Muhammad Shafi
Senior Chief Information Security Officer | GRC & SOC
Salary / Daily rate
London, UK
Freelance
Skills
Languages
About me
Intro
CISO with 30+ years expertise in cybersecurity, GRC, and SOC/NOC operations across banking, healthcare, and government sectors. Led security programs at NHS, ING Bank, and Allstate, managing teams of 50+ and budgets exceeding £10M while implementing ISO 27001, PCI-DSS, and GDPR compliance. Specialized in cloud security architecture, DevSecOps, and delivering comprehensive cSaaS solutions.
Work experience
CISO, Director/President (GRC, SOC, NOC, Cloud Security, Security Architecture)
FreelanceFreelance
Jul 2025 - Present
1 year
London, UK
Implement Cyber Security, GRC Programs, SOC/NOC Setup/Ops(SIEM, EDR, MDR, EXR, SOAR, MISP, MSSP), ISO 27001, GDPR, HIPAA, PCI - DSS, NIST (CSF), DLP, CIS, COBIT, SABSA, PDLP, SAMA, DORA, Security Audit, Risk Assessment, Security Analysis)
Director/Head of GRC, SOC, NOC & Cybersecurity
PRG PakistanHospitals and Health Care
Apr 2025 - Jul 2025
4 months
United States & Pakistan · Hybrid
Cybersecurity Governance and Operations 1. Governance, Risk & Compliance (GRC) The GRC function sets the foundation for cybersecurity for PRG by: • Establishing policies aligned with frameworks like HIPAA, NIST, PCI-DSS, GDPR, and ISO 27001 • Leading risk assessments, mitigation planning, and business continuity management • Managing third-party risk and enforcing compliance across the enterprise 2. Security Operations Center (SOC) The SOC delivers 24/7 operational defense through: • Real-time threat detection, incident response, and monitoring using SIEM, IDS/IPS, and endpoint protection • Ensuring swift containment, eradication, and recovery from cyber threats 3. Network Operations Center (NOC) The NOC strengthens infrastructure resilience by: • Running network security programs • Mitigating operational risks • Leading incident handling efforts 4. Strategic Leadership & Architecture Cybersecurity leadership ensures alignment with business goals by: • Driving cross-functional collaboration • Adopting zero-trust, cloud/SaaS security, and emerging technologies • Overseeing the integration of security into enterprise architecture 5. Compliance & Awareness Cross-departmental coordination ensures: • Regulatory compliance through audits and policy enforcement • Ongoing training to foster a security-aware culture 6. Threat Intelligence & Improvement A continuous improvement approach includes: • Vulnerability assessments, pen testing, and SOC automation • Monitoring key performance indicators (e.g., MTTR, MTTD) • Conducting post-incident reviews and applying corrective actions
CISO/Cloud & Data Security Officer/GRC, SOC & Cybersecurity Head
BYTECH UAE & Abdul Rahman Bin Awf IT Services, UK
Sep 2023 - Mar 2025
1 year 7 months
United Kingdom · Hybrid
The IT/Cyber Security Companies, In Partnership, provide services to the clients from multiple sectors, globally and within UAE/GCC/KSA region. • Lead/implement cyber security strategy for the multiple sectors organizations, FinTech, Banking, Public Sector, Real Estate, Healthcare, Insurance, Telecom etc., coordinate full security audit, lead security architecture/design and implement customized security controls and solutions. • Manage/implement Information security governance (ISG), Information risk management (IRM), Information Security Program, Development and Management (ISPDM), Information security incident Management (ISIM) • Mange IT/Security, 15+ teams, recruit, induct, train, performance evaluation • Collaborate with executive leadership, vendors, suppliers, partners etc. • Lead/Manage, Organizational IT Strategy and Leadership, EA & System, Architecture/Analysis, PMO/IT/Security Project Management & Security Architecture