Ismael Roshan Abdullakhan

Summary:

• Initially recruited to set up the Technology & Risk Services offering in Mauritius and to stabilize the Global Incident Management service, responsibilities evolved within 7 months with the company to cover 4 additional activities and develop new services.
• Responsibilities involve jointly defining service strategy with collaborators across hubs, business development, account management, and most importantly, developing professionals of varying levels of maturity through coaching, conscious delegation and mentorship.

Main achievements:

• Technology & Risk Services: Implemented the global vision across the Mauritius hub, achieving 100% growth in the first 12 months of operations, with an expected growth of 300% within the first 18 months of operations. This healthy start established the Mauritius office as a key support to the group on the information risk management topic.
• Global Incident Management: Stabilized 24/7 operations by providing clear direction and mid-term strategy to employees and clients, defining different layers of operations to improve quality and driving the implementation of processes to standardize service delivery.
• Data Privacy Advisory: Recently implemented Data Privacy Advisory services within Mauritius, with a view of establishing the hub as a key player in rolling out the Allianz Privacy Standard across business units.

Summary:

• Acted as the Subject Matter Expert for IT, Information Security and Data Protection risks within the Internal Audit team of the company.
• Main responsibilities included jointly defining an audit plan with the Head of Audit and C-suite based on the organisations ERM framework, conducting audits and providing fit-for-purpose recommendations to the organisation in-line with various regulations and the organisation's objectives.

Main projects:

• Multiple audits with a view of identifying technology and information-related risks, assessing compliance to best-practices and company policies and providing recommendations for remediation.
• Provided advices relating to data governance and data protection as required by the company.
• Assisted the company in maturing up its BCM framework through the review of current strategy and providing targeted recommendations to management, also providing ad-hoc support for implementation as required.
• Provided audit and advisory support during the implementation of a Core Lending System, covering controls around project governance, data migration, testing, and go-live checks.

Summary:

• Leadership responsibilities: Leading project teams, budget planning, coaching and hard-skills development in junior colleagues and mentorship on various methodologies mandated by the company.
• Business development responsibilities: Client management, drafting proposals and identification of organic business opportunities with existing clients.

Areas of expertise:

• Information Risk Management: Led several IT and information security audits in the context of statutory audits and for internal audit clients, assessing effectiveness of IT general controls (ITGCs) and reporting on reliance of application controls and electronic audit evidence.
• Data Protection and Privacy: Pioneered Data Privacy advisory services within EY Mauritius, notably leading gap assessments against MU DPA 2017 and EU GDPR, defining detailed roadmaps to implement a compliant framework and reach the desired maturity level, and setting-up client's Data Privacy function.
• Project Management: Assisted clients through the whole project lifecycle, including the definition of functional and technical system requirements and key controls, support in the selection of appropriate IT solutions and vendors, review of service contracts and identification of project risks based on the organization’s context.