Director IT Risk
Al Rajhi Bank
Total years of experience :22 years, 9 Months
Bank - Credit and Risk Management
Riyadh
Worked on the development and implementation of Operational Risk Framework (ORF) in ARB Groups. Reviewing RCSAs, Vendor/Outsourcing risk assessments, Policies & Procedures and New Products from an Operational Risk perspective. Facilitate, monitor and report Business Group’s RCSAs & KRIs to the Group Operational Risk Committee. Supporting projects and leading deep dive process reviews to identify control gaps. Maintain and strengthen relationships with business units and overseas / subsidiaries by providing guidance/support in operational risk management. Manage Departmental open exceptions and ensure timely closure. Provide Operational risk framework presentations and training in operational risk (including system training / workshop) across the Group.
Manage and supervise IT Audit engagements within planned time frame to provide reasonable assurance on adequacy of controls and assist in meeting the bank’s objectives. These audit engagements covered special reviews on SAMA regulations and inspection, IT processes and e-Banking channels systems. Prepared and presented high quality audit reports identifying root causes, risks and impact for each audit observation.
Follow-up on implementation of identified observations based on due dates, through the review and validation of pending audit observations. Participated in building the Audit Universe and Audit Annual Plan for IT Audit Department.
Worked with Director of IT Infrastructure to enhance current network and security infrastructure and operations. Handled different project and initiatives in IT infrastructure department including Data Center migration, Network design and enhancement, Interconnect ministry worldwide sites, establish e-certificate center to achieve e-government in ministry, smart building project, planning for Security Operation Centre and ISO 270001 implementation.
Manage and supervise Information security and Network departments to streamline its processes and optimize workflow.
Two years of experience in managing Information Security Monitoring and security assessment services including Managing Security Monitoring Center requirements and projects, Maintaining Security related process and procedures, managing day-to-day security monitoring, incidents handling and security investigation, vulnerability management process, facilitating Information security risk assessment and security penetration testing.
Prepared and presented security status reports to the Chief Information Security Officer including analyzed frequent incidents, information security related risks, impact and root cause. Participated in information security strategic plans, budgeting, resources and key projects including PCI- DSS.
Worked on Incident handling and security Incident Investigations. Performed Auditing and reviewing of application, network and system security. Evaluated and recommended security technologies. Handled vulnerability assessment and recommendation. Performed Risk assessment for critical business services. Managed and implemented various security technologies including Firewalls, VPN, Antivirus, Security Event Management System, Host and Network IPS, Vulnerability scanner and Mail Security and Anti-spam System.
Worked on security operation center as first level of support to monitor, analyze, investigate and handle security Incidents. Worked on various Security technologies from operation perspective including Firewalls, Antivirus, Security Event Management System, Host and Network IPS, Control security access through dial-up.
Worked with network support team to support various infrastructure components including Data backup, Network traffic monitoring, Management and troubleshooting of switches and routers and implemented security in network devices. Supported Database servers and Online Document Servers. Administrated and troubleshoot Microsoft Windows and VMS OS.
on domain registration and web hosting for Shashah net clients and support hosted server which located in US. Provided client with services such as web designing and built-in board setup. Provided support for Shashah net website.
courses: Publication: “The Impact of Cloud Computing Technologies in E-learning” – Presenter at IC
ITC