Irfan Khan
London,ENG
Summary
Experienced CISM/CISA Security Risk & Control Consultant with over 10 years of expertise in investment banking environments. Proven track record in leading security risk management initiatives with a strong focus on Governance, Risk, and Control (GRC) frameworks NIST/ISO2000x. Extensive experience in Risk and Control, Access Management and Governance, ensuring alignment with business objectives and IT solutions.
A results-driven leader, skilled in managing bi-annual control assessment cycles to enhance the quality and accuracy of assessments. Adept at building relationships across all levels of an organization, from technical teams to senior management, facilitating alignment between security frameworks and business goals. Known for driving collaborative environments, motivating teams, and delivering high-quality outcomes with a focus on continuous improvement and customer service excellence.
Offering strong organisational and leadership skills, with background in team collaboration and problem-solving. Knowledgeable about managing timelines and coordinating resources to meet project goals. Ready to use and develop communication, planning, and stakeholder management skills in [Desired Position] role.
Overview
16
16
years of professional experience
3
3
years of post-secondary education
1
1
Certification
Work History
Project Manager, Governance, Risk and Control
UBS
09.2024 - 03.2025
- Lead the facilitation of the twice-yearly control assessment cycles across, while improving the quality and accuracy of assessments
- Drive improvements to the current control management approaches, providing a risk-focused approach to achieve greater efficiencies across the organization
- Influence and engage with a broad range of stakeholders, across Divisions and geographies. Work in an agile setup, ensuring responsiveness to change and stakeholder needs
- Ensure timely completion of annual SOX application walkthroughs to maintain compliance and control integrity
- Lead and inspire a team of risk and control professionals
- Prepare and deliver comprehensive monthly reporting packs, ensuring accuracy, clarity, and alignment with stakeholder requirement
- Collaborate with external regulators EY and internal auditors to ensure compliance and enhance operational efficiency
Project Manager, Governance, Risk and Control
Credit Suisse
06.2017 - 06.2019
- Working on the Strategic Access Control Initiative
- Led a team of consultants to successfully migrate critical Global Market applications to the company’s strategic Identity and Access Management (IAM) platform, strengthening security, ensuring regulatory compliance, and improving operational efficiency
- Accelerated the migration of 100+ applications to the new strategic IAM platform, ensuring adherence to internal policies, global regulations, and best practices
- Drove the adoption of new tools and technologies by collaborating with application development teams, resolving technical challenges, and aligning with supporting groups
- Produced detailed weekly management reports, documented risks and mitigation strategies, and represented the team in governance forums, working groups, and executive steering committees
Information Security IAM Consultant
Deutsche Bank
02.2017 - 06.2017
- Working with the Fixed Income Currency Business Control Team to help remediate issues relating to segregation off duties
- Analysing applications, roles and permissions across the user base to determine appropriateness of access
- Provide framework to Role Base applications with necessary sign off
- Create Business Requirement Document to help fast-track remediation and mitigation activity, to ensure that on-boarding activity is simplified, and SOD controls are implemented
- Work with applications owners to help comply with Information Risk Policy and IAM Controls
- Ensure best practices are followed, central solutions
- Update project metrics reported to key stakeholders
Consultant Information Security
Deloitte
11.2016 - 01.2017
- Company Overview: Client Deutsche Bank
- Providing services for CISO Identity & Access regarding the creation and completion of an Identity & Access Concept (IAC) document
- Examining information already available in Deutsche Bank Central Sources
- Documenting Identity & Access processes for in the IAC questionnaire based on Key stakeholder interviews and documentation received
- Ensuring that all mandatory information for an IAC has been received and the completeness of the information confirmed by the IT asset’s BISO
- Provide regular updates to key stakeholders
- Plan book of work for 2017
- Client Deutsche Bank
Information Security Business Analyst
Deutsche Bank
09.2015 - 09.2016
- Working with the Equities Business Control Team to help remediate issues relating to segregation off duties
- Analysing applications, roles and permissions across the user base to determine appropriateness of access
- Provide framework to Role Base applications with necessary sign off
- Create Business Requirement Document to help fast-track remediation and mitigation activity, to ensure that on-boarding activity is simplified, and SOD controls are implemented
- Work with applications owners to help comply with Information Risk Policy and IAM Controls
- Ensure best practices are followed, central solutions
- Update project metrics reported to key stakeholders
Governance Business Analyst Information Security
ICBC Standard Bank
04.2014 - 08.2015
- Company Overview: Corporate and Investment Banking
- Working for the Identity Access Management Governance team ensuring relevant access controls are in place and monitored
- Run Toxic Combination and Recertification campaigns, SailPoint integration and implementation
- Monitor and identify risk exposure upon a failure of Identity Access Management control
- Resolve SailPoint violations, grey list management
