SUMMARY

• He is a cyber - security technologist and a business strategist, with over 15+ years of experience. Confidential ’s expertise is in Information Security and Risk Management, ISMS Implementation and Audit, Technology Management, Program/Project Management, Governance, Risk and Compliance (GRC), Business Continuity Management, Strategy, Operational Resilience, Organizational Development as well as General Management.
• He contributes to Group information security program management, implements cyber risk management structures and governance models, creates policies, procedures and security baselines, conducts assessment of the overall cybersecurity architecture, contributes to building security operations center (SOC), develops vulnerability management and incidence response capabilities, acts as an internal consultant and subject matter expert, provides executive and senior management with actionable security threat intelligence through presentations, risk reports and advisory in order to facilitate informed decision making.
• He demonstrates deep understanding of ISO 27001, NIST (SP 800), OWASP, SANS cyber defense controls, CobIT, COSO and working knowledge of PCI-DSS, SOX, HIPPA, and other international standards. He has attained certification like CISSP®, CISM, CEH, ISO/IEC 27001 Lead Auditor, ITIL (f), CRiSP, and pursues advanced specialization in cybersecurity and emerging technologies.
• In his latest assignment, Confidential Conducted Cyber Security Risk assessments based on NESA NCRMF, a Federal security standard for Critical Information Infrastructure (CII) in Oil & Gas sector. He also provided IS assurance to Confidential and its subsidiaries, a state owned Media organization, covering the Groups enterprise corporate IT Infrastructure, IT services and all technology platforms across broadcast, radio, publishing and digital environments supporting 25 industry leading brands including National Geographic Abu Dhabi, VEVO and The National newspaper.

TECHNICAL SKILLS

• Cyber Security Strategy & Roadmap
• Vulnerability Management and Risk Analysis
• Information Security Management Systems
• Threat Intel., Forensics & Incident Response
• IS Governance & Cyber Risk Assurance
• Network and Endpoint Threat Monitoring
• Policies, Frameworks and Control Processes
• Information Security Incident Management
• ISO 27001/22301/20000 and ITIL process
• VA & Penetration testing Engagements
• Regulatory Compliance and Audits
• Risk Management (Assessment & Treatment)
• ISO 27001 Implementation and Audits
• Security Operations Center (SOC)
• Authentication & Access Control
• ICT Security Architecture
• System and Network Security
• Security Awareness and Trainings
• Web application Security
• Business Continuity Management & DR
• Data Security & Privacy Protection
• IS Project management

PROFESSIONAL EXPERIENCE

INFORMATION SECURITY ASSURANCE OFFICER

Confidential

Responsibilities:

