IT Security Consultant
it security & training solutions
Total years of experience :20 years, 3 Months
•Preparing and Performing ISO 27001 Gap Analysis
•Working in SABIC CoE-IT Security team, performing ISO 27001 Gap Analysis globally Europe, America, Asia (Singapore) MEA regions.
•Communicating with SABIC Europe, MEA, AMERIC and ASIA region IT teams and reviewing and assessing their IT Procedure, providing recommendations and guideline to update their documentation,
•Gathering all IT Procedure and performing off-line audit.
•Providing guideline to all regions to follow the SABIC recommended standards for procedures implementation.
•Providing end to end guideline for to achieve ISO 20000 standard.
•Developing and creating Service catalogs.
•Developing Service Level Agreement (SLA) and Operation Level Agreement (OLA)
•Fully performing the quality audits on existing processes and procedures of RSADF.
•Creating and developing Change Management, Incident Management, Configuration Management, Service Request fulfilment procedures and related policies.
•Review, update and implementation of ISO 27001 Policies and procedure.
•Providing end to end guideline for the implementation of Disaster Recovery and contingency planning policy at RSADF.
•Responsible to manage End to End Implementation of BMC/ITSM Remedy tool Implementation Project.
•Communicating, Scheduling meetings with Devoteam team Consultants for initial design and assessment phase.
•Conducting and attending BMC ITSM Remedy meetings and Presentations.
•Coordinating Devoteam Project manager and team to manage the project.
•Providing assessment reports and feedback to STC higher management.
IT Consultant:
•Worked as IT Consultant on COBIT implementation Project.
•Reporting directly to Director and General Manager of the respective departments.
•Performing Internal/Self audit of COBIT Processes.
•Create Process audit reports for higher management.
•Create and generate process activities reports on monthly basis.
•Doing all assessments for Configuration Management (DS9) and Change Management (AI6) processes.
•Align IT processes with Business requirement and other processes.
•Implementing Configuration and Release process under the umbrella of COBIT implementation project.
•IT service Management tool evaluation and analysis.
•Create and develop the Manage Quality Process (PO8) flow diagram and documents.
•Create and Develop ME2 and ME3 Processes (Internal Audit Control and External requirements with third party)
•Make sure that all project activities are executed according to the adopted methodology.
•Overall monitoring the Project plans and its implementation.
•Worked on Dammam Municipality Project and King Fahad Security College Project (KFSC).
•Developed policies, procedures and Risk Management Plan for Dammam Municipality.
•Designed, established process flow for King Fahad Security college project.
August 2008-November 2008 Watheeqa Capital Company
•Developing and maintaining comprehensive Watheeqa Capital Company -wide information security strategy, plans and policy.
•Manage the development, implementation, and maintenance of WCC information security policy, standards, and guidelines
•Monitor report and work with WCC Internal Audit as appropriate on required security audits and compliance requirements like TADAWUL Compliance requirements.
•Serve as an expert advisor to WCC in the development, implementation, and maintenance of an information security infrastructure
May 2008-August 2008 Rana Investment Company Riyadh, KSA
•Creating action plan to implement IT security in RIC IT infrastructure.
•Identify security gaps with the help of checklists and provide the best possible solution.
•Review email security, host security, servers security parameter security and configuration settings.
•Performing network vulnerability assessment routers, switches and firewalls.
•Review system updates and patches.
•Planning and implementing IT security cost effective solutions.
•Documenting the IT security related documents
•Identify possible technologies and products to use in security solutions.
•Configuration and Release Management Supervision
•Configuration and Release Management Work Procedures implementations
•Participated in the Manage other ITIL modules in STC
•Active participation in ITIL system testing (SQT, PAT), integration and roll-out
•Establish and administrative function for the upkeep of CMDB
•Supervision day-to-day activities involving check in/checkout of Assets from Configuration Management tools.
•Filtration and follow up (Request for Change) RFC for Release Management
•Delivery of ITIL awareness presentations to STC Higher Managements
•Vendor Coordination for the implementation of new Configure Items (CI’s) and giving proper update to the Configuration Management to maintain the accuracy of CMDB.
•Giving proper feedback to the Change Management to close RFC.
•Value Added Technical Support/Management: Management of all Value Added Services including Activation and Deactivation i.e. GPRS, MMS, Voice Mail, SMS, Call Waiting, Call Conferencing, Call Barring, International Roaming (IR) etc.
•General Administrative tasks.
•Scheduling and planning of task for the management of all value added services team.
•Providing guidance on tasks to the team.
•Supervision of daily, weekly and monthly status report of tasks.
•Supervision of team meetings on weekly and monthly basis to resolve pending issues and problems to improve department performance.
•Coordination with Vendors and providing feedback to Higher Management.
•Providing support for Value added, billing and other offered services and reporting about churn blocking team to reduce/avoid churn.
•Reporting and Correspondence with Higher Management.
Introduction to Security Network Security, Web Application Security, System Application Security, Risk Management, ISO 27001 Project Management,
Masters In computer Sciences, Covered all major Computer Sciences subject.