Summary
Overview
Work History
Education
Skills
Affiliations
Websites
Certification
References
Timeline
Generic

Iftekhar Alam (Zamie)

Brisbane,Australia

Summary

Seasoned information security leader with over 18 years of experience across finance, healthcare, and government sectors. I hold CISSP, CCSP, and CRISC certifications, as well as an RSA CISO Boot Camp certification. I am currently pursuing an MBA to develop my leadership skills further. Expertise in GRC, risk management, cloud security, security operations, security architecture, and stakeholder management, with a strong track record in project and team management. Founding vice president of the ISC2 Queensland Chapter, actively engaging in industry conferences to promote cybersecurity awareness.

Overview

19
19
years of professional experience
1
1
Certification

Work History

VCISO

Independent Contractor
05.2025 - Current
  • Facilitated Virtual Chief Information Security Officer (vCISO) services to bolster organizational cybersecurity.
  • Applied GRC frameworks, including ISO and NIST, to ensure compliance and risk mitigation.
  • Led incident management efforts, cybersecurity awareness initiatives, and simulation exercises.
  • Performed internal and external audits to evaluate security measures and compliance levels.
  • Developed gap assessments and compliance processes for ISO27001, CPS234, and SOCI standards.
  • Established effective policies and procedures to enhance security protocols.
  • Strengthened overall cybersecurity posture through strategy development and project implementation.
  • Advised on best practices for implementing DevSecOps and security architecture reviews.

ICT SECURITY COORDINATOR / LEAD (VCISO)

CITY OF MORETON BAY
08.2023 - 05.2025
  • Led the council's Cyber Security and Information Security program, achieving key security objectives..
  • Managed implementation of ASD’s Essential Eight and ISO 27001:2022 across the council.
  • Conducted risk assessments for third-party digital products and managed cyber assurance programs.
  • Developed and mentored team members to enhance capabilities in cybersecurity.
  • Oversaw real-time monitoring and response using security tools for secure ICT services.
  • Actively monitored security threats, providing technical advice to management.
  • Promoted security awareness within Technology Services and engaged stakeholders on ICT matters.
  • Contributed to the preparation of ICT security budgets and strategic roadmaps.

IT Risk Advisory Manager/ Risk SPECIALIST

Heritage Bank Ltd
04.2022 - 07.2023
  • Conduct and manage comprehensive IT risk assessments across applications, infrastructure, and cloud environments to identify control gaps, vulnerabilities, and non-compliance with regulatory requirements.
  • Design and implement IT risk management strategies, policies, and frameworks aligned with enterprise risk management (ERM), ISO 31000, COBIT, and NIST standards.
  • Collaborate with IT, EMO, Risk, and other business departments to identify, assess, report, and monitor operational risks.
  • Monitor and ensure IT compliance with regulatory and industry standards such as ISO 27001, PCI-DSS, SOX, APRA CPS 234, GDPR, and others as applicable.
  • Collaborate with executive leadership, business units, and IT stakeholders to align risk management initiatives with organisational objectives and priorities.
  • Provide expert advice on cybersecurity risks, incident response readiness, and implementation of controls in alignment with the threat landscape and organisational risk appetite.
  • Evaluate and monitor risks associated with third-party vendors, including conducting security assessments and supporting contract reviews for risk clauses.
  • Assist internal and external audit teams in IT audits, including scoping, documentation review, and remediation planning for audit findings.
  • Oversee the tracking and remediation of risk issues, audit findings, and incidents, ensuring timely closure and appropriate escalation where required.
  • Lead and mentor a team of risk and cybersecurity professionals, guiding best practices, development plans, and project delivery expectations.
  • Provide risk and control advice for digital and cloud transformation projects, ensuring secure architecture and appropriate risk treatment strategies are embedded early.
  • Promote a risk-aware culture across the organisation through training, workshops, and communications on IT risk, cybersecurity, and compliance obligations.
  • Oversee incident response activities, investigate security incidents, and coordinate remediation efforts.
  • Stay updated on the latest security threats, vulnerabilities, and industry best practices to address emerging risks proactively.
  • Provide security awareness training to employees and promote a security culture throughout the organisation.

Engineering LEAD (Cyber Security and product)

Telstra Corporation Ltd
03.2021 - 03.2022
  • Deploy, integrate, and support Cyber Security-related products.
  • Conducting Risk assessment.
  • Assisting with the Audit.
  • Led a team of IT security professionals in implementing and managing robust security controls, including firewalls, intrusion detection systems, and access controls.
  • Provide Security Solution design to Telstra partners.
  • Implement network-related products, such as Cisco SDWAN, VeloCloud SDWAN, and Prisma.
  • Ensure compliance and assurance for Cybersecurity products and SD-WAN products.
  • Collaborate on resiliency, disaster recovery/business continuity planning (DR/BCP), and governance, risk, and compliance (GRC) related to SD-WAN products.
  • Work with senior stakeholders and mentor graduates.
  • Conduct risk assessments and vulnerability scans to identify threats and develop appropriate countermeasures.
  • Oversee incident response activities, investigate security incidents, and coordinate remediation efforts.

Enterprise Platform SPECIALIST/Application Security specialist

QSuper /ART
04.2019 - 01.2021
  • Key Responsibilities - Application Security, Leadership, Risk Assessment, Assisting with Audit, Vulnerability management, DevSecOps.

