عباس حيدر

As the CISO responsible for 8 entities, my role encompasses:
• Information Security Policy Development: Leading the
development and implementation of comprehensive information security policies and procedures, including crafting guidelines and protocols that adhere to industry best practices and regulatory requirements to protect sensitive data and systems.
• Risk Assessment and Management conducting regular assessments and implementing strong measures to protect against them. This includes ensuring network security, controlling access to systems, using encryption techniques, and regularly conducting security audits.
•
• Incident Response and Management creating and managing a flexible and efective incident response plan to handle various security incidents, such as data breaches and cyber-attacks. This includes coordinating with internal teams and external stakeholders, with the goal of minimizing the impact of these incidents through strategic actions.
• Security Awareness and Training Programs creating a culture of increased security awareness within the organizations workforce. This is accomplished by conducting regular and engaging training sessions and awareness programs. The goal is to ensure that employees are knowledgeable about their roles and responsibilities in protecting sensitive information.
• Regulatory Compliance Adherence Remaining abreast of evolving regulations and standards such as GDPR, PCI-DSS, ISO 27001, SWIFT CSP, EBA, FCA, among others. Ensuring the organizations unwavering adherence to these mandates through meticulous periodic audits and assessments, thus validating compliance.
• Vendor Risk Management assessing and managing security risks related to third-party vendors and service providers.
• Incident Reporting and Stakeholder Communication leading the creation of eficient communication channels to promptly relay security incidents, associated risks, and mitigation strategies. This includes facilitating seamless communication with executive management, the board of directors, and other stakeholders to ensure transparency and enable strategic decision-making...
• Security Governance and Strategic Alignment Collaborating closely with senior management to define the organizations overarching security strategy, goals, and
objectives.
• Security Monitoring and Proactive Threat Intelligence and Continuous Improvement Initiatives taking a proactive approach to regularly evaluate the efectiveness of current security controls and processes. This includes identifying areas for improvement, staying up-to-date with emerging technologies and industry trends, and staying vigilant against evolving threats

As the Operational CISO and CTO, I led transformative initiatives during my tenure at Glasswall Solutions Ltd. Some key achievements include:
• Pioneered the development of the organizations inaugural information security plan, along with all associated processes building the information security team from greenfield
• Established and led the Information Security team, encompassing areas such as Appsec, Risk, Governance, and Compliance.
• Developed a comprehensive cloud strategy and technical roadmap, integrating automated security controls into business processes. This strategic move resulted in a significant 10% reduction in annual technology financial overhead.
• Created the information security program which focused on injecting security awareness into the organizational culture
• Reported directly to the CTO/CISO, ensuring alignment with overarching business objectives.
• Built and trained incident handling and disaster response teams
• Authored and implemented industry-standard processes, including incident response programs, handling procedures, playbooks, DLP, and endpoint detection and response tools.
• Architect of the Business Continuity plan, ensuring the companys resilience in the face of potential disruptions.
• Successfully led the achievement of SOC2 Type 2 compliance, without any exceptions found, and delivered projects like Fedramp, Cyber Essential, and CE+ certification.
• Developed all components and processes of the Information Security Management System (ISMS), significantly elevating the organizations security standards.
• Managed the information security budget
• Established and created a robust Risk Management Framework (ERM Committee, garnering executive involvement and support.
• Initiated and maintained the bug bounty program.
• Spearheaded the creation and maintenance of security awareness programs and security champions within the organization.
• Played a central role in integrating security into the core of the companys Software Development Life Cycle (SDLC
• Implemented a suite of cutting-edge security tools (SAST, DAST, IPS, IDS, WAF, etc.), optimizing security compliance tasks through automation, reducing costs, and ensuring comprehensive management.
• Optimized Cloud security platforms, enhancing the
organizations security posture while maintaining cost eficiency.
• Authored and implemented corporate security policies, emphasizing a proactive approach to security measures.
• Architected and deployed an Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) solution, enhancing the companys security infrastructure.
• Introduced image hardening into the core of SDLC, ensuring secure development practices at every stage.
• Acted as the organizations Data Protection Oficer (DPO),
• Created the Risk management committee and presented business risk to RMC and board quarterly
• Successfully orchestrated the migration from an on premises setup to a fully cloud-based operation.