Projects/Programs: - Cyber security Program: Manage Security Strategy, Coordinate Audit and Implement customized security controls & tools at Fractal Systems, UAE/KSA. PDPL, SAMA, GDPR, PCI-DSS, ISO 270001, SOC 2, PCI PIN, NIST, NCA, SAMA, DLLP, DLP, SABSA, GDPR, HIPPA, NESSA, TOGAF, DevSecOps, SAFe. - Implement/Manage/Setup CSA (CCM), SOC-2, SSO, MFA, Zero Trust, Forge Rock, Cyber Ark, IDS/IDP at Aberdeen & Glasgow City Councils - Coordinate Security Audit for PCI-DSS, ISO 270001, SOC 2, PCI PIN, NIST, NCA, SAMA, DLLP, DLP, SWIFT, BACS, Core Native Cloud Apps, SABSA Standards at Bank of Scotland, HSBC UK, Barclays, ING Bank - IAM/PAM project for digital currency, digital payments & crypto/web3 systems - User Access Control, SAML, OAuth (XML/JSON), Azure AD, CMS, WAF, AWS, Cloud Watch, Azure Security Dashboard, CISA Security Audit, pen testing, Scottish Gas, UK - Data Encryption, Network Security, Firewall deployment at Fractal Systems, UAE/KSA - Manage/Implement cSaaS (Cyber Security As a Service) Program, multiple sectors
Chief Information/Cloud/Data Security Officer, CTO
AllstateInsurance
Aug 2022 - Aug 2023
1 year 1 month
United Kingdom · Hybrid
The US based Company, Insurance Sector, operate globally to provide insurance services with additional Cyber/Cloud Security Solutions to global multi-sector organizations • Managed/implemented Information security governance (ISG), Information risk management (IRM), Information Security Program, Development and Management (ISPDM), Information security incident Management (ISIM) • Managed/Coordinated Cloud Security (AWS, Azure, GCP, Oracle), Data Security, DLP • Compliance and Regulatory coordination, Regulatory Compliance (GDPR, HIPAA etc.) • Led incident, ITSM, response efforts and conducted root cause analysis for breaches. • Managed a team of IT/Security staff (50) and oversaw training and development. • Coordinate Security Audit for Cloud/On-Prem systems, architect and design security and implement controls, principles, tools, techniques, actions, skills development. • Mange Security/IT Budget (£10M+) and Resources, Vendors, 3rd-Party Risks, • Manage Vulnerability, Cyber Threat Intelligence, End-to-End & end user security • Prevention/Monitoring/Response - Secure Data, Application, SaaS, Cloud, Networks, payment systems • Lead/Manage, Organizational IT Strategy and Leadership, EA & System, Architecture/Analysis, PMO/IT/Security Project Management & Security Architecture Projects/Programs: - NIST, ISO 27001, PCI-DSS, GDPR, HIPPA, DLP, SIEM, SABSA, DevSecOps, GRC - Cloud Security Program – impel IAM/PAM & SSO, User Access Control, Zero-Trust - OAuth, CSA(CCM), SOC-2, SSO, MFA, Zero Trust, Forge Rock, Cyber Ark, SAML, Azure AD, Cloud Watch, (XML/JSON), Azure AD, CMS, WAF, Azure Security Dashboard - CISA Security Audit, penetration testing, Data Encryption, OWASP-10 policy and principles implementation, AWS Cloud Security & Service Now Project, Cloud Watch - Divvy Cloud Project – in-house developed security and event monitoring system - Manage/Implement cSaaS (Cyber Security as a Service) Program
Chief Information Security Officer, Chief Cloud Security Officer, CTO
Places for PeopleReal Estate
Feb 2020 - Jul 2022
2 years 6 months
United Kingdom · Hybrid
