NASSER

’SBRANDAN

DPROFILE

Nasserisaseasonedleaderandagrowthvisionarysupportingseniorexecutiveleadershipintakingthecompaniestothenextlevelofenhancingprofitabilitybymanagingenterpriserisk.NasserKhan’sexperience,skills,trainingandbackgroundbringsauniqueperspectivetoenterpriseeffortstotransformandevolve.Nomatterwhattheeconomictimesare,Nasserisabletoaddvaluewithhisdeepandbroadexperience.SomeoftheelementsthatbuildNasser’sbrandare:1.Governance,Risk&Compliance(GRC)Professional2.ERPApplicationSecurityandControls3.BusinessSystems&ProcessTransformation4.InformationSystemsAuditor-CISA5.MBAinFinance6.DeepMulti-IndustryExperience7.BuildsPracticesandKnowledgeNetworks8.Educator&TrustedAdvisor

•Overtwentyfiveyearsofcombinedindustryandprofessionalservicesexperienceincluding Leadership,Operations,Management,Audit,Security&ControlsImplementation.BusinessconsultingexperiencespansacrossindustrieswithclientsinEducation,FinancialServices,Energy,Manufacturing,Healthcare,andPublicSectors.•Ledbusiness-critical implementationsandperformedriskmanagementassessmentswithintheinformationsystemsfunctions.KeyfocusareashavebeenApplication&InfrastructureSecurity,Controls,PrivacyandCompliancewithCOSO,COBIT(ITGC),SOX,PrivacyAct,andHIPAAregulations.AreasofexpertiseextendtoGovernance,Risk,&Compliance(GRC)toolswhereheutilizesbestpracticesinAuditApproach&ImplementationMethodology

•AproventrackrecordinbusinessdevelopmentandclientmanagementinvolvingalllevelsofexecutivesbelongingtoFortune100organizations.•GRCexperienceencompassesimplementingGRCsystems,performingandmanagingauditoperations,UserAccessManagement,SecurityinPeopleSoftandotherERPsystems,EnterpriseRiskManagementandIdentityManagement.•LedtheCenterofExcellenceatBig4focusedonOracleERPpackagesofferedinNorthAmerica•PresentedatseveralconventionsheldintheU.S.,CanadaandEuropecoveringtopicsrelatingtoI.TAudit,GRC,andSecurity

Integrity Excellence

Client-Centric

…ServicePhilosophy

ENTERPRISER

ISKMAN

AGEM

ENTA

CHIEVEMENTS

ANDCAPABILITIES

§RanDeloitte’s CenterofExcellenceandbuilt OracleAdvancedControlscapabilitiesacrossNorthAmericabydrivingkeyenablementinitiativesincludingsales,deliveryandtraining.§Assistedtheregionalcentersdevelopandgrowthepracticebyimprovingtheirskillsetofpursuingsales,enhancingrelationships andincreasingfootprints atexistingclients.§EducatedtoimplementOracle’s AdvancedControlsandFinancialRiskCloudapplicationsandtoolsincludingtheOracleAdvancedControlsSuite,ProcessUnity,CaseWareMonitoringproducts,andthetechnologiesandapplications.§Teamedcross-functionallytobuildjoint capabilitiesofdeliveryandsalesofsolutions.OrganizedandledJointtasksforcewithOracleforbuildingthepipeline,pursuingsalesleadsandassistinginthedeliveryofsolutions.§Builtsolution labsforlearninganduse-casedemo.purposes.

§Consultedonapplicationuseoptimizationandbusinessprocessre-engineeringofPeopleSoft&JDEdwardsmodules,andretirementofredundantprocesses.§ReviewedofAs-Isbusinessprocessesinordertostreamlinediverseoperations,identifyefficienciesandsynergiesbetweenoperatingregionsandreduceexpenses.§Consultedonsystemconfigurationalternativesandopportunities forstandardization.§Reformedcurrentbusinessprocessesthatvaryfromdelivered‘best-practices’ inPeopleSoft.Determinegaps,successcriteriaandrecommendations.§Designedintegrationsbetweenvariousmodulesleadinguptofinancialdatagovernanceintegrity.

