Alim Al Razi

In this project, I have developed an Ethereum Smart contract app, DigitalLocker, intended to store digital assets securely on the blockchain network, where users can add assets, change their ownership, and view asset details. The app has four functions, two function modifiers, and two events. I have used Solidity programming language to build the app and Truffle & Ganache to test the app's functionalities.

I completed this project as part of the MS Cybersecurity degree requirements at the New York Institute of Technology (NYIT), Vancouver. The objectives of the project are:

1. ISMS Control GAP Analysis: GAP analysis is a primary and critical step for organizations aiming to achieve ISO/IEC 27001:2022 certification. This analysis involves a comprehensive review of the existing controls to identify discrepancies between current practices and the total ninety-three controls set out by the ISO… Show more

I completed this project as part of the MS Cybersecurity degree requirements at the New York Institute of Technology (NYIT), Vancouver. The objectives of the project are:

1. ISMS Control GAP Analysis: GAP analysis is a primary and critical step for organizations aiming to achieve ISO/IEC 27001:2022 certification. This analysis involves a comprehensive review of the existing controls to identify discrepancies between current practices and the total ninety-three controls set out by the ISO 27001:2022.

1. Developing ISMS Policies, Guidelines, and Procedures by adhering to information security best practices and ISO 27001:2022. Policies have been developed to cover the applicable controls identified during the GAP analysis.

2. Support in Testing the Implementation of the Controls to mitigate the risks.

3. Conduct VA and PT to strengthen the security of web applications: I used "Nessus Essentials" to conduct the vulnerability assessment on the critical web applications, and after that, I performed a detailed analysis of the identified vulnerabilities for possible exploitation. Later, I used tools such as Metasploit, Burpsuite, Zed Attack Proxy(ZAP), Hydra, Jenkins CLI, etc., to perform penetration testing and exploit some vulnerabilities to gain unauthorized access to the client applications. Finally, I suggested a mitigation solution to fix those vulnerabilities and harden the applications. Show less

This was an implementaion project of SAP ECM(Enterprise Compensation Managament) & E-Recruitment. I was the UAT manager to ensure the quality of project and effective delivery as per business requirement.

SAP Business Consultant

GRC-AC solution automates the process of detecting, remediating, and ultimately preventing access risk violations. It enables real-time visibility into current risk position – so we can confidently manage and reduce unauthorized access, fraud, and the cost of compliance across our enterprise.

Key business benefits:

# Automatically detect and remediate access risk violations across SAP and non-SAP systems
# Embed compliance checks and mandatory risk mitigation into business… Show more

GRC-AC solution automates the process of detecting, remediating, and ultimately preventing access risk violations. It enables real-time visibility into current risk position – so we can confidently manage and reduce unauthorized access, fraud, and the cost of compliance across our enterprise.

Key business benefits:

# Automatically detect and remediate access risk violations across SAP and non-SAP systems
# Embed compliance checks and mandatory risk mitigation into business processes
# Empower users with self-service, workflow-driven access requests, and approvals
# Automate reviews of user access, role authorizations, risk violations, and control assignments
# Better manage super-user access controls with a centralized, closed-loop process
# Create a comprehensive audit trail of user and role management activities Show less

GRC-AC solution automates the process of detecting, remediating, and ultimately preventing access risk violations. It enables real-time visibility into current risk position – so we can confidently manage and reduce unauthorized access, fraud, and the cost of compliance across our enterprise.

Key business benefits:

# Automatically detect and remediate access risk violations across SAP and non-SAP systems
# Embed compliance checks and mandatory risk mitigation into business… Show more

GRC-AC solution automates the process of detecting, remediating, and ultimately preventing access risk violations. It enables real-time visibility into current risk position – so we can confidently manage and reduce unauthorized access, fraud, and the cost of compliance across our enterprise.

Key business benefits:

# Automatically detect and remediate access risk violations across SAP and non-SAP systems
# Embed compliance checks and mandatory risk mitigation into business processes
# Empower users with self-service, workflow-driven access requests, and approvals
# Automate reviews of user access, role authorizations, risk violations, and control assignments
# Better manage super-user access controls with a centralized, closed-loop process
# Create a comprehensive audit trail of user and role management activities Show less

GRC-AC solution automates the process of detecting, remediating, and ultimately preventing access risk violations. It enables real-time visibility into current risk position – so we can confidently manage and reduce unauthorized access, fraud, and the cost of compliance across our enterprise.

Key business benefits:

# Automatically detect and remediate access risk violations across SAP and non-SAP systems
# Embed compliance checks and mandatory risk mitigation into business… Show more

GRC-AC solution automates the process of detecting, remediating, and ultimately preventing access risk violations. It enables real-time visibility into current risk position – so we can confidently manage and reduce unauthorized access, fraud, and the cost of compliance across our enterprise.

Key business benefits:

# Automatically detect and remediate access risk violations across SAP and non-SAP systems
# Embed compliance checks and mandatory risk mitigation into business processes
# Empower users with self-service, workflow-driven access requests, and approvals
# Automate reviews of user access, role authorizations, risk violations, and control assignments
# Better manage super-user access controls with a centralized, closed-loop process
# Create a comprehensive audit trail of user and role management activities Show less

GRC-AC solution automates the process of detecting, remediating, and ultimately preventing access risk violations. It enables real-time visibility into current risk position – so we can confidently manage and reduce unauthorized access, fraud, and the cost of compliance across our enterprise.

Key business benefits:

# Automatically detect and remediate access risk violations across SAP and non-SAP systems
# Embed compliance checks and mandatory risk mitigation into business… Show more

GRC-AC solution automates the process of detecting, remediating, and ultimately preventing access risk violations. It enables real-time visibility into current risk position – so we can confidently manage and reduce unauthorized access, fraud, and the cost of compliance across our enterprise.

Key business benefits:

# Automatically detect and remediate access risk violations across SAP and non-SAP systems
# Embed compliance checks and mandatory risk mitigation into business processes
# Empower users with self-service, workflow-driven access requests, and approvals
# Automate reviews of user access, role authorizations, risk violations, and control assignments
# Better manage super-user access controls with a centralized, closed-loop process
# Create a comprehensive audit trail of user and role management activities Show less

I was the Technical Lead of this Project and successfully complete the project.

Governance, Risk, and Compliance Access Control enables companies to confidently control access and prevent fraud throughout the enterprise by intelligently managing employee authorizations across mixed IT environments, allowing authorized exceptions, and accelerating resolution of any violations, all while reducing costs. This project would be instrumental for
• Reducing access risk across the… Show more

I was the Technical Lead of this Project and successfully complete the project.

Governance, Risk, and Compliance Access Control enables companies to confidently control access and prevent fraud throughout the enterprise by intelligently managing employee authorizations across mixed IT environments, allowing authorized exceptions, and accelerating resolution of any violations, all while reducing costs. This project would be instrumental for
• Reducing access risk across the enterprise
• Streamlining compliance processes
• Obtaining real-time oversight

After implementation of SAP GRC various in-house customization requirements will no longer be necessary. Based on current trend this will save approx USD 180K over five years. The present value of this savings is approx USD 123K . Show less

In version upgrade project I have played Project Manager role