Chief Information Security Officer
Aljazira Takaful Taawuni
Total years of experience :9 years, 8 Months
1. Development, implementation, and monitoring a strategic cyber
security and IT risk management program .
2. Establishment of policies, standards, and guidelines
3. Managing the operation and implementation of cyber security strategy.
4. Ensures that the security function is tasked with developing and
maintaining up-to-date security policies, standards and guidelines that
align with SAMA cyber security framework.
5. Communicate key risks and required support from management.
6. Conducting a continuous risk assessments of current security practices
and systems and identifying areas for improvement
7. Works with all VP’s and Heads to address their cyber security concerns
and translates them into IS strategic projects.
8. Managing the IS security budget and communicating this with the
appropriate parties
9. Review the agreements with suppliers and vendors and ensure the
services provided are in compliance with Company’s risk standards.
10. Conduct information security committee periodically.
11. Supervise and confirm all security actions involving letters and
circulars.
12. Information Security committee Member.
13. Ensure security awareness and training are delivered to company staff.
14. Participant as Cyber Security Project Owner for Merger and Acquisition
activities and part of M&A steering committee.
GRC Activities:
1- Cyber security NIST Framework implementation.
2- Review for access control.
3- End-user awareness through monthly lessons in addition to phishing tests.
4- Review and follow-up audit items with respect to IT, OT
5- Firewalls, Proxies servers, SANDBOX, and End-point in-depth knowledge and
administration skills
6- Governance, Risk, and compliance activities against IT, OT.
7- Establishing new processes to lay the foundations for new information security
section.
8- Communicate cyber security issues to business and management in a business
language.
9- Evaluation of new cyber security products.
10- Conducting Security Awareness to end-users through various methods: Email, LCD
screen, Desktop pop-up messages.
11- Specify, analyze, engineer, design, support and implement information Security
elements related to Technology, People and Process which protect the confidentiality,
integrity, and availability of SAMREF’s IT/OT and infrastructure, components and
information assets.
12- Implementing policies, standards and procedures relating to data security,
compliance management, incident management, risk management, operations and
maintenance
13- PhishME (Phishing Tool) administration
14- Conducting cyber/IT Risk Assessments
15- Annual Shared Folder access rights Audit
16- Coordination of annual IT audit tasks and follow-up.
17- USB access control.
Cyber Security Operations Activities:
1- SOC qualification for bidders and implementation.
2- Support SOC operation and leading incident response activities.
3- Conduct internal/external vulnerability scanning.
4- Famaliar with SIEM administration
5- NAC (Network Access control) implementation and administration
6- FireEye NX, EX, CMS implementation and administration
7- Symantec Endpoint Protection Manager administration
8- HPE Arcsight Implementation and administration
9- Familiar with Network Monitoring tools
10- Firewalls administration and review.
11- Proxy server administration and review.
12- RSA and Multi-Factor Authentication administration.
IT Operations activities:
1- Routing and Switching, including Switch inventory, management.
2- WSUS patch management.
3- GPO administration
4- Knowledge of virtualization environment and basic administration
5- Virtualization (VMware) administration
6- Domain controller DRP back-up restoration.
7- DRP restore drill coordination
8- LAN Management, Maintenance, administration functions.
9- Active Directory administration.
10- Email gateway Administration.
concetration on Six sigma.
third honor list