Product SPECIALIST

Verisk Analytics
07.2018 - 02.2019
  • Key Responsibilities - Product Security, Application Security, Leadership, Risk Assessment, Vulnerability management, DevSecOps.

DevOps / DevSecOps

MasterCard
06.2017 - 06.2018
  • Key Responsibilities – Application and system Security, Leadership, Risk Assessment, Vulnerability management, Firewall, IPS, IDS, and Project management.

System ADMINISTRATOR

Auto & General Insurance Ltd
04.2016 - 06.2017
  • Key Responsibilities – Infrastructure and system Security, Leadership, Risk Assessment, Vulnerability management, Firewall, IPS, IDS, and Project management.

IT Services Officer

Sonic Healthcare LTD
03.2012 - 11.2015
  • Key Responsibilities – Infrastructure, System and network Security, Leadership, Risk Assessment, Vulnerability management, Firewall, IPS, IDS, Project management.

Computer Systems Officer

CAA, QLD Government
09.2011 - 02.2012
  • Key Responsibilities – Infrastructure, System and application support, including coordinating with the security team for incident management and vulnerability remediation tasks.

Technical Service CONSULTANT

Melbourne IT LTD
04.2008 - 09.2011
  • Key Responsibilities – Infrastructure, System and application support, including coordinating with the security team for incident management and vulnerability remediation tasks.

IT Security ASSISTANT

ICT of USQ
02.2007 - 12.2007
  • Key Responsibilities – Pen testing, Vulnerability management, reporting, and stakeholder management.

Education

Master of Business Administration (MBA) -

Charles Sturt University
Wagga Wagga, NSW
06.2026

Graduate Certificate in Business Administration - Computing

Charles Sturt University
Wagga Wagga, NSW
08.2024

Advanced Certificate in Leadership & Management - Management

London School of Business Administration
UK
04-2024

Bachelor of Information Technology -

The University of Southern Queensland
Toowoomba, QLD
04.2008

Skills

  • Risk management
  • Audit and GRC
  • ISO 27001
  • NIST
  • ASD 8
  • PSPF
  • ISM
  • CPS234
  • AI
  • Knowledge of IRAP assessment and requirements
  • Team management
  • Mentoring
  • Stakeholder management
  • Project management
  • Policy and procedure
  • Aws
  • Azure
  • Vulnerability Management
  • Facilitating Pen Testing
  • Defining the scope
  • Security Awareness training
  • Security architecture
  • Strategy and planning
  • Third-party risk management
  • Cloud Security
  • Board Reporting
  • Security Operation
  • Presentation
  • Incident Response
  • DevSecOps
  • Team building
  • Team and people management
  • DFIR
  • Public speaking
  • Business Analysis
  • Cybersecurity management
  • Technical leadership
  • Stakeholder engagement
  • Security training
  • Policy development
  • Supervision and leadership
  • Decision-making
  • Leadership
  • Risk assessment
  • Incident response

Affiliations

  • Member of the Australian Information Security Association (AISA)
  • Member of ISC2
  • Member of ISACA
  • Official Mentor of AWSN
  • Industry Mentor for Charles Sturt University (CSU)

Websites

Certification

  • Certified Information Systems Security Professional (CISSP), Achieved
  • Certified Cloud Security Professional (CCSP), Achieved
  • Certification in Risk and Information Systems Control (CRISC), Achieved
  • RSA CISO Boot Camp (2024), Achieved
  • Certified Information Security Manager (CISM), Pursuing (Completed Course and Training via ISACA)
  • Project Management Professional (PMP), Pursuing (Completed Course and Training via MBA degree)
  • ISO 27001 Lead Implementer, Pursuing (Completed Course and Training via Udemy)
  • Prince 2 Professional Certification, Pursuing (Completed Course and Training via Udemy)
  • Certified Information Security Auditor (CISA), Pursuing (Completed Course and Training via ISACA)
  • Microsoft Certified: Azure Fundamentals, Achieved
  • AWS Cloud practitioner, Achieved
  • AWS Security Specialty, Pursuing
  • SABSA Foundation Certification, Pursuing

References

Available upon request.

Timeline

VCISO

Independent Contractor
05.2025 - Current

ICT SECURITY COORDINATOR / LEAD (VCISO)

CITY OF MORETON BAY
08.2023 - 05.2025

IT Risk Advisory Manager/ Risk SPECIALIST

Heritage Bank Ltd
04.2022 - 07.2023

Engineering LEAD (Cyber Security and product)

Telstra Corporation Ltd
03.2021 - 03.2022

Enterprise Platform SPECIALIST/Application Security specialist

QSuper /ART
04.2019 - 01.2021

Product SPECIALIST

Verisk Analytics
07.2018 - 02.2019

DevOps / DevSecOps

MasterCard
06.2017 - 06.2018

System ADMINISTRATOR

Auto & General Insurance Ltd
04.2016 - 06.2017

IT Services Officer

Sonic Healthcare LTD
03.2012 - 11.2015

Computer Systems Officer

CAA, QLD Government
09.2011 - 02.2012

Technical Service CONSULTANT

Melbourne IT LTD
04.2008 - 09.2011

IT Security ASSISTANT

ICT of USQ
02.2007 - 12.2007

Master of Business Administration (MBA) -

Charles Sturt University

Graduate Certificate in Business Administration - Computing

Charles Sturt University

Advanced Certificate in Leadership & Management - Management

London School of Business Administration

Bachelor of Information Technology -

The University of Southern Queensland
Iftekhar Alam (Zamie)