• Group Information Security Strategy and Risk Management
• Security Architecture, ISMS auditing, Governance and Compliance
• Security Operations Center (SOC) and Incident response
• Strategic Information Security consulting for policy development, accessing and improving security architecture, executing IS strategic plans/Road maps and Group Information security processes across all ADM business units/segments.
• Consulting for Security initiatives and Security Risk assessments for all projects in coordination with respective businesses and project teams to ensure alignment and compliance to reduce the level of risk in line with the overall risk exposure and tolerance across all ADM business units/segments.
• Plan, organize, and implement Information Security Management System (ISMS) conforming to ISO 27001 standards. Defined roadmap and project plan for implementation of ISMS recertification with migration to ISO 27001:2013 certification.
• Define ISMS scope and boundaries inclusive of Assets, People, Technology and Processes as well as internal and external stakeholders for extension and expansion of ISMS.
• Develop and implement Risk Management methodology, conduct Risk Analysis and formulate Risk Treatment Plan based on ISO 27005 standards.
• Develop and implement Information Security policies, procedures, process flows and minimum security baselines for servers, network and applications.
• Evaluate and Implemented best ICT Security practices: Network and remote access security policy (ISAKMP, IPsec), Wireless security, telecommunications/VOIP security, Firewall security, Backup policy, Domain/ User/ Exchange policy, Password policy, Web/ Email security, end-point Security.
• Coordinate with systems, network, applications and IT operations teams to evaluate and implement Network Security controls e.g. Firewalls, intrusion detection/ prevention technologies, NAC (network admission control), Host and end point protection, secured remote access (dual authentication), encryption, data masking etc.
• Security Operations Centers (SOC) and advanced cyber threat detection for the Organizations including for subsidiaries. Performs organizational environment profiling, Conducts Ongoing vulnerability assessments, security control review and continuous security risk assessments across the global infrastructure of ADM.
• Identifies, prioritizes incidence response and provides recommendations to address risks, vulnerabilities, threats and incidents. Coordinate Vulnerability remediation and risk treatment plans with respective service owners and risk owners.
• Conducts Internal ISMS Audit, liaison with business unit leaders in maturity assessments, impact analysis and remediation of gaps. Ensures compliance with ADM policies, ISMS and UAE laws (ADSIC, NESA, and NCEMA).
• Performs the role of Security point of contact, Participates in steering committee meetings, member of CAB, risk review and management review meetings. Review and approves security tasks associated with Change Requests (CRs). Prioritize and coordinates the incident response process.
• As part of building SOC, project implemented includes Vulnerability management, ISMS migration and certification, SIEM, Endpoint Security, IPS, MDM, Network/Firewall assurance, IR framework, Active directory audit, Exchange audit, Endpoint Analytics,
• Analyzes sensitive systems and network traffic for signs of infection or compromise. Conducts investigations and coordinates remediation and lessons learned reports. Evaluates and recommends changes to overall security architecture.
• Coordinate with Physical Security department to Evaluate and recommend Physical Security controls for information processing facilities e.g. access control, environmental controls, fire safety, monitoring systems (CCTV), and work ethics for secure areas.
• Coordinate with HR, Finance, Legal, Procurement and other support services as required to ensure information security policies are followed and enforced.
• Coordinate with training and communications Teams for Security awareness trainings and dissemination of security related tips, and content for newsletters.
• Assists in forecasting of future ISD budget; developing business cases to drive new initiatives that provides defense-in depth and increases the security posture of the Group.
• Provides periodic Executive Management reports. Continuous research and development of Information Security capability to recommend and improve controls.

MANAGER

Confidential

Responsibilities:

• Strategic ICT program management and secure infrastructure operations
• Architect and manage enterprise technology solutions and ICT Projects
• Digital media, Corporate & Marketing communications
• Strategic direction and program management for the IT department, ranging from planning, budgeting (Opex/Capex), and technology selection. Leadership and Line management of staffs within the Information Technology and Digital Media department.
• Design and architecture of ICT infrastructure including systems, network structures, telecommunications and other security infra. Plan, organize, control and coordinate the acquisition, development, maintenance and use of ICT Systems at the regional level.
• Supported innovation and systematic approach to effect change across the organization. Internal consultancy advice on information security risk and control matters.
• Implemented the IS management system based on the ISO/IEC 27000 series.
• Conducted internal audits, risk assessments, and controls selection activities; Liaised with related governance functions such as physical security, HR, legal and compliance.
• Analyzed existing processes and systems, and implemented sweeping changes to IT architecture, networking, telecommunications, and substantially increased security and performance. Provided technical expertise for Systems/ IT network design and optimization.
• Conducted Vulnerability assessment on network, websites and database applications. Managed Network monitoring for incidence response, remediation and closure.
• Ensured high-availability of enterprise voice and data platforms. Led activities related to contingency planning, business continuity management and IT disaster recovery.
• Supplier and vendor liaison; Standardize procurement for ICT. Negotiated service level agreements and ensured quality service delivery of Leased lines, VSAT, Internet Gateways, Payment gateways & MPLS Links.
• Led administration of systems and networks, firewalls, remote connectivity, VPN, and telecom systems (voice, data, mobile, IP PBX, PRI & Toll free - four 20 seater call centers).
• Conducted information security awareness training and educational activities.
• Supervised provisioning overall financial, HR and MIS systems. Led Web applications development in line with OWASP secure coding practices. Built secured hosting, CMS driven responsive websites including architectural design. Deployment of ecommerce payment gateway systems to facilitate online and mobile transactions.
• Recruitment, training and performance management for the IT and digital media department and a loose network of cross functional members throughout the organization.
• Digital Media - Expert in Web/Internet technologies, Social media, online video streaming, Internet advertising, content management technologies, web optimization and data analysis. Developed internal, external and interactive communications strategy; led the Print Publishing and Graphics team. Onsite to Europe and regular interaction with the US/ European teams.
• CSR - Set up 3 Computer learning centers (STEPS) with curriculum supported by Microsoft benefiting 368 children. Knowledge management and alerting system for Medical teams.