Ali Abbas has over 18 years of professional experience in information systems governance, risk management, and IT assurance. As a Director in BPM’s IT Assurance Practice, he provides IT auditing, cybersecurity policies and procedures, business process improvement, internal controls implementation, IT compliance, and data analysis services to clients in a variety of industries.  

Ali has extensive experience working in the U.S., Europe and Asia for blue chip, Fortune 50 and FTSE100 clients advising on their information technology security programs and practices. His technical experience encompasses issues surrounding Sarbanes Oxley (404), SOC 1 and SOC 2, FIEC/FRB, HIPAA, EU directives, and global industry standards such as ISO27000, NIST, COBIT and PCI DSS, among other data security standards. His IT audit and security assessments incorporate multiple IT areas and thus maintains a deep working knowledge of aspects numerous components of IT including ERP systems, infrastructure, network architecture, operating systems, database administration, information system security, segregation of duties and project management. 

Quick Facts


M.Sc., Computer Science — University of Oxford, United Kingdom 

B.S., Mechanical Engineering — NED University of Engineering & Technology, Pakistan 


Certified Information Systems Auditor — ISACA 

Certified Information Systems Security Professional — ISC2 

Certified in Risk & Information Systems Control — ISACA  

Qualified Security Assessor — PCI Security Standards Council 

Professional Affiliations

Member — ISACA  

Member — International Information System Security Certification Consortium 

Professional Experience

IT Governance, Risk and Compliance Expert — SimAct Solutions 

Director, Attest Services — Grant Thornton 

Head of Cyber Risk Management — ABIP  

Senior Manager, IS Assurance — BDO  

Global IT Security, Risk and Compliance Manager — AIG  

Senior Associate, IT Risk Assurance Services — PwC  

IT Compliance Officer — Habib Bank Limited 

Assistant Manager, Technology & Security Risk — EY