+88 01712 662292

MOHAMMAD SHAHADAT HOSSAIN

Mohammad Shahadat Hossain

OSCP, CSA, CISM, CISA, CRISC, CISSPLPT, CoBIT, CPISI, CITM, ISO27001 LACHFI, CDCP, SCSA Part-1, CCNA, MCP

Head of Information Security Strategy, Grameenphone Ltd.

Adjunct Faculty:

  • University of Dhaka
  • Bangladesh University of Professionals
  • Daffodil International University
  • American International University, Bangladesh

Master Trainer of PMBD:

CEH, CHFI, ITIL, ISO 27001 Lead Auditor, CISA, CISSP, OSCP

Nationality / Passport: Bangladeshi

Languages Known: English, Bangla

CAREER SUMMARY:

Mohammad Shahadat Hossain is a seasoned Banking Security professional with over 17 years of experience in Information Security, specializing in securing digital banking infrastructure, ensuring regulatory compliance, and managing cyber risk in the financial sector. Proven expertise in security governance, threat intelligence, vulnerability management, third-party risk oversight, and incident response.

Adept at aligning security strategies with business goals, conducting security awareness initiatives, and leading audit and compliance programs in line with ISO 27001, PCI DSS, and Bangladesh Bank guidelines. Trusted advisor to senior management, with a track record of enhancing security posture, mitigating financial threats, and fostering a culture of cyber resilience.

CAREER PROFILE:

December 2015 to till, Grameenphone Ltd. as a Principal IT Architect and Incident Response Manager, Information Security.

Responsibilities:

  • Aligning business strategy to Information Security Strategy
  • Ensure the compliance of Security Architecture and guideline of Grameenphone.
  • Prepare and implement policy and procedures pertaining to the framework/ architecture.
  • Implementing Security related Projects
  • Managing and Governing SecOps

February 2015 to November 2015, Eastern Bank Limited as a SAVP and Senior Information Security Analyst.

Responsibilities:

  • Development, implementation, and maintenance of organization-wide information system security plan.
  • PCI-DSS compliance implementation
  • Monitor the process of handling the Information security policy exception.
  • Advise the Head of Risk & Bank Management on IT-related risk issues and recommend appropriate actions in support of the Bank’s larger risk management programs.
  • Ensure related compliance requirements are addressed, e.g., privacy, security and administrative regulations associated with regulatory requirement and law.
  • Ensure implementation of security standards.
  • Ensure implementation of Information Security Governance.
  • Participate in the planning and design of security architecture where appropriate.
  • Conduct Information System Security Assessment for Servers, Database, Network, and applications.
  • Evaluate the IT infrastructure from a Security Perspective and recommend appropriate control improvements.
  • Ensure support of IT Audits information systems, platforms, and operating procedures in accordance with established corporate standards for efficiency, accuracy, and security.
  • Evaluates IT infrastructure in terms of risk to the organization and establishes controls to mitigate loss.
  • Determines and recommends improvements in current risk management controls and implementations of IT system changes and upgrades.
  • Provide IT Training (CBS, CMS, Networking, etc) to all the users of EBL

April 2009 to December 2014, Cowater International Inc, Canada as a National IT Consultant

Responsibilities:

  • Prepare and implement OCAG’s IT strategic plan.
  • Integrate IT-based tools and techniques in OCAG audit methodologies.
  • Introducing IT Audit and Conducting IT Audit in OCAG
  • Developing training courses on IT governance, IS Auditing, IT Systems’ Security, and Controls
  • Planning and Implementation of OCAG Data Network Infrastructure
  • Develop and implement necessary policies and procedures for IT Systems operations and development.
  • Implement OCAG network security and administration of the OCAG WAN

January 2005 to 31 March 2009, Axiata, Bangladesh (ROBI) as a Deputy Manager (IT Operation and Enterprise Information security).

Responsibilities:

  • Alignment of IT Strategic Plan with Enterprise Strategic Plan
  • Implemented ITIL Processes for smooth IT Operation Management
  • Identifying monitor and evaluate KPIs for Performance Measurement of all IT Services
  • Monitored and Measured the Divisional KPIs using IT Balance Score Card
  • Strategic Planning of Organizational Information Security Management
  • IT Risk analysis and treatment as per enterprise strategy
  • Information Security Policy Development, Enforcement, Monitoring and Improvement
  • Implemented Information Security Management System based on ISO 27001

March 2002 to December 2004, Islami Bank Bangladesh Limited as a Network Administrator.

Responsibilities:

  • Administer network workstations, utilizing one or more TCP/IP networking protocols and/or one or more UNIX-based or non-UNIX based operating systems.
  • Evaluate and/or recommend purchases of computers, network hardware, peripheral equipment, and software;
  • Investigate user problems, identify their source, determine possible solutions, test and implement solutions.
  • Install, configure, and maintain personal computers, UNIX Servers, file servers, Ethernet networks, network cabling, and other related equipment, devices, and systems; adds or upgrades and configures modems, disk drives, printers, and related equipment.
  • Perform and/or oversee software and application development, installation, and upgrades.

