Nasser's Pitchbook 11192015
Published on: Mar 3, 2016
Transcripts - Nasser's Pitchbook 11192015
NASSER’S BRAND AND PROFILE
Nasser is a seasoned leader and a growth visionary supporting senior executive leadership in taking the
companies to the next level of enhancing profitability by managing enterprise risk.
Nasser Khan’s experience, skills, training and background brings a unique perspective to enterprise efforts to
transform and evolve. No matter what the economic times are, Nasser is able to add value with his deep and
broad experience. Some of the elements that build Nasser’s brand are:
1.Governance, Risk & Compliance (GRC) Professional
2.ERP Application Security and Controls
3.Business Systems & Process Transformation
4.Information Systems Auditor -CISA
5.MBA in Finance
6.Deep Multi-Industry Experience
7.Builds Practices and Knowledge Networks
8.Educator & Trusted Advisor
•Over twenty five years of combined industry and
professional services experience including Leadership,
Operations, Management, Audit, Security & Controls
Implementation. Business consulting experience spans
across industries with clients in Education, Financial
Services, Energy, Manufacturing, Healthcare, and Public
•Led business-critical implementations and performed risk
management assessments within the information systems
functions. Key focus areas have been Application &
Infrastructure Security, Controls, Privacy and Compliance
with COSO, COBIT (ITGC), SOX, Privacy Act, and HIPAA
regulations. Areas of expertise extend to Governance, Risk,
& Compliance (GRC) tools where he utilizes best practices in
Audit Approach & Implementation Methodology
•A proven track record in business development and client
management involving all levels of executives belonging to
Fortune 100 organizations.
•GRC experience encompasses implementing GRC systems,
performing and managing audit operations, User Access
Management, Security in PeopleSoft and other ERP
systems, Enterprise Risk Management and Identity
•Led the Center of Excellence at Big 4 focused on Oracle
ERP packages offered in North America
•Presented at several conventions held in the U.S., Canada
and Europe covering topics relating to I.T Audit, GRC, and
§Ran Deloitte’s Center of Excellence and built Oracle Advanced Controls
capabilities across North America by driving key enablement initiatives
including sales, delivery and training.
§Assisted the regional centers develop and grow the practice by
improving their skill set of pursuing sales, enhancing relationships and
increasing footprints at existing clients.
§Educated to implement Oracle’s Advanced Controls and Financial Risk
Cloud applications and tools including the Oracle Advanced Controls
Suite, ProcessUnity, CaseWare Monitoring products, and the
technologies and applications.
§Teamed cross-functionally to build joint capabilities of delivery and
sales of solutions. Organized and led Joint tasks force with Oracle for
building the pipeline, pursuing sales leads and assisting in the delivery of
§Built solution labs for learning and use-case demo. purposes.
§Consulted on application use optimization and business
process re-engineering of PeopleSoft & JD Edwards
modules, and retirement of redundant processes.
§Reviewed of As-Is business processes in order to
streamline diverse operations, identify efficiencies and
synergies between operating regions and reduce expenses.
§Consulted on system configuration alternatives and
opportunities for standardization.
§Reformed current business processes that vary from
delivered ‘best-practices’ in PeopleSoft. Determine gaps,
success criteria and recommendations.
§Designed integrations between various modules leading
up to financial data governance integrity.
§Designed and implemented Governance, Risk & Compliance (GRC), Identity
Management projects, strategy, planning, coordinating, and consulting on the
analysis and identification of key risks, development of business and systems.
§Performed assessment of security and controls in ERP and supporting
applications and systems against various regulatory compliance frameworks.
§Designed, built or assessed risk and controls objectives, design of controls
activities, narratives, flowcharts, test plans and testing of operating
§Conducted Privacy Impact Assessments in systems and processes.
§Mapped Privacy Act to process controls.
§Managed and exceeded service sales quota consistently throughout.
§Designed security management best practices, controls in
environment management, access management, access
provisioning, and security administration processes.
§Lead Security & Controls design workshop sessions for
PeopleSoft and JD Edwards with functional areas Subject
Matter Expert Teams to determine organizational roles and
§Designed and built Security testing strategy.
§Identified data owners, control table responsibilities and
row level security structure for various business units.
§Designed authentication and authorization interface with
IAM systems within the enterprise context for PeopleSoft
applications, HCM, Campus Solutions and Financials.
§Lead the Fit/Gap effort and specified gap resolutions.
1986 1987 1992 1998 2000 2005 2007 2009 2009
Region of York
Inc. -Business &
Middle East North
•Founded ControlLayers Inc. in US and Canada.
•A system integration professional services organization providing consulting advice
in Technology Risk, GRC, ERM Roadmap and Strategy, and ERP implementation.
• August 2005-February 2009
•Deloitte & Touché LLP- Costa Mesa, CA (managed team of 11)
•Senior Manager in Enterprise Applications Integrity Practice-Technology Risk
•Lead the Oracle GRC Enablement Initiative Nationally
•SME for PeopleSoft Security & Controls
•Deloitte & Touché Ltd.- Toronto, ON (managed teams of max 7)
•Manager in Enterprise Applications Integrity Practice-Technology Risk
•Technology Risk Management
•PeopleSoft & JD Edwards Security & Controls
• June 2000- August 2005
•Oracle Consulting Services-Mississauga, ON
•Principal Consultant in Business Consulting HCM, Financials & Security
•PeopleSoft Consulting Services
•Senior HCM Consultant Business
•Global Security Product Co-Lead
•December 1998-June 2000
•Region of York
•PeopleSoft Business Systems Analyst
•Implemented and supported production environments of PeopleSoft HR
•July 1992-December 1998
•Crown Cork & Seal Co., Inc
•B2B Sales and marketing at a manufacturing unit for packaging
§ Certified Information Systems Auditor, ISACA
§ Certified PeopleSoft Consultant
§ CMMI Foundation
§ Project Management
MBA Finance & Marketing-1986
Institute of Business Administration
University of Karachi, Pakistan
Institute of Business Administration
University of Karachi, Pakistan
St Patrick’s College, Karachi
§Project Management Institute
§Canadian Management Association
§IBA Alumni Canada Chapter
3909 Witmer Road
#395, Niagara Falls, NY 14035
2133 The Chase
Mississauga, ON L5M 3C8