- Attend all change management and scrum meetings involving incident management
- Ensure Access Control team audit access levels are up to date and liaise with internal and external audit teams to address any queries
- Engage with Business and Technical teams to define activities for Toxic Combination campaigns ensuring all violations are identified, false positives are excluded, risk rated and remediated
- Run privilege access review campaigns for critical applications, Windows, UNIX, and Database
- Flag incorrect requests managed by Logical Access Teams and remediate
- SME contact for Identity Management Team, involved in the creation of a new AD forest and company segregation
- Providing up-to-date KRI to management
- Corporate and Investment Banking
Business Analyst Information Security
ROYAL BANK OF SCOTLAND
04.2013 - 04.2014
- Company Overview: Global Banking & Markets
- Working within Information Security team to improve security controls and rating for division International Banking Applications
- Role Base applications, automate User Entitlement Reviews and Control Monitor Access Control
- Work with Business Managers to complete CIA assessments
- Identify Key applications to on-board
- Analysing applications, roles and permissions across the user base to determine appropriateness of access
- Engaging relevant Business managers to review and validate any inappropriate access identified
- Toxic Combinations
- Role Base applications into our Access Control toolset RBAC/RBAM
- Reviewing the existing roles defined across applications and working with operational and application support teams to update / amend where necessary
- Manage and Automate User Entitlements Reviews for applications On-Boarded
- Arrange daily feeds from support teams by providing technical assistance
- UAT
- Analysing system data using advanced excel functions
- Global Banking & Markets
Identity Management Team Lead
STANDARD BANK
06.2012 - 04.2013
- Team Lead - 6 employees in the Logical Access Team, split between London and South Africa
- Provision AD and Many Business Application accounts for Joiner Movers Leavers
- Ensure SLA targets are met
- On Board new applications
- Attend regular Daily Production and change requests meetings
- Liaise with business risk and external auditors
- Manage and motivate staff and ensure service levels are achieved
- Ensure staff skill sets and tool sets are up to date
- Create service catalogue and introduce wiki to share knowledge amongst the team
- Provide security recommendations and provide assistance with implementing controls, processes and procedures to ensure compliance of internal policies
Team Lead/Identity Management Governance
ROYAL BANK OF SCOTLAND
06.2009 - 06.2012
- Company Overview: Global Banking & Markets
- Team Lead - 4 BA’s, providing Project and Global support to Global Access Control teams
- Deliver and provide updates on internal projects for SAM Global Head
- Prepare business case, requirement gathering, UAT testing, for internal Access Control projects
- Wastage Reduction, Automation, RBAC Access Control Team
- On board New Applications to Global SAM teams 60 plus
- Deliver Functional Requirements and carry out UAT testing for HP SM9
- Carry out successful service transition to other regions
- Deal with technical queries from Global Access teams
- Lead a forum with global team leads from Service Delivery to improve intra-team processes
- Monitor and perform quality checks on tasks Admins undertake
- Give direction to various Project teams on our Controls and requirements
- Ensure Global Access Control teams audit access levels are up to date and liaise with internal and external audit teams (Deloitte) to address any queries
- Global Banking & Markets
Education
BA Hon’s - Business Administration 2:2 Honours
Brunel University
09.1997 - 06.1998
HND - Business Information Technology
Brunel University London
Uxbridge 09.1995 - 06.1997
Skills
- Project Coordination
- Strategic planning
- Project Management
- Risk & Control
- IAM
- Goal-Oriented approach
- Scrum methodology proficiency
- Agile Framework
- NIST/ISO2001X
- Compliance awareness
- Self-motivation
Personal Information
Citizenship: UK Citizen
Custom
- Visit the gym
- Travel
- Watch movies
Certification
Project Management Coursera Feb 25
Azure Fundamentals Jan 24
TOGAF®9.2 Part 1 and Part 2 Nov 22
CISA May 17
CISM Sept 16
ISEB Business Analyst Mar 12
Prince 2 Jul 10
CCNA Sep 08
ITIL Foundation Mar 07
MCSE 2000 Security Jun 04
Timeline
Project Manager, Governance, Risk and Control
UBS
09.2024 - 03.2025
Project Manager, Governance, Risk and Control
Credit Suisse
06.2017 - 06.2019
Information Security IAM Consultant
Deutsche Bank
02.2017 - 06.2017
Consultant Information Security
Deloitte
11.2016 - 01.2017
Information Security Business Analyst
Deutsche Bank
09.2015 - 09.2016
Governance Business Analyst Information Security
ICBC Standard Bank
04.2014 - 08.2015
Business Analyst Information Security
ROYAL BANK OF SCOTLAND
04.2013 - 04.2014
Identity Management Team Lead
STANDARD BANK
06.2012 - 04.2013
Team Lead/Identity Management Governance
ROYAL BANK OF SCOTLAND
06.2009 - 06.2012
BA Hon’s - Business Administration 2:2 Honours
Brunel University
09.1997 - 06.1998
HND - Business Information Technology
Brunel University London
09.1995 - 06.1997
Similar Profiles
Norah AlharbiNorah Alharbi
Head of Compliance at UBSHead of Compliance at UBS
Ayman BelaoucheAyman Belaouche
Client Account Manager (NE, WE, GR/CY & APAC) at UBSClient Account Manager (NE, WE, GR/CY & APAC) at UBS
Tyler TrainorTyler Trainor
Veterans Associate Program at UBSVeterans Associate Program at UBS
Nikhil KambojNikhil Kamboj
Senior Software Development Engineer at UBSSenior Software Development Engineer at UBS
Muhammed PanjwaniMuhammed Panjwani
Warehouse Supervisor at Unichem 2005 CompanyWarehouse Supervisor at Unichem 2005 Company