May 1996 to February 2002, Spectrum Engineering Consortium Ltd as a System Engineer/Sr. System Engineer

Responsibilities:

  • Understanding client’s Requirements and providing cost effective solution for the client
  • Providing support to the client
  • Assembling Clone PCs/Troubleshooting PCs, Printers

Extensive experience of more than 30 years in Information Security, Cloud Security and Information Technology Governance

GOVERNANCE AND STRATEGY:

  • Over 17 years of experience in Information Security with a strong focus on Security Governance.
  • Designed and implemented enterprise-wide security governance frameworks aligned with ISO/IEC 27001, NIST, and COBIT.
  • Developed and enforced security policies, standards, and procedures to ensure compliance and operational consistency.
  • Led risk-based governance practices to support informed decision-making across business and IT functions.
  • Established governance structures for third-party risk management, security operations oversight, and regulatory compliance.
  • Engaged with C-level executives to align security initiatives with business objectives and risk appetite.
  • Introduced security metrics, KPIs, and dashboards for continuous monitoring and reporting of governance performance.
  • Spearheaded security awareness and culture-building programs to promote responsible behavior across the organization.
  • Governed security maturity programs and conducted periodic assessments to drive continuous improvement.
  • Provided strategic direction and oversight for audit readiness, incident response governance, and regulatory interaction.

RISK MANAGEMENT AND MITIGATION:

  • Experience in Information Security with deep specialization in IT and Cyber Risk Management.
  • Designed and implemented enterprise risk management (ERM) frameworks aligned with ISO 31000, NIST RMF, and COBIT.
  • Conducted regular risk assessments, threat modeling, and risk treatment planning across IT, Telco, and business domains.
  • Established risk governance processes, including risk registers, risk appetite definitions, and escalation protocols.
  • Led regulatory compliance risk programs, ensuring alignment with frameworks such as ISO 27001, PCI DSS, GDPR, and local financial regulations (e.g., Bangladesh Bank).
  • Managed third-party and supply chain risks, including onboarding, due diligence, and continuous risk monitoring.
  • Collaborated with cross-functional teams to integrate risk management into project lifecycles, change management, and digital transformation initiatives.
  • Defined key risk indicators (KRIs) and metrics for board-level dashboards and operational performance tracking.
  • Facilitated risk awareness sessions and workshops for executives, business owners, and technical teams.
  • Provided strategic risk advisory to senior leadership for informed decision-making and long-term resilience planning.

PROFESSIONAL CERTIFICATION:

  • Offensive Security Certified Professional (OSCP)
  • Certified SOC Analyst (CSA)
  • MITRE ATT@CK Fundamental Certified
  • SABSA Certified Security Architect
  • Certified Information Security Manager (CISM)
  • Certified Information System Auditor (CISA)
  • Certified in Risk and Information Systems Control (CRISC)
  • Certified Information System Security Professional (CISSP)
  • Licensed Penetration Tester (LPT)
  • CoBIT Certified Individual
  • EXIN Certified Trainer
  • Certified EC-Council Instructor (CEI)
  • Certified Payment Card Industry Security Implementer (CPISI)
  • Certified Information Technology Manager (CITM)
  • IRCA Certified Provisional Auditor (ISO27001)
  • ITIL Foundation Certification
  • Computer Hacking Forensics Investigator (CHFI)
  • Certified Data Center Professional (CDCP)
  • Sun Certified System Administrator (SCSA) Part-1
  • Cisco Certified Network Associates (CCNA)
  • Microsoft Certified Professional (MCP)

KEY STRENGTH:

1. Management and Governance of Information Security and SecOps:

  • Managing and Governing SecOps
  • Information Security Strategy
  • Security Maturity Assessment
  • Managing Security KPI/OPIs
  • Define the requirement and set the objective to achieve the business goal.
  • Establish the IT financial governance to optimize the IT Investment
  • Information Security Awareness

2. Information System Auditing and Risk Management System:

  • PCI-DSS Gap Analysis
  • ISO 27001 Gap Analysis
  • Information Security Policy Development
  • Aligning Technical solution with the Policy
  • Risk Assessment, Treatment and Monitoring
  • Auditing IT Environment
  • Auditing in IT Environment
  • Evaluation of network security health through Penetration Testing

3. System and Networking Technologies:

  • Virtualization
  • Linux and Windows
  • Routing and Switching
  • Wireless

4. Security Tools and Technologies:

  • VA and PT (Nessus Security Center, Kali Linux, Burp Suite)
  • EDR: Carbon Black and CrowdStrike
  • NDR: FireEye, Snort, Steller Cyber
  • Use Case Development
  • Threat Intelligent: MISP
  • SOC Maturity Assessment
  • MITRE ATTACK Framework
  • MITRE ATTACK DEFEND
  • NIST Cyber Security Framework
  • SOC Reporting

EDUCATION:

  1. Post-Graduation in Computer Science
    American International University, Dhaka, Bangladesh (AIUB)
  2. Graduation (Hons.) in Physics
    Shahajalal University of Science and Technology, Sylhet, Bangladesh

About Us

For the focus on powerful enablers such as “Adaptability” and “Transformability” we have hand picked our team, full of subject matter experts from various walks of life; however their objective is not really to share what they know but to understand fully what is actually needed, and then, devise methods to genuinely fulfil it

With our collective mindset that is Progressive, Customer centric and with an unstinting zeal to Outperform it is certain that we can create ‘true value’ for our Partners, Customers and Benefactors.

Contact Us

Facebook Linkedin Behance

Create your account