Download PDF

Summary

Identity Security expert with 10+ years of extensive experience in designing and implementing enterprise-grade IAM solutions. Specialized in identity governance, privileged access management and single sign-on solutions. Proven expertise in securing digital identities, integrating enterprise systems and ensuring compliance with global security standards (NIST, ISO 27001, SWIFT CSP). Skilled in leading IAM strategy, project execution, identity lifecycle management, policy based access provisioning and risk-based access management. Passionate about optimizing identity governance and access management for large organizations.

Leading security projects from POC to implementation and having hands-on experience with the design and architecture of solution implementation including installations, configurations, integrations, customizations, deployments & operations of IAM and PIM solutions in DEV, UAT, Production H/A and DR environments.

Work Experience - Projects

March 2024Present

Identity & Access Management Lead

NETS International, Dubai, UAE

  • Leading IAM strategy, engineering and operations for enterprise clients.

March 2024Jan 2025

IAM & UAM Lead

DU Telecom, Dubai, UAE

  • Lead and manage access recertification campaigns to ensure compliance.
  • System reconciliations to maintain accurate identity and access data, resolving discrepancies effectively.
  • Developed, documented and maintained SOPs.
  • Implemented Proof of Concepts and developed use cases for IAM function.
  • Facilitated the onboarding of applications into the IAM system to enhance governance and integration.
  • Consistently achieved KPIs within the IAM function, ensuring operational efficiency and compliance.
Feb 2021March 2024

IAM Specialist | Assistant Director in IT Programs and Project Managment Department

State Bank of Pakistan, Karachi, Pakistan

  • Led PoCs for cloud solutions Mirosoft Azure, IBM, Oracle, domestic CSPs, covering VPC, key management, VMs management, enterprise solutions deployment & configuration on cloud along with pricing and RFP creation.
  • Executed SAML-based SSO integrations using Microsoft Azure AD (Entra ID), ADFS as identity providers with IBM BAW, IBM FileNet ECM as service providers; resolved technical issues related to SSO functionality.
  • Configured certificate-based authentication for Office Anywhere (OAW).
  • DLP PoCs with ForcePoint, Symantec, Microsoft Purview, including use cases creation, demos & evaluation.
  • Managed IBM FileNet Content Management and IBM BPM, including installation, upgrades, performance tuning of applications, database servers and DR switchovers.
  • Managed security vulnerabilities remediation, fixpacks implementation and risk reporting to CISO, CTO and senior management to ensure compliance and secure environments.
  • Managing and ensuring the successful closure of external IT audits.
  • Created SOP documents and trained teams on new deployments.
June 2021Jan 2022

CIAM Developer & Support

Systems Limited (ADIB Project), UAE

  • IBM ISAM: Mapping rule configuration. IBM SDI: Assembly lines creation.
  • IAM Operations: Device registration, endpoint & OTP policy management and operational support.
Sept 2020Dec 2020

PIM Solution Consultant

Meezan Bank Limited, Karachi, Pakistan

  • Deployed PIM & ISAM with 2FA in DR. Configured MFA & PIM Agent for privileged access.
  • Troubleshooting of production issues & performance optimization for IBM PIM, DB2 and SDS servers.
  • Deployed IBM Cognos, created custom reports for data analytics, trained teams & documented processes.
Aug 2018Jan 2020

IAM Implementation Lead

Bank Alfalah, Karachi, Pakistan

  • Designed and implemented IAM solution with policy based integration with Microsoft Active Directory, Microsoft Exchange, Oracle EBS, Oracle HR database, SMS gateway, Email gateway and custom applications including core banking system Temenos T24 and Alfalah Transact.
  • Developed Java-based custom adapters for application integration using REST APIs and SOAP APIs to enable seamless communication between systems.
  • Enhance operational efficiency by automating provisioning/deprovisioning and password management.
  • Seamless SSO and MFA implementation on core banking system Temenos T24.
  • Deployed a centralized SSO portal. Improved user support mechanism by Helpdesk password reset service.
  • IBM Cognos depoyment and configuration for advanced data analytics and reporting capabilities.
Dec 2017Aug 2018

Privileged Identity Management Implementation Lead

Pakistan Stock Exchange, Karachi, Pakistan

  • Led the implementation of H/A IBM PIM solution for secure privileged access across all platforms.
  • Designed & documented comprehensive solution architecture, including configuration and customization of access profiles for databases, windows, linux servers, network devices, web & desktop apps integration.
  • Implemented session monitoring and Break-Glass access. 
  • Established real-time threat detection by integrating with IBM QRadar SIEM.
  • Deployed DR environment replica of Production & IBM Cognos for advanced data analytics and reporting.
  • Conducted trainings for solution handover. Documented installations, configurations and SOPs.
Dec 2016Sept 2017

Privileged Identity Management Consultant

Habib Bank Limited, Emerging Markets Payments

  • Coordination and delivery of product demos to stakeholders, illustrating key features & value added benefits.
  • Facilitated stakeholder engagement by showcasing the practical advantages & efficiency of the PIM solution.
May 2014June 2016

IAM Operations Engineer | Operations Lead

Saudi Telecom Company, Riyadh, Saudi Arabia

  • Delivered IAM operational support for over 30,000 users spanning more than 20 integrated applications.
  • Ensured consistent enforcement of monitoring processes, contributing to improved system reliability.
  • Incident reponse management, team management, trainings, SOPs creation.