The company is registered in the UK and coordinate Real Estate and Construction business across UK/EU. • Formulate/implement Cyber/Cloud Security strategy, perform security Audit • Manage/Implement Information Security Strategy and Governance (ISG), Information risk management (IRM), Information Security Program Development and Management (ISPDM), Information security incident management (ISIM), Cyber security Risk Management • Setup and manage SOC (Security Operations Centre) and manage DevSecOps • Implement GDPR, HIPAA, DLLP, NIST, ISO 27001, NCA, PCI-DSS controls, DLP, SABSA, COBIT, CISM, GRC, SOC, SOX, GDPR, SAMA, HIPPA, DLP, PDLP • Design, architect and implement Cloud/On-Prem security for Reaps Estate Systems • Mange IT/Security teams (15), performance, vendors, partners, meetings, training • Mange IT/Security budget (£5+M), Security projects/programs etc. • Lead/Manage, Organizational IT Strategy and Leadership, EA & System, Architecture/Analysis, PMO/IT/Security Project Management & Security Architecture Projects/Programs: - Cyber/Cloud Security Audit Program: Audit for Networks, Applications, Cloud, Data, Systems, Files, Web Apps, Mobile Apps, Hardware, Software, SaaS/Business Apps, Finance, HR, Property Management, Sales force, D365 F&O, Oracle EBS/HCM, Office 365 and other Systems related to Real Estate/Construction Sector - Access Control & Monitoring: IAM, PAM, SAML, OAuth (XML/JSON), MFA, Azure AD, SSO, CMS; eCommerce; AWS IAM, Forge Rock and Cyber Ark, User Access Control, VMware, Virtual Servers, Networks, Implement security standards as per, CSA(CCM), SOC-2 and ISO27000 (ISO27001, ISO27017 and ISO27018 Manage/Implement cSaaS (Cyber Security as a Service) Program
Chief Information Security Officer, Chief Cloud Security Officer, CTO
NHSFood and Beverage Services
Jun 2015 - Jan 2020
4 years 8 months
United Kingdom · Hybrid
NHS (National Health Services) & DWP (Department for Work & Pensions) British Government public organizations from Health and Work & Pensions Payments sector • Formulate/Implement Cyber security policy, principles, guidelines, standards, protocols as per NIST, ISO 27001, SABSA, COBIT, CISA, GRC, SOC, GDPR, PCI – DSS • Manage/Implement GRC, ISG, IRM, ISPDM, ISIM, Cyber security Risk Management, IT Security audit. • Coordinates manage, stakeholders, customers, end-users, suppliers and update Change Advisory Board (CAB), Authorize/Implement Security Design, TOGAF etc. • Lead/coordinate vulnerability test initiatives and implement defense measure, tools, standards, methods and technologies to protect organizational data, networks, apps, systems, Cloud (AWS, Azure, GCP, Oracle, and SaaS) platforms, local servers etc. • Lead/manage security incident process, problem handling, backup measures Projects/Programs: - Manage/Implement PCI DSS, security controls, securing Banking/payment systems, credit/debit cards etc. information. - Strategic Management of Cloud/On-Prem Security, AWS, EC2, S3, EKS, Cloud Watch, AWS Dynamo, Kubernet, Lambda, AWS services, Azure Security Dashboard. - Implement TOGAF, Zachman, Agile, PMP, SDLC, PMP, Prince 2, SSL, TLS, SSH. - Lead/Manage SaaS Applications Security Program, secure O365 Online, Dynamics 365, Oracle Fusion, Oracle EBS. - Cloud Security Program: virtual firewalls, encrypted cloud storage, end-point security, protection against loosing/deleting data, mitigating phishing and ransom ware attacks. - Formulate and Implement Identity & Access Management (IAM) strategy, tools & Techniques in AWS, Azure, GCP, Oracle cloud and On-Prem systems, configures IAM for, SSO, MFA, Compliance with IAD, IT Audit recommendations and connections across all banking applications Manage/Implement cSaaS (Cyber Security as a Service) Program
Chief Information Security Officer, Chief Cloud Security Officer, CTO
INGBanking
Feb 2010 - May 2015
5 years 4 months
Europe · Hybrid
