TARIQ MAHMOOD
MBA, CISA, CISM, CGEIT, CRISC, CRMA, MBCI
| Senior IT Audit Executive | Chief Information Security Officer | IT Governance Leader |
November 9, 1960 – 2022
PROFESSIONAL SUMMARY
A distinguished IT Audit and Information Security professional with 40 years of exemplary service across Pakistan, Kuwait, and the Middle East. Throughout his career, Tariq Mahmood served over 150 organizations, building robust IT governance frameworks and security programs for some of the region’s most significant enterprises. His tenure included 18 years with Big Four professional services firms (KPMG and Deloitte) and Systems Ltd., where he established himself as a trusted advisor to major financial institutions, petroleum corporations, and multinational companies.
His legacy includes pioneering IT audit practices in the region, training hundreds of auditors, and serving as a respected faculty member at the Institute of Business Administration (IBA) Karachi for 16 years. He was known for his exceptional presentation skills, his commitment to continuous professional development, and his ability to build and motivate high-performing teams.
PROFESSIONAL CERTIFICATIONS
- CISA – Certified Information Systems Auditor (ISACA, 2004)
- CISM – Certified Information Security Manager (ISACA, 2008)
- CGEIT – Certified in the Governance of Enterprise IT (ISACA, 2008)
- CRISC – Certified in Risk and Information Systems Control (ISACA, 2010)
- CRMA – Certification in Risk Management Assurance
- MBCI – Member of the Business Continuity Institute
- ISO 27001-2 – IRCA Certified Internal Auditor (95% marks, Excellent rating)
- ISO 27001-2 – Certified Implementer
- ISO 22301 / BS 25999 – Certified Implementer, Business Continuity Management Systems
CAREER HISTORY
ALNAFI.COM
CEO & Founder | September 2021 – 2022
- Founded an online education platform focused on professional IT certifications
- Delivered training programs for CISA, CISM, CGEIT, CRISC, and related certifications
- Extended his lifelong commitment to education and professional development
KUWAIT PETROLEUM CORPORATION (KPC)
Lead IT Auditor | October 2008 – November 2020 (12 years)
Kuwait Petroleum Corporation is a US $75+ billion conglomerate employing 25,000 professionals across 10 subsidiary companies in Kuwait’s oil sector.
- Led comprehensive IT audit programs across KPC and all 10 subsidiaries, conducting 30+ audits annually
- Directed a six-member IT audit team covering governance, security, business continuity, and risk management
- Developed and maintained audit programs utilizing COBIT, ISO 38500, ISO 27001, ISO 22301, and ITIL frameworks
- Conducted pre-audit assessments for major IT investments across the corporation
- Presented findings to senior management and the Audit Committee
- Coordinated with external auditors on outsourced and co-sourced audit engagements
- Implemented risk assessment methodologies and audit planning using TeamMate
CENTRAL DEPOSITORY COMPANY OF PAKISTAN LTD (CDC)
Chief Information Security Officer (CISO) | October 2006 – September 2008 (2 years)
CDC is the largest depository company in Pakistan, maintaining records for all stock exchange transactions nationwide.
- Led the ISO 27001-2 Information Security Management System (ISMS) implementation and certification
- Developed and implemented enterprise-wide IT security policies, procedures, and guidelines
- Established the Security Incident Management System (SIMS) including forensics capabilities
- Conducted vulnerability assessments and penetration testing across all IT infrastructure
- Implemented the Business Continuity Management (BCM) program conforming to BCI and BS 25999 standards
- Led the Security Management Group (SMG) and reported to the Audit Committee and SECP regulators
- Managed application security for the core CDS system accessed by thousands of users worldwide
DELOITTE – M. YOUSUF ADIL SALEEM & CO.
Senior Manager, IT Audit & Consultancy | February 2003 – September 2006 (3 years 8 months)
- Delivered IT audit, IT security, and consultancy services to major clients across Pakistan and the Middle East
- Conducted statutory IT audits using Deloitte’s proprietary methodologies and AS/2 audit system
- Led ERP implementation projects using Oracle Financials and Deloitte’s AIM methodology
SAUDI PAK COMMERCIAL BANK / SAUDI PAK LEASING COMPANY
Executive Vice President / Head of IT | May 2000 – February 2003 (3 years)
- Led the IT division overseeing all technology operations for the bank and leasing company
- Supervised development of 18 commercial applications on Oracle/Unix platforms
- Developed and launched the corporate website
DELOITTE – KHALID MAJID HUSSAIN REHMAN
Senior Manager, IT Audit & Consultancy | May 1998 – June 2001 (3 years 2 months)
- Delivered IT audit and security services to financial institutions, airlines, and manufacturing clients
- Conducted IT due diligence reviews for major banking institutions
- Developed IT strategies for large organizations including gas pipeline companies and port authorities
KPMG PEAT MARWICK – TASEER HADI KHALID & CO.