Education

Sept, 2009Sept, 2013

Bachelors in Computer Science

COMSATS University Islamabad, Pakistan

Skills

  • Capturing and analyzing the customer requirements and documenting application policies for integration
  • Interaction with the customer, project stakeholders and various technical teams regarding services and overall project management.
  • Experienced in designing the architecture of IAM solution.
  • Experienced with network segmentation and secure network design of IAM solution.
  • Experienced in designing the architecture of middleware components IBM WebSphere Application Server, DB2, Security Direcorty Server and Security Directory Integrator.
  • Sound knowledge of working with Digital Certificates and Certification Authority.
  • Experienced in deployment, configuration, integration and troubleshooting IBM Security Identity Manager.
  • Experienced in IBM SIM out of the box Adapters configuration.
  • Experienced in centralized user repository management after integrating applications.
  • Experienced in integrating applications with IBM SIM for a policy-based user management automation.
  • Experienced in integration of IBM SIM with enterprise HR database for Employee Identity Feed management.
  • Experienced in implementing identity, provisioning, adoption, password, separation of duty and recertification policies in IBM SIM.
  • Experienced in Role based and Request based access management.
  • Defined and documented Failover/Failback Operational Procedures for IBM Security Identity Manager, IBM Security Access Manager, IBM DB2 Database, IBM Security Directory Server and IBM Security Directory Integrator Server.
  • Automated the provisioning of accounts on applications such as Microsoft Active Directory and Exchange Server, IBM Security Access Manager and Oracle E-Business Suite and custom applications.
  • Sound knowledge and understanding of SSL, Public/Private keys, certificate configurations and management using PKI infrastructure of ISAM, IBM Key Management tool and OpenSSL.
  • Experienced in setting up Keycloak and integrating apps supporting OpenID Connect and SAML protocols.
  • Experienced with Docker, OpenShift and Kubernetes, ensuring high availability, automated scaling, and efficient containerized application deployments.
  • Experienced in deployment, configuration, integration and troubleshooting IBM Security Access Manager.
  • Configuration of Reverse proxy instances and Runtime environment in IBM Security Access Manager.
  • Configuration and troubleshooting of ISAM policy server.
  • Load balancer configuration in ISAM. MMFA configuration in ISAM. Experienced working on the ISAM APIs.
  • Experienced in implementing Single-Sign on with Oracle E-Bussines Suite.
  • Experienced in implementing SSO using OpenID Connect and SAML protocols.
  • Advanced knowledge of SSO protocols and technologies, including LDAP, Kerberos, SAML, OpenID Connect and OAuth.
  • Provided operational support to ISIM, ISPIM and ISAM functionalities such as fixes to custom code, maintaining Junctions, Groups and ACL creation/deletion/modification.
  • Sound working knowledge on LDAP-based directories such as IBM Security Directory Server and Microsoft Active Directory.
  • Experienced in implementing IBM Security Directory Server replication.
  • Customization of default ISIM LDAP schema, including management of custom object classes and attributes in IBM Security Directory Server.
  • Experienced in installation, configuration, replication and enabling SSL for SDS servers.
  • Experienced in developing assembly lines, Identity feeds in the IBM Security Directory Integrator.
  • Installation and configuration of Dispatcher on IBM Security Directory Integrator.
  • Experienced in deployment, configuration, integration and troubleshooting IBM Security Privileged Identity Manager.
  • Sound knowledge and experienced in out of box Access Profiles configuration including session monitoring.

  • Experienced in designing and enforcing policies for least privilege access.

  • Experienced in custom Advance Access profile creation for web and desktop applications in ISPIM.
  • Expert knowledge of designing custom reports for data analysis.
  • Knowledge and practical experience of installation, configuration and administration of IBM Verify Privilege Vault (Thycotic PAM).
  • Designed highavailabity and disaster recovery strategies.
  • Hands on experience and well versed in creating Offline and Online Backup/Restore strategies for Directory server and database server.
  • Experienced in installation, configuration and troubleshooting IBM DB2 and DB2 HADR implementation.
  • Performance tuning of SDS, WAS and DB2 servers.
  • Experienced in executing planned and unplanned Failover, Switchover and failback, Switchback activities between Production, Standby and DR environments.
  • Experienced in solution fixpacks/patch and security vulnerability management.
  • Well versed in the technical documentation.
  • Strong technical, analytical, interpersonal, management and communication skills.

Certification

  • IBM Certified Deployment Professional - Security Privileged Identity Manager V2.0.2 - June 2017
  • (ISC)² Certified in Cybersecurity (CC) - Jan 2023
  • Oracle Cloud Infrastructure 2023 Certified Foundations Associate - July 2023
  • SailPoint Identity Security Leader Credential - Nov 2024