Cyber Security GRC Manager
Advanced Electronics Company
Total years of experience :13 years, 4 Months
Managing Cybersecurity GRC Consulting Services
-Defining the information security strategy and roadmap for MA’ADEN Corporate and Affiliates.
-Developing the annual information security goals and objectives.
-Lead MA’ADEN Corporate and Affiliates IT security team: plan, organize, assign, supervise and monitor the work of team members.
-Lead the computer emergency response team across MA’ADEN.
-Establishing and maintaining plans to implement the information security governance in Corporate and Affiliates.
-Managing the information security budget in implementing the information security program.
-Leading the execution of Corporate and Affiliates IT security projects.
-Identifying security risks through suitable and recommended methods.
-Defining the information security policies that support business goals and objectives.
-Ensuring IT services provided to business, including outsourced providers are consistent with established information security policies.
-Manage relationship with business units with regard to information security.
-Conducting Information Security awareness campaign in MA’ADEN.
-Responsible to advice management & provide the overall direction on Information Security initiatives across MA’ADEN.
-Participating in ETGAN Program -MA’ADEN Global Transformation Program.
-Participating in defining and building MA’ADEN-IT world-class institutional capabilities.
-Establishing and maintaining plans to implement the information security in AEC
-Leading the execution of IT security projects.
-Manage relationship with business units with regard to information security.
+Selected for High Potential Program 2010 for future leader.+
+Ideal employee in 2009.+
+Distinguished employee in 2008+
Information security field:
0 Define and Develop Information Security Strategies and Annual Plans.
1 Evaluate and Recommended Information Security Directions such as: Antivirus, Intrusion Prevention System, Encryptions.
2 Prepare Conceptual Scope of Work for Information Security Projects such as: Antivirus, Intrusion Prevention System, Encryptions.
3 Researching and Studying Information Security Systems.
4 Define and review information security policy and standards for business operations and technology implementations.
5 Define and Implement Information Security Policies.
6 Develop and Execute Information Security Awareness Program ( I established a campaign (ten workshops) on 9-13 May 09 to aware ITC employees for approved IT security policies in 2009 and I'm responsible for organizing and presenting this campaign).
IT Audit field (IT Quality Assurance field):
1 Prepare the Annual Internal Audit Plan.
2 Coordinate and monitor external and internal auditing.
3 Prepares audit report including the weaknesses noted in the systems and services.
4 Excellent knowledge of audit methodology and procedures.
5 Identify IT security risks including IT technical implementations or business processes.
6 Member in Auditing Information Security Systems and IT resources.
7 Enhance IT Quality Assurance by Monitoring and Follow up the Implementation of Recommendations of Internal and External Auditors.
8 Attended workshops competent in Information Security and IT Audit.
ISO9001 Internal Auditor: Attendance and Completion Course - IRCA Certified Auditor
Attendance and Completion Course - IRCA Certified Implementer
Attendance Course - 5 Days
Attendance and Completion Course - IRCA Certified Auditor
Attendance Course - 5 Days
Attendance Course - 5 Days
Attendance Course - 3 Days
Attendance and Completion Course - 3 Months
Attendance Course - 5 Days
Attendance and Completion Course - 5 Days
Attendance and Completion Course - 3 Days
Attendance Course - 3 Days
Attendance Course - 5 Days
Attendance Course dedicated in Symantec Endpoint Protection - 5 Days
Attendance Course - 5 Days
Bachelor degree in Information Systems with GPA 3,51 King Saud University , College of Computer Sciences & Information - Riyadh, Saudi Arabia 2002 - 2005