§DesignedandimplementedGovernance,Risk&Compliance(GRC),IdentityManagementprojects,strategy,planning,coordinating, andconsultingontheanalysisandidentificationofkeyrisks,developmentofbusinessandsystems.§PerformedassessmentofsecurityandcontrolsinERPandsupportingapplicationsandsystemsagainstvariousregulatorycomplianceframeworks.§Designed,built orassessedriskandcontrolsobjectives,designofcontrolsactivities,narratives,flowcharts,testplansandtestingofoperatingeffectiveness.§ConductedPrivacyImpactAssessmentsinsystemsandprocesses.§MappedPrivacyActtoprocesscontrols.§Managedandexceededservicesalesquotaconsistentlythroughout.

§Designedsecuritymanagementbestpractices,controlsinenvironmentmanagement,accessmanagement,accessprovisioning,andsecurityadministrationprocesses.§LeadSecurity&ControlsdesignworkshopsessionsforPeopleSoftandJDEdwardswithfunctional areasSubjectMatterExpertTeamstodetermineorganizationalrolesandfunctions.§DesignedandbuiltSecuritytestingstrategy.§Identifieddataowners,control tableresponsibilities androwlevelsecuritystructure forvariousbusinessunits.§Designedauthenticationandauthorization interfacewithIAMsystemswithintheenterprisecontextforPeopleSoftapplications,HCM,CampusSolutionsandFinancials.§ LeadtheFit/Gapeffortandspecifiedgapresolutions.

NASSER

KHANCAREERTIM

ELINE

4

1986 1987 1992 1998 2000 2005 2007 2009 2009

MBA

ProductManager

SAB,Inc.SalesManagerB2B Sales

Region ofYorkBusinessSystemsAnalyst

PeopleSoftSr.HCMConsultant

DeloitteManagerEnterpriseRisk

OracleAcquiresPeopleSoft

FoundedControlLayersInc.-Business&TechnologyRiskConsultingfirm

DeloitteSr.ManagerEnterpriseRisk

CISA

NamedSecurityProductLead

CommercialManager

MiddleEastNorthAfrica

•February 2009-Current•Founded ControlLayers Inc. in US and Canada.

•A system integration professional services organization providing consulting advicein Technology Risk, GRC, ERM Roadmap and Strategy, and ERP implementation.

• August 2005-February 2009•Deloitte & Touché LLP- Costa Mesa, CA (managed team of 11)

•Senior Manager in Enterprise Applications Integrity Practice-Technology Risk•Lead the Oracle GRC Enablement Initiative Nationally•SME for PeopleSoft Security & Controls

•Deloitte & Touché Ltd.- Toronto, ON (managed teams of max 7)•Manager in Enterprise Applications Integrity Practice-Technology Risk

•Technology Risk Management•PeopleSoft & JD Edwards Security & Controls

• June 2000- August 2005•Oracle Consulting Services-Mississauga, ON

•Principal Consultant in Business Consulting HCM, Financials & Security•PeopleSoft Consulting Services

•Senior HCM Consultant Business •Global Security Product Co-Lead

•December 1998-June 2000•Region of York

•PeopleSoft Business Systems Analyst•Implemented and supported production environments of PeopleSoft HR and Financials

•July 1992-December 1998•Crown Cork & Seal Co., Inc

•Commercial Manager•B2B Sales and marketing at a manufacturing unit for packaging

§ CertifiedInformationSystemsAuditor,ISACA§ CertifiedPeopleSoft Consultant§ CMMI Foundation§ ProjectManagement

MBA Finance&Marketing-1986InstituteofBusiness AdministrationUniversityofKarachi,Pakistan

BBA Marketing-1985InstituteofBusiness AdministrationUniversityofKarachi,Pakistan

Bcomm-Accounting-1982StPatrick’sCollege,Karachi

Memberships:

§ProjectManagement Institute§CanadianManagement Association§ISACA

VolunteerBoards:

§OptionsMississauga§IBAAlumniCanadaChapter

Website

www.controllayers.comEmail:Nasser.Khan@ControlLayers.com

•New York3909 Witmer Road

#395, Niagara Falls, NY 14035(949) 551-6080

•Toronto2133 The Chase

Mississauga, ON L5M 3C8(416) 619-7825