Farid is an Director in the Technology Risk practice with over 13 years of experience with the firm. He has been involved in numerous IT Security assessments, IT Audits, Vendor Assessments, IT Risk Assessments and Privacy engagements across a broad spectrum of industries, with a focus on the Financial Services Industry.
- For an Israeli military subcontractor, Farid is currently the lead assessor of their Security Operations Center’s Incident Response (IR) Program. The deliverable of this engagement is a Board-level audit report and recommendations to the CIO and SOC manager.
- For a recent Systematically Important Financial Institution (SIFI), Farid has provided oversight on CCAR IT remediation validation (Matters Requiring Attention [MRA/MRIA] and other Risk-Based Audits relative to their FR-Y14A and 14Q submissions.
- Planned and executed IT Security Audits and Application Assessments for numerous clients and their vendors. These engagements include Cybersecurity Program and Compliance Audits (e.g., GDPR, NIST-CSF, NYDFS - NYCRR Part 500, CSC-20, etc.), Security Operations Center (SOC) and Incident Response (IR) program reviews, Network Security vulnerability assessments, Virtual Desktop Infrastructure Assessments, Data Leakage and Privacy Audits, and Vendor Security Assessments (e.g., SOC2, Shared-Assessments-SIG, etc.).
- Managed multiple fortune 500 Financial Services clients in the documentation, implementation, and evaluation of IT Governance (e.g., ISO 27001/2) and Security frameworks (e.g., NIST CSF/FFIEC-CAT). He has also evaluated compliance and maturity against such frameworks across disparate entities within large, complex corporate environments.
- As part of the Operational Risk Management team of a large fortune 100 client, Farid was a co-architect of the development and implementation of a Risk Event Capture process. This risk event process is currently used to capture Problem, Security, and Change Events globally to report on key metrics negatively impacting geographic and entity related events on behalf of the Chief Risk Officer.
- Farid led the design, roll-out, and assessment of IT Governance & Security Framework across 30 countries/subsidiaries within the organization’s Archer GRC tool. Farid was a lead responsible the development of this Enterprise-wide Control Framework leveraging best practices employed and prescribed industry best practices. Farid managed and executed both the analysis and review of organizational processes, identified key areas of security risk and developed an action plan geared toward the introduction of information security best practices, into established system development processes. This led one of the Insurance Companies to receive both board-wide recognition and accolade at the CSO 40 awards.
- Assisted with the development of an IT Risk and Controls framework to be deployed globally across multiple subsidiaries of a large multinational client as part of a J-SOX compliance initiative. Farid managed the evaluation of a standardized core set of IT Security and Governance controls across 7 of the client’s entities. Farid both evaluated and managed this core set of controls around many of the client’s subsidiaries in Europe, North America, and South America.
Areas of Expertise
- IT Audit
- IT Security / Cybersecurity
- IT Governance, Risk and Compliance
- Financial Services
- Bachelor of Science – Computer Engineering Binghamton University
Professional Memberships and Certifications
- Executive Officer, Information Systems Audit and Control Association (ISACA) New York Metropolitan Chapter
- Cybersecurity Education Leader, New York Metropolitan Chapter
- Member, Institute of Internal Auditors (IIA)
- Current ISACA CSX-F Trainer
- Payment Card Industry [PCI] Qualified Security Assessor (PCI-QSA)
- Certified Ethical Hacker (CEH)
- Certified Cyber Security Practitioner (CSX-P)
- Certified in Risk Management Assurance (CRMA)
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Systems Auditor (CISA)
- Microsoft Certified Systems Engineer (MCSE)