Summary
Overview
Work History
Education
Skills
Certification
References
Timeline
Generic
Muhammad Aliff

Muhammad Aliff

Data Security Analyst
Kuala Lumpur

Summary


Diligent Cybersecurity engineer with strong foundation in safeguarding sensitive data and fortifying network defenses. Proven track record of implementing security protocols and responding to cyber threats effectively. Demonstrated proficiency in risk assessment and vulnerability management.

Overview

9
9
years of professional experience
2
2
Certifications
2
2
Languages

Work History

Data Security Analyst

Kenanga Investment Bank Berhad
07.2024 - Current
  • Installation, configuration, and maintenance of data-related security systems, such as Data Leakage Prevention (DLP) and Database Activity Monitoring (DAM) Systems.
  • Ensure compliance with internal and external policies related to data security.
  • Identifies and manages potential security risks and governance issues, and develops remediation/treatment action plans to nullify the risk or mitigate the risk to an acceptable level.
  • Identify new data sources and work with the corresponding team to make them available for data security controls.
  • Improve information security documentation, and develop a set of best practices for the data protection programme.
  • Contribute to the preparation of reports to various management committees.
  • Research and evaluate new solutions to provide recommendations, keeping the company’s systems up to date with current threats and trends.
  • Manages SLA and contract renewals with solution vendors.
  • Identified critical vulnerabilities in existing systems, recommending and executing appropriate remediation measures.
  • Enhanced data security by implementing robust encryption methods and access control systems.
  • Managed software patching schedules to ensure timely updates that protected against known vulnerabilities without disrupting business operations.
  • Reduced potential data breaches by conducting regular vulnerability assessments and penetration testing.

IT Security Engineer

Credit Guarantee Corporation
11.2021 - 06.2024
  • Performed user ID management tasks (creation, modification, and termination) for all application systems in the organization.
  • Reviewed User Access Controls for all application systems in the organization on a periodic basis.
  • Managed and monitored security devices deployed in the organization, including the firewall.
  • Performed Vulnerability Assessment (VA) activities on a periodic basis.
  • Coordinate penetration testing initiatives performed by the vendor on a periodic basis.
  • Coordinated and assisted in audit activities conducted by internal and external auditors.
  • Reviewed security parameter settings and configuration for all servers and databases on a periodic basis.
  • Assisted in IT initiatives, as well as coordinating and implementing any IT security projects.
  • Prepared monthly reporting on security for user ID management, and managed security devices.
  • Monitored, reported, and resolved any security incident highlighted.
  • Maintained IT security policies and procedures.
  • Provide security awareness to all staff on a periodic basis.
  • Ensure the security environment complies with the chosen standard (ISO 27001, RMIT, CIS, and NIST).
  • Managed security incidents and events to protect IT assets, including intellectual property, client data, and company reputation.
  • Conducted phishing simulation campaign every month to ensure all staff are aware of phishing activity.
  • Improved incident response capabilities with the development and implementation of a comprehensive Incident Response Plan.
  • Led regular tabletop exercises simulating various cyberattack scenarios, improving preparedness across teams.
  • Reduced risk of cyberattacks by conducting regular vulnerability assessments and penetration tests.
  • Provided training sessions on cybersecurity awareness, fostering a culture of vigilance among employees.
  • Reviewed third-party vendor security policies, ensuring alignment with organizational standards before entering partnerships or contracts.
  • Strengthened IT security infrastructure by implementing advanced threat detection and prevention measures.
  • Coordinated with third-party security information and event management (SIEM) providers to maintain protections and predict threats.
  • Authored security and vulnerability reports, detailing logged incursions and suggesting remediation efforts.
  • Liaised with third parties to respond to security events and understand threat landscape.

Service Delivery Engineer

Hitachi Sunway Information Systems
01.2019 - 10.2021
  • Improved customer satisfaction with timely and effective communication during service outages.
  • Implemented robust change management procedures that minimized disruption to clients during system upgrades or migrations.
  • Generated reports on the condition of healthy virtual machines in VMware vSphere (cloud computing virtualization platform), and troubleshot any failures of their unresponsive operations.
  • Reduced response time for client issues through proactive monitoring and prompt resolution of incidents.
  • Performed backup, restore, and tape infrastructure of essential information for the network monitoring tool, SQL database, email server, and file server in Veeam Backup and Replication software.
  • Engaged in the installation and updating of operating systems and basic software installation on PCs.
  • Diagnosed and resolved any software/hardware problems and conflicts due to failures in the operating system.
  • Generated tickets with serial numbers and Service Level Agreement (SLA) for any changes/improvement done on the operation systems, as a record between service providers and clients.
  • Prepared preventive maintenance report to record CPU, disk, memory, and network usage for monthly, quarterly, and yearly periods.
  • Troubleshoot any errors or abnormalities in Dell EMC and HP Enterprise servers, such as higher usage of power input and output, with proper countermeasures.
  • Installed Trend Micro Apex One Antivirus across all Sunway Group systems using TeamViewer to address slow PC operation and blue screen of death (BSOD) issues.

Management Trainee

Export Import Bank Berhad Malaysia
05.2017 - 10.2018
  • Gained knowledge of company policies, protocols and processes.
  • Reviewed and analyzed security logs to prevent any unauthorized access, unbreakable for
    unauthorized entities and no abnormalities in network once operation.
  • Assisted supervisors in setting clear goals, establishing priorities, and monitoring progress to ensure successful completion of tasks.
  • Prepared intranet bulletin regarding IT security issues of Phishing, Ransomware, Password
    Management, Safe Internet Browsing, Social Engineering, Protect Data and Devices.
  • Documented Guideline on Management of IT Environment (GPIS 1) to ensure the system is aligned
    with Bank Negara.
  • Performed user ID Management tasks (creation, modification & termination) for all application
    systems in organization.
  • Performing User Access Matrix for all application systems in the organization on periodic basis

Young Executive Scheme

UEM Group Berhad
02.2016 - 02.2017
  • Established long-term client relationships through consistent delivery of high-quality products and services.
  • Providing technical support to all staff within UEM Group Berhad.
  • Involving new technology engagement with the vendor.
  • Assisting supervisor in daily tasks and job scope.
  • Identified trends and assessed opportunities to improve processes and execution.

Education

Master of Science - Information Managament

Universiti Teknologi MARA

Bachelor of Science - Information System Managament

Universiti Teknologi MARA

Skills

Controls and frameworks

undefined

Certification

CompTIA Cybersecurity Analyst (CySA+) certified

References

Sharul Izad Bin Zainal Abidin

Lead, Information Security, Risk & Compliance

Credit Guarantee Corporation Malaysia Berhad

Sharulizad.za@cgc.com.my

013-3765993

Timeline

Data Security Analyst

Kenanga Investment Bank Berhad
07.2024 - Current

IT Security Engineer

Credit Guarantee Corporation
11.2021 - 06.2024

Service Delivery Engineer

Hitachi Sunway Information Systems
01.2019 - 10.2021

Management Trainee

Export Import Bank Berhad Malaysia
05.2017 - 10.2018

Young Executive Scheme

UEM Group Berhad
02.2016 - 02.2017

Master of Science - Information Managament

Universiti Teknologi MARA

Bachelor of Science - Information System Managament

Universiti Teknologi MARA
Muhammad AliffData Security Analyst