefined

Anna University
01.2006

School - undefined

SBOA School
01.2002

Skills

  • Succinct and effective stakeholder communication
  • Generating insightful data analysis & dashboards
  • Strong negotiating & influencing skills
  • Navigating organisational complexities & building relationships
  • Reliable project management & delivery
  • Competent in regulatory engagement & reporting

Certification

  • ISACA - Artificial Intelligence (AI) Fundamentals certification (2024)
  • CSA - CCSK (Certified Cloud Security Knowledge (2021)
  • ISACA - CISM (Certified Information Security Manager (2016)
  • ISO42001 AI Management System – Lead Auditor (Currently Preparing)

Timeline

DIRECTOR, IT & Cybersecurity Audit

BNP PARIBAS (Hub UK)
10.2022 - Current

SENIOR RISK MANAGER, Cloud Controls Implementation

LLOYDS BANK
12.2019 - 09.2022

Asst. VICE PRESIDENT (AVP), Internal Audit

BARCLAYS BANK
05.2017 - 11.2019

MANAGER, IT Risk & Assurance (FS Sector)

ERNST & YOUNG LLP
02.2014 - 04.2017

ASSOCIATE, Technology Risk Consulting

KPMG LLP
10.2011 - 01.2014

ENGINEER, Multimedia Production

PRIME FOCUS Ltd.
01.2009 - 09.2011

Bachelors in Engineering (BE) - undefined

Anna University

School - undefined

SBOA School

Masters in Information Technology (IT) -

University of Sydney

Domain Experience

  • Technology Risk Advisor with well-rounded knowledge & experience on key cyber risk areas.
  • End to End IT & Cyber Risk Assurance Program delivery.
  • Cloud Risk & Controls Framework development.
Danish Hussain