• Project Management
• Successfully Led and Completed Complex IT Projects
• Implemented Project Management Best Practices Team Leadership and Development
• Built and Managed High-Performing IT Teams
• Implemented Training and Mentorship Programs Cost Optimization
• Implemented Cost-Saving Initiatives
• Negotiated Vendor Contracts and Managed Vendor Relationships Infrastructure and Technology Upgrades
• Oversaw Successful Infrastructure Upgrades/Migrations
• Implemented New Technologies or Software Solutions Cybersecurity and Risk Management
• Developed and Implemented Robust Cybersecurity Strategies
• Established Disaster Recovery and Business Continuity Plans Process Optimization
• Streamlined IT Processes
• Implemented ITIL or Other Frameworks Stakeholder Communication
• Efectively Communicated IT Strategies to Non-Technical Stakeholders
• Fostered Positive Relationships with Internal Departments Compliance and Governance
• Ensured Compliance with Industry Regulations and Internal Governance Policies
• Successfully Passed IT Audits and Assessments User Experience and Support
• Improved User Experience with User-Friendly IT Systems and applications
• Enhanced IT Support Services and Issue Resolution Innovation and Strategic Planning
• Spearheaded Innovation Initiatives with Emerging Technologies
• Contributed to Development of IT Strategies Aligned with Business Objectives

• Helped on maintaining FedRAMP and ISO27001
• Lead the IT systems security hardening
• Created and maintained users access reviews program
• Incident management
• Led a comprehensive Wi-Fi security initiative at Everbridge, focusing on enhancing network security and data protection

Key Responsibilities:

Secured the IT Environment: Implemented and maintained a comprehensive IT security policy to safeguard company data and systems.
Streamlined IT Processes: Established and managed efficient change and incident management processes, ensuring smooth operation and swift problem resolution.
Physical Security Champion: Maintained physical security of IT systems and infrastructure, minimizing risk of unauthorized access.
Cybersecurity Expertise: Successfully achieved Cyber Essentials/Essential+ certification, demonstrating commitment to robust cybersecurity practices.
Technical & Strategic Leadership:

Led IT support for a group of 5 companies within the GGF group, leveraging a deep understanding of IT infrastructure (networks, servers, operating systems) and emerging technologies.
Translated business goals into actionable IT strategies, ensuring technology alignment with overall objectives.
Project Management & Collaboration:

Proven ability to plan, manage, and deliver IT projects on time and within budget.
Built and motivated a high-performing IT team, fostering a collaborative environment that tackled complex challenges across multiple companies.

Managed IT change control processes, ensuring smooth and secure implementation.
Supported cybersecurity initiatives for Claranet, the UK's largest private MSP.
Contributed to achieving compliance with ISO 27001, SOC 2, and data center standards.

Key Responsibilities:

Secured the IT Environment: Implemented and maintained a comprehensive IT security policy to safeguard company data and systems.
Streamlined IT Processes: Established and managed efficient change and incident management processes, ensuring smooth operation and swift problem resolution.
Physical Security Champion: Maintained physical security of IT systems and infrastructure, minimizing risk of unauthorized access.
Cybersecurity Expertise: Successfully achieved Cyber Essentials/Essential+ certification, demonstrating commitment to robust cybersecurity practices.
Technical & Strategic Leadership:

Led IT support for a group of 5 companies within the GGF group, leveraging a deep understanding of IT infrastructure (networks, servers, operating systems) and emerging technologies.
Translated business goals into actionable IT strategies, ensuring technology alignment with overall objectives.
Project Management & Collaboration:

Proven ability to plan, manage, and deliver IT projects on time and within budget.
Built and motivated a high-performing IT team, fostering a collaborative environment that tackled complex challenges across multiple companies.