Senior Manager, IT Audit & Consultancy | 1992 – 1998 (6 years)
Pakistan, Dubai, Oman, and Abu Dhabi
- Provided IT audit and consultancy services to multinational clients across Pakistan and the GCC
- Led IT general controls reviews as part of statutory audits
- Conducted ERP selection and implementation projects
- Delivered services to over 50 clients including State Bank of Pakistan, National Bank of Pakistan, Pakistan International Airlines, and major multinational corporations
SYSTEMS PVT. LTD.
Project Manager | July 1987 – September 1992 (5 years 3 months)
Systems Ltd. is a leading software development house in Pakistan.
- Led development teams for custom application development across diverse industries
- Implemented ERP systems including Oracle Financials and JD Edwards
- Delivered IT strategy consulting and system implementation services
BCCI INSTITUTE OF COMPUTER SCIENCE (FAST)
Systems Analyst | April 1985 – April 1987 (2 years)
- Designed and developed academic systems including Library Management System and Student Grading System
- Conducted faculty training on IBM VM/CMS systems
PHILIPS ELECTRICAL COMPANY OF PAKISTAN
Accounts Officer | 1982 – 1985 (3 years)
- Began professional career with this multinational electrical company
- Implemented JD Edwards systems for inventory, sales, and general ledger
EDUCATION
MBA – Finance and Marketing Institute of Business Administration (IBA), University of Karachi | 1987 – 1992
Post Graduate Diploma – Systems Analysis and Design Institute of Business Administration (IBA), University of Karachi | 1984 – 1985
Professional Development
- Project Management Professional (PMP) – 35 PDU Training Course
- Certified Information Systems Security Professional (CISSP) – 48-hour Training
- Ethical Hacking and Penetration Testing Certification
- Cisco Certified Security Professional (CCSP) – 6 months training
- Cisco Certified Network Associate (CCNA) – 3 months training
- Computer Networking Essentials – 1 Year Diploma
ACADEMIC CONTRIBUTIONS
Institute of Business Administration (IBA), University of Karachi Visiting Faculty | 1992 – 2008 (16 years)
Taught MBA students in IT-related courses at one of the oldest and most prestigious business schools outside North America (established 1955). Consistently rated among the best faculty members.
NOTABLE CLIENTS SERVED
Financial Institutions: State Bank of Pakistan, National Bank of Pakistan, United Bank Limited (800 branches), Muslim Commercial Bank (1200 branches), Allied Bank of Pakistan, Saudi Pak Commercial Bank, Bank Al Habib, Hong Kong Shanghai Bank, ANZ Grindlays Bank, Soneri Bank, Credit Agricole, NIB Bank
Petroleum & Energy: Kuwait Petroleum Corporation and 10 subsidiaries, Oil and Gas Development Corporation (OGDC), Pakistan Petroleum Limited, National Refinery of Pakistan, HUBCO Power Generation, AES Lalpir Power Generation, Sui Northern Gas Pakistan Limited
Multinational Corporations: Philips Pakistan, Proctor & Gamble, Siemens, IBM, Gillette, Cadbury, SGS, BASF, Agfa Geavert, Alstom, JP Coats
Government & Public Sector: Pakistan Customs, Karachi Port Trust, National Investment Trust, Employees Old Age Benefits Institution (EOBI), General Civil Aviation Authority of UAE
Airlines & Transportation: Pakistan International Airlines Corporation
Other Major Clients: Central Depository Company of Pakistan, Oxford University Press, Shifa International Hospital, Lucky Cement, Tata Group of Companies
TRAINING PROGRAMS DELIVERED
Throughout his career, Tariq Mahmood conducted over 1,200 hours of professional training, including:
- State Bank of Pakistan – Six-month program training 100 auditors on computerized application auditing
- Muslim Commercial Bank – Four-month program for 40 internal auditors
- Sui Northern Gas Pakistan Limited – Internal audit department training and restructuring
- CISA Examination Preparation – Trained 20 candidates
- IT Audit Workshops – Multiple programs on methodologies, standards, and tools
- COBOL Programming – Technical training for corporate clients
- Year 2000 (Y2K) Remediation – Awareness and strategy training
FRAMEWORKS & METHODOLOGIES
- Governance: COBIT 4.1/5, ISO 38500, VAL IT
- Security: ISO 27001/27002, ISO 27017, ISO 27018
- Business Continuity: ISO 22301, BS 25999, BCI Good Practice Guidelines
- Risk Management: RISK IT, CRISC Framework
- Service Management: ITIL, ISO 20000
- Audit Tools: ACL, TeamMate, NASSES, RATINA, Secure Audit, Deloitte AS/2, SekChk
PROFESSIONAL AFFILIATIONS
- ISACA Karachi Chapter – Board of Directors, CISM Coordinator
- Institute of Chartered Accountants of Pakistan (ICAP) – IT Subcommittee Member
- Business Continuity Institute (BCI) – Member
LANGUAGES
| English (Fluent) | Urdu (Native) | Arabic (Professional Working) |
This document honors the distinguished 40-year career of Tariq Mahmood, a pioneer in IT audit and information security in Pakistan and the Middle East. His dedication to excellence, commitment to education, and service to the profession touched the lives of countless professionals and organizations throughout the region.