عبد الكريم الصويغ

- Develop information security risk management methodology and ensure alignment with ERM function.
- Identify, evaluate, and manage information security risks and controls of all information assets (people, processes, and technologies).
- Maintain an up-to-date information security risk register, and oversee the implementation of identified mitigation plans with relative teams.
- Conduct an information security Business Impact Analysis for asset valuation and data sensitivity.
- Establish the data classification and handling guidelines.
- Develop, review, and communicate of all information security policies, procedures, standards, and guidelines, and ensure alignment with the organization's strategy.
- Develop and update of the information security governance and operating model (processes, roles, and responsibilities).
- Conduct compliance assessment with regulatory requirements (NCA ECC: 2018) and ensure its adherence.
- Incorporate information security requirements in all 3rd-party technological projects.
- Participate in reviewing and update of the information security architecture.

- Assist in developing and enhancing cyber security programs to meet clients requirements.
- Build a stand-alone cyber security controls framework to meet the requirements of the client and its sector.
- Participate in drafting RFPs as per the project requirements.
- Enhance the vulnerability management and incident response function from a governance perspective.
- Develop and enhance client's cyber security policies and standards.

- Manage the implementation of a full top-down cybersecurity program, being its project manager.
- Review and update all cyber security policies, procedures, and standards.
- Participate in the creation of KPIs and balanced scorecards related to the cyber security function.
- Participate in NCA's compliance audit (as an auditee) against NCA ECC: 2018.
- Conduct a cyber security Business Impact Analysis to identify criticality/sensitivity of PPA's data.
- Implement a data classification exercise as part of the data governance program.
- Oversee the enhancement of SOC operations, and implementation of Minimum Security Baselines for systems hardening efforts.

- Establish the governance and management of the information security function within the branch.
- Establish and manage the information security committee.
- Develop and update the information security strategy and policies.
- Conduct gap compliance assessment against SAMA Cyber Security Framework and ensure its implementation.
- Conduct branch-wide BIA as part of the business continuity efforts.
- Implement and manage all information security awareness programs.
- Enhance internal IT and banking procedures from a security perspective.

- Responsible for patch management of the organization's technological assets (laptops/desktops).
- Monitor email traffic of Office 365 for any unknown communications to block/filter.
- Participate in information security risk assessments exercises.
- Monitor and remediate any security flaws related to technological assets (e.g., Antiviruses, DLP, Encryption, Recovery, etc., ).
- Participate in the overall compliance implementation of SAMA Cyber Security Framework.

- Manage cooperate-wide VoIP services.
- Manage and maintaining technological assets inventory.
- Participate in ISO/IEC 27001 certification audit.
- Participate on IT security policies reviews.