Nasser Khan is a seasoned leader with over 21 years of experience in professional services and industry. He specializes in governance, risk, and compliance (GRC) and has extensive experience implementing GRC systems and managing audit operations. Nasser has led business-critical implementations and risk assessments. He is skilled in application and infrastructure security, controls, and regulatory compliance.
2. NASSER’S BRAND AND PROFILE
Brand
Nasser is a seasoned leader and a growth visionary supporting senior executive leadership in taking the companies to the next level of
enhancing profitability by managing enterprise risk.
Nasser Khan’s experience, skills, training and background brings a unique perspective to enterprise growth efforts. No matter what the
economic times are, Nasser Khan is able to add value with his deep and broad experience. Some of the elements that build Nasser’s brand
are: Client-Centric
1. Governance, Risk & Compliance (GRC) Professional
2. ERP Application Security and Controls
3. Business Systems & Process Transformation
4. Information Systems Auditor
Service
5. MBA …
Philosophy
6. Deep Multi-Industry Experience
7. Build Knowledge Networks
8. Educator & Trusted Adviser Integrity Excellence
Profile
•Over twenty one years of combined industry and •A proven track record in business development and client
professional services experience including Leadership, management involving all levels of executives belonging to
Operations, Management, Audit, Security & Controls Fortune 100 organizations.
Implementation. Business consulting experience spans •GRC experience encompasses implementing GRC systems,
across industries with clients in Education, Financial Services, performing and managing audit operations, User Access
Energy, Manufacturing, Healthcare, and Public Sectors. Management, Security in PeopleSoft and other ERP systems,
•Led business-critical implementations and performed risk Enterprise Risk Management and Identity Management.
management assessments within the information systems •Led the Application Integrity Center of Excellence, focused
functions. Key focus areas have been Application & on Oracle ERP packages offered by Deloitte nationally
Infrastructure Security, Controls, Privacy and Compliance •Delivered presentations at several conventions held in the
with COSO, COBIT (ITGC), SOX, Privacy Act, and MFIPPA U.S., Canada and Europe covering topics relating to I.T Audit,
regulations. Areas of expertise extend to Governance, Risk, GRC, and Security
& Compliance (GRC) tools where he utilizes best practices in
Audit Approach & Implementation Methodology
Nasser Khan’s Pitchbook
4. ACHIEVEMENTS AND CAPABILITIES
GRC Practice Development Technology Risk Advisory
Built Oracle GRC capabilities across the US, by driving key Designed and implemented Governance, Risk & Compliance
enablement initiatives including growth, delivery and (GRC), Identity Management projects, strategy, planning,
training. coordinating, and consulting on the analysis and
Assisted the regional centers develop and grow the practice identification of key risks, development of business and
by improving their skill set of pursuing sales, enhancing systems.
relationships and increasing footprints at existing clients. Performed assessment of security and controls in ERP and
Educated to implement Oracle’s GRC applications and tools supporting applications and systems against various
including the Oracle GRC Controls Suite, Oracle GRC regulatory compliance frameworks.
Manager and Oracle GRC Intelligence products, and the Designed, built or assessed risk and controls objectives,
technologies of Oracle GRC applications. design of controls activities, narratives, flowcharts, test
Teamed cross-functionally to build joint capabilities of plans and testing of operating effectiveness.
delivery and sales of solutions. Joint tasks included building Conducted Privacy Impact Assessments in systems and
the pipeline, pursuing sales leads and assisting in the processes.
delivery of solutions.
Spearheaded the initiatives to build solutions labs for
Businessand use-case demo purposes.
learning Process Transformation Application Security & Controls
Consulted on application use optimization and business Designed security management best practices, controls in
process re-engineering of PeopleSoft modules, and environment management, access management, access
decommissioning of redundant processes and sub- provisioning, and security administration processes.
processes. Lead Security & Control build workshop sessions for
Reviewed of As-Is payroll processes in order to streamline PeopleSoft and JD Edwards with functional areas Subject
diverse operations, identify efficiencies and synergies Matter Expert Teams to determine organizational roles and
between operating regions and reduce expenses. functions.
Consulted on system configuration alternatives and Designed and built Security testing strategy.
opportunities for standardization. Identified data owners, control table responsibilities and
Reformed current business processes that vary from row level security structure for various business units.
delivered ‘best-practices’ in PeopleSoft. Determine gaps, Designed authentication interface within the enterprise
success criteria and recommendations. context for PeopleSoft applications, HCM and Financials.
