Abdullah Tolbah

Cyber Security GRC Manager at Advanced Electronics Company

• Saudi Arabia
• February 2017 to February 2019

Managing Cybersecurity GRC Consulting Services

Chief Information Security Officer at Saudi Arabian Mining Company - Ma’aden

• Saudi Arabia
• October 2016 to February 2017

Head of Information Security at Saudi Arabian Mining Company-Ma'aden

• Saudi Arabia - Riyadh
• January 2015 to October 2016

Information Security Officer at Saudi Arabian Mining Company -Ma'aden

• Saudi Arabia - Riyadh
• July 2012 to January 2015

-Defining the information security strategy and roadmap for MA’ADEN Corporate and Affiliates.
-Developing the annual information security goals and objectives.
-Lead MA’ADEN Corporate and Affiliates IT security team: plan, organize, assign, supervise and monitor the work of team members.
-Lead the computer emergency response team across MA’ADEN.
-Establishing and maintaining plans to implement the information security governance in Corporate and Affiliates.
-Managing the information security budget in implementing the information security program.
-Leading the execution of Corporate and Affiliates IT security projects.
-Identifying security risks through suitable and recommended methods.
-Defining the information security policies that support business goals and objectives.
-Ensuring IT services provided to business, including outsourced providers are consistent with established information security policies.
-Manage relationship with business units with regard to information security.
-Conducting Information Security awareness campaign in MA’ADEN.
-Responsible to advice management & provide the overall direction on Information Security initiatives across MA’ADEN.
-Participating in ETGAN Program -MA’ADEN Global Transformation Program.
-Participating in defining and building MA’ADEN-IT world-class institutional capabilities.

Cyber Strategic Program - Transformation Prog at Saudi Arabian Mining Company - Ma’aden

• Saudi Arabia
• November 2012 to February 2014

Information Security Specialist at advanced electronics company

• Saudi Arabia - Riyadh
• December 2011 to July 2012

-Establishing and maintaining plans to implement the information security in AEC
-Leading the execution of IT security projects.
-Manage relationship with business units with regard to information security.

Information Security Analyst & IT QA at Saudi Electricity Company

• Saudi Arabia - Riyadh
• November 2005 to December 2011

+Selected for High Potential Program 2010 for future leader.+
+Ideal employee in 2009.+
+Distinguished employee in 2008+
Information security field:
0 Define and Develop Information Security Strategies and Annual Plans.
1 Evaluate and Recommended Information Security Directions such as: Antivirus, Intrusion Prevention System, Encryptions.
2 Prepare Conceptual Scope of Work for Information Security Projects such as: Antivirus, Intrusion Prevention System, Encryptions.
3 Researching and Studying Information Security Systems.
4 Define and review information security policy and standards for business operations and technology implementations.
5 Define and Implement Information Security Policies.
6 Develop and Execute Information Security Awareness Program ( I established a campaign (ten workshops) on 9-13 May 09 to aware ITC employees for approved IT security policies in 2009 and I'm responsible for organizing and presenting this campaign).
IT Audit field (IT Quality Assurance field):
1 Prepare the Annual Internal Audit Plan.
2 Coordinate and monitor external and internal auditing.
3 Prepares audit report including the weaknesses noted in the systems and services.
4 Excellent knowledge of audit methodology and procedures.
5 Identify IT security risks including IT technical implementations or business processes.
6 Member in Auditing Information Security Systems and IT resources.
7 Enhance IT Quality Assurance by Monitoring and Follow up the Implementation of Recommendations of Internal and External Auditors.
8 Attended workshops competent in Information Security and IT Audit.