Banking/FinTech coordinates banking operations across the Globe, UK, EU/MENA • Secure the banking/transactional applications/systems & Data from vulnerabilities • Manage/Implement Information Security Strategy and Governance (ISG), Information risk management (IRM), Information Security Program Development and Management (ISPDM), Information security incident management (ISIM), Cyber security Risk Management, IT/Cyber security Audit/Analysis, document the audit report, highlights vulnerabilities, gaps and suggest/implement secure solutions • Formulate/Implement Cyber security policy, principles, Standards, PCI-DSS, ISO 270001, SOC 2, PCI PIN, NIST, NCA, SAMA, DLLP, DLP, SABSA for SWIFT, BACS, Core Native Cloud Apps Lead/manage IT/Cyber security Audit/Analysis, document the audit report, highlights vulnerabilities, gaps and suggest/implement robust/secure solutions • Analyse the organizational data (in-Transit, On-Rest), data centers and implement DLP Data Leakage, end-to-end preventions across the data lifecycle, On-Prem/Cloud • Coordinates manage, stakeholders, customers, end-users, suppliers and update Change Advisory Board (CAB), Authorize/Implement Security Design, TOGAF etc. • Lead/coordinate vulnerability test initiatives and implement defense measure, tools, standards, methods and technologies to protect organizational data, networks, apps, systems, Cloud (AWS, Azure, GCP, Oracle, and SaaS) platforms, local servers etc. • Lead/manage security incident process, problem handling, backup measures • Lead/Manage, Organizational IT Strategy and Leadership, EA & System, Architecture/Analysis, PMO/IT/Security Project Management & Security Architecture Projects/Programs: - Cloud/On-Prem Security & Auditing Program: virtual firewalls, encrypted cloud storage, end-point security, protection against loosing/deleting data, mitigating phishing and ransom ware attacks Manage/Implement cSaaS (Cyber Security as a Service) Program
IT Engineer/IT Manager/Chief Cloud/Cyber Security Architect, Manager, Consultant/CISO
HuaweiTelecommunications
Feb 1992 - Jan 2010
18 years
East Asia · On-site
The Global Telecomm/GSM organization providing multi-sector IT/Security Services across APAC, Middle East, Europe, America, Canada regions. • Formulate/Implement Cyber security policy, principles, guidelines, standards, protocols as per NIST, ISO 27001, SABSA, COBIT, CISA, GRC, SOC, GDPR, PCI – DSS • Lead/manage IT/Cyber security Audit/Analysis, document the audit report, highlights vulnerabilities, gaps and suggest/implement robust/secure solutions • Analyse the organizational data (in-Transit, On-Rest), data centers and implement DLP Data Leakage, end-to-end preventions across the data lifecycle, On-Prem/Cloud • Coordinates manage, stakeholders, customers, end-users, suppliers and update Change Advisory Board (CAB), Authorize/Implement Security Design, TOGAF etc. • Lead/coordinate vulnerability test initiatives and implement defense measure, tools, standards, methods and technologies to protect organizational data, networks, apps, systems, Cloud (AWS, Azure, GCP, Oracle, SaaS) platforms, local servers etc. • Lead/manage security incident process, problem handling, backup measures Projects/Programs: - Lead/Manage Cyber security Program to secure Servers, Networks, web/mobile applications, enterprise systems, data, files, drives
Education
Pluralsight
Certification Studies
2019 - 2019
1 month
University of Derby
Innovating in Operations Management
2016 - 2016
1 month
ILX Group, United Kingdom
Business Analysis Foundation
2015 - 2016
1 year 1 month
Uniwersytet Szczeciński
Postgraduate
2013 - 2014
1 year 1 month
University of Derby
Postgraduate
2012 - 2013
1 year 1 month
CIM - Cyprus Business School
Master of Business Administration (M.B.A.)
2010 - 2012
2 years 1 month
information Technology College
Diploma in Computer Science
2009 - 2009
1 month
Newports Institute of Communications and Economics
Bachelor of Technology - BTech
2004 - 2008
4 years 1 month
Licenses & certifications
Professional Member (MBCS)
Issued: Jul 2025
Certified Information Security Manager® (CISM)
Issued: Sep 2024
Professional Member ISACA
Issued: Jul 2024
ITIL® v4 Foundation Certified
Issued: May 2019