Senior Information Security Consultant
Jeraisy Computer & Communication Services
Total des années d'expérience :25 years, 8 Mois
Nov 2010 to present Senior Information Security Consultant
Jeraisy Computer & Communication Services (JCCS) BOG
Board of Grievance (BOG) - IT Security Department
o Design security controls to build secure infrastructure
o Manage and monitor IT Security for BOG (Diwan Al Mazalem) network
o Manage and monitor virus and malware protection systems
o Infrastructure and network Security controls
o Information security policies and procedures developments
o Information systems audit controls
o Network Security & Systems Vulnerability Assessments (VA)
o Managing IT Security Projects
o Overall Security VA and Conducting Security awareness
o Configure and manage BOG Firewalls, IPS and Web security
o Manage web filtering devices such as Cisco Iron port web security, F5 ASM,
web- Email gateways and Firewall and IPS
Nov 2009 to Oct 2010 IT Security Manager - Senior IT Security consultant
Al Faisaliah Group www.alfaisaliah.com
o Develop Information security strategy
o Enterprise security managements and compliances
o Managing IT Security Department and related projects
o Ensuring continuity and Disaster recovery & restoration of data.
o Develop and Maintain Business Continuity & Disaster Recovery
o Design security controls and countermeasures as business requirements
o Co-ordinate activities between Information Security and the various team
o Information security policies and procedures developments
o Information systems audit controls
o Establishment of ISO 27001 Framework and IT Standardizations
Sept 2006 to Nov2009 Senior IT Security Consultant
Al Faisaliah Business & Technology Services Co. (FBTC)
o Network Security Assessments and reviews
o Information security policies and procedures developments
o Develop and Maintain Business Continuity & Disaster Recovery
o Information systems audit controls
o Addressing security with customers requirements,
o Technical review of systems and operating system hardening,
o Review and manage SAP R\3 authorizations & IT2 Treasury security
o e-Banking authorizations & Sap Security reviews
o Managing IT Security department and IS projects.
o Develop and Maintain Business Continuity &Disaster Recovery
o Participated planning & budgeting for ITS information technology
o Develop and maintain Information Security policies &
o Procedures including high level SAP Authorizations.
o Managing SAP Authorization Security as need-to-know basis with BPO (Business Process
Owners) and reviews approvals
o Managing Access controls, authorizations & authentications projects
including Secure ID RSA - Two factor authentication
o E-banking authorizations & Security Systems projects
o Managing SAP authorization changes and transportation processes from Development > Quality > Production Systems
o Network Security & Systems Vulnerability Assessments
o Annual reviews for SAP authorization and DATA access security for all AlFaisaliah Group Subsidiaries businesses (15 AFG Companies)
o Overall Security and Vulnerability Assessments and Conducting
security awareness program
May 2001 - Dec 2003 Network Operations & Communications Head
Al Faisaliah Group Holding
o Responsible and manage networks operations unit.
o Configure \ Monitor all AFG networks and participated network infrastructure upgrade projects -
Interconnecting for AFG HO DATA center in Riyadh & Regional sites (Jeddah, Khobar, Kharj, & remote branches and international such as Dubai) to provide centralized services such as SAP R\3 application systems, e-mail,
Internet and other network file share and print services.
o Managing, configuring & monitoring network devices such Cisco 6500 catalyst, Wan Gateways - Cisco 3600,
2600 routers using NNM (HP OpenView systems), Wireless access points as well as network security devices such Cisco Pix firewalls, ACS (AAA servers & VPN
( AlFaisaliah Group Subsidiaries)
o Migrated from Novel to Windows NT project
o Migration from HP openMail to MS Exchange
o Managed messaging and Internet proxy servers
o Upgrading from windows 2000 and domain consolidations project.
o Participated SAP Project new era Project, Network infrastructure
o back bone upgrades from 3com to Cisco Devices
o Installing Antivirus protections for exchanges and deploying agents
Professional Skill o Excellent Knowledge of Managing IT Security department o Excellent experience in Information Security in Corporate and government sector o Good knowledge of methods to develop information security strategy o Building Security architecture reviews and gap analyses o Experience in an IT security consultancy role and Network Security o Managed IT Security department and network operations enterprise level o Information security Controls and compliances processes o Network and Information Security and Audit assessments o Business Continuity Planning Disaster Recovery experiences o Vulnerability Assessment and penetration tests (PEN TEST) experiences o Analyzing operational risk, impacts and mitigation processes o Good knowledge of SAP Authorizations and SAP Security Landscape S Dev > Quality > Production o Good knowledge Security Policy and procedures developments o Good experience covering numerous diverse IT platforms and IT environments o Vulnerability Assessment of OS Windows, Application and Databases O Good knowledge for systems, Active directory and MS Domain. o Mentor and train others in IT information security team in addition of supporting o Excellent in Documentations, technical writing and knowledge transfer o Good knowledge for Security Network infrastructure multi-user information o Good knowledge of security web filtering devices such as Cisco Iron port web security, Juniper SSL VPN, ACS AAA, Netasq firewall\ IPS, BIG IP - F5 Application Security Manager (ASM), and Juniper VPN and other security devices Abdilatif Samatar _CV