Lead the Fit/Gap effort and specified gap resolutions.
Nasser Khan’s Pitchbook
5. ERP IMPLEMENTATIONS AND I.T. AUDIT
PeopleSoft Work Highlights
Application supports role based in I.T. supporting HRMS, Benefits, Payroll, GL, A/P, P/O and AR modules as a business analyst
Frequently applied minor upgrades working with data models of configuration and transaction tables
Worked with Data Mover, App Engine, Component Interface and other integration tools
Deep understanding of security implications , control capabilities and sensitivity of configuration and transaction tables in
PeopleSoft HCM and Financials 7.0 to 9.0
Designed, implemented and configured HCM modules
I.T Audit and Controls Work
Assessed PeopleSoft for security and controls design
Assessed PeopleSoft implementations for optimization of use
Assessed PeopleSoft implementations of quality of project management, governance, security and controls
Several SOD analysis and redesigns
I.T. A
Built own SOD tool for PeopleSoft HCM, Financials and JD Edwards
Conducted system compliance audits for compliance with Municipal Freedom of Information and Privacy Act (Privacy Act)
Mapped statutes and sections in regulations to data elements and controls activities in PeopleSoft and Infrastructure
environment to demonstrate how and where the control is compliance.
Taught Auditing I.T function on behalf of IIA
Participated in design course for auditing PeopleSoft on behalf of IIA
Nasser Khan’s Pitchbook
7. CAREER TIMELINE
Career progression
PeopleSoft Formed
Sr. HCM Nasrhuma Inc.
Crown Cork Consultant Oracle
Commercial
Acquires
MBA Manager
PeopleSoft
CISA
Manufacturing
1986 1987 1992 1998 2000 2005 2007 2008 2009
Agfa
Region of York Named Deloitte
Product
PeopleSoft BSA Security Manager
Manager
Product Enterprise Risk
SAB, Inc.
Lead Deloitte
Sales Manager
B2B Sales Sr. Manager
Enterprise Risk
Nasser Khan’s Pitchbook 7
8. EMPLOYMENT
Employers and Positions
•February 2009-Current
•Formed Nasrhuma Inc. in US and Canada.
•A system integration professional services organization providing consulting advice
in Technology Risk, GRC, ERP Roadmap and Strategy, and ERP implementation.
• August 2005-February 2009
•Deloitte & Touché LLP- Costa Mesa, CA (managed team of max 11)
•Senior Manager in Enterprise Applications Integrity Practice-Technology Risk
•Lead the Oracle GRC Enablement Initiative Nationally
•SME for PeopleSoft Security & Controls
•Deloitte & Touché Ltd.- Toronto, ON (managed teams of max 7)
•Manager in Enterprise Applications Integrity Practice-Technology Risk
•Technology Risk Management
•PeopleSoft & JD Edwards Security & Controls
• June 2000- August 2005
•Oracle Consulting Services-Mississauga, ON
•Principal Consultant in Business Consulting HCM, Financials & Security
•PeopleSoft Consulting Services
•Senior HCM Consultant Business
•Global Security Product Co-Lead
•December 1998-June 2000
Nasser Khan’s Pitchbook
•Region of York
•PeopleSoft Business Systems Analyst
•Implemented and supported production environments of PeopleSoft HR
and Financials
•July 1992-December 1998
•Crown Cork & Seal Co., Inc
•Commercial Manager
•B2B Sales and marketing at a manufacturing unit for packaging
9. QUALIFICATIONS
Education & Certification
Certified Information Systems Auditor, ISACA, USA
Certified PeopleSoft Consultant
MBA Finance & Marketing-1986
Institute of Business Administration
University of Karachi, Pakistan
BBA Marketing-1985
Institute of Business Administration
University of Karachi, Pakistan
Bcomm-Accounting-1982
St Patrick’s College, Karachi
Memberships:
Project Management Institute
Canadian Management Association
ISACA
ISC2 • 15333 Culver Drive, Suite
The Indus Entrepreneurs, TiE Irvine 340 # 586, Irvine, CA 92604
• (949) 551-6080
Website
• Russell View Rd.
http://nasserkhan.com
Toronto Mississauga, ON L5M 5V8
(647) 829-6850
Email: NasserKhan@Nasrhuma.com
Nasser Khan’s Pitchbook