Abeir Jaweesh

Sr. Professional Service Consultant at Grafene Consulting

• Egypt - Cairo
• My current job since October 2023

- Assist clients and organizations, including government and private sectors of various sizes, in adhering to required security standards such as ISO 27001, ISO 22301, ISO 27018, ISO 27017, ISO 20000, ISO 27035, COBIT2019, and ITIL v4.
- Ensure compliance with local Saudi standards including DGA governance and corporate compliance guidelines, SAMA, all NCA Frameworks, PDPL, and SDAIA-NDMO.
- Support Egyptian financial institutions and banks in meeting the Central Bank of Egypt's security standards and regulations "CBE CSF".
- Implement ITSM and governance frameworks for various organizations.
- Conduct external IT audits to ensure compliance with relevant standards and best practices.
- Review and align cybersecurity policies and processes with established cybersecurity frameworks and standards.
- Assist organizations in developing and planning cybersecurity roadmaps.
- Conduct internal cybersecurity audits to identify and mitigate risks.

SR. CYBERSECURITY GRC CONSULTANT at Securenass

• Egypt - Cairo
• February 2023 to September 2023

Helping businesses comply with the security rules and standards mandated by government agencies to protect their operations and customer data.
2
-
Business continuity is ensured through ISO 22301's emphasis on efficient disaster recovery planning for IT infrastructure and service provisioning.
-
Developing an Information Technology Service Management System (IT-SMS) according to ISO/IEC 20000, which ensures the security, efficiency, and continuity of IT services by adhering to establishing policies and procedures to control these services in addition to the service risk management plan and procedures.
-
Assist businesses in rolling out ISO/IEC 27001, the Information Security Management System, across their operations.
-
Depending on the nature of the institution's operation, assist in meeting the security standards established by the KSA:
•
Adherence to the Saudi Arabian Monetary Authority standards, which entail not only following the bare minimum of security regulations but also adopting the most secure industry standards across the business.
•
Confirming the security of communication and boosting trust between organizations and their consumers/clients by adhering to the National Cybersecurity Authority standard’s requirements for ensuring that institutions provide their services to clients in a secure manner.

CYBERSECURITY TA at CODING DOGO

• Saudi Arabia - Riyadh
• September 2022 to February 2023

- Helping students understand what cybersecurity is.
- Training students to use the Linux operating system.
- Coaching students on how to use the different Kali tools for attack or penetration testing.
- Teaching students cyber-attack techniques, tactics, and methodologies, and what is the
difference between ethical hacking and cyber-attack (hacking)
- Guiding the students on how to build institutional security frameworks.
- Teaching students everything related to cybersecurity and equipping them for a live cybersecurity work environment.
- Develop students’ cybersecurity soft skills.
- Develop trainee’s technical skills.
- Review and assess the curriculum contents and provide cybersecurity content suggestions.
- Review and grade an assignment.
- Train the student on how to build and use SIEM and other cyber-attack detection tools.

Sr. Software Security Architect at ITPay

• Egypt - Cairo
• February 2021 to August 2022

SR. INFORMATION SECURITY OFFICER at EBS

• Sudan - Khartoum
• September 2017 to September 2020

- Performing EBS systems security management by building a compliant framework with ISO 27001 Ensure that the EBS infrastructure, work mechanisms, operating procedures, and systems comply with ISO 22301 to ensure the achievement of the company's objectives and the provision of services under emergency conditions.
- Responsible for raising security awareness training for the organization’s employees and banking sector employees, while providing all security tips during the annual security week
- Delivering periodic security awareness training and sessions providing a monthly security newsletter for local employees
- Delivering security training and tips for other companies who need to work in the payment system sector.
- Managing and leading the team to maintain the desired security level for the payment security systems as a payment processing company that is governed by the Central Bank of Sudan.
- Managing “payment card industry/ data security standard” PCI/DSS project, leading other team members from all the departments across the company to help comply with PCI/DSS.
- Managing my team to achieve company goals in addition to my regular tasks as an internal auditor, and pen-tester for internal systems and for merchant applications who want to connect to the EBS gateway to use payment service.
- Worked on developing an EBS security and resilience framework by building those policies, operations and maintenance processes and procedures, capabilities, and response structures to ensure the survival of the organization despite disruptions (BCM framework).
- Worked on improvements for provided security services, including the continuous enhancement of existing methodology material, and supporting assets.
- Ensure that the EBS infrastructure, work mechanisms, operating procedures, and systems comply with ISO 22301 to ensure the achievement of the company's objectives and the provision of services under emergency conditions.
- Performing infrastructure and application penetration tests, as well as physical security review and social engineering tests for our employees & clients
- Worked with application developers to validate, assess, and mitigate vulnerabilities.
- Developing and implementing data security policies to protect sensitive data from unauthorized access or use based on NIST, PCI_DSS, and other general security controls.
- SIEM planning and implementation.
- Identify and document the GRC user group’s requirements. User group to include Enterprise Risk Management, Operational Risk Management, Internal Audit, Information Security, and Business Continuity Management and Planning
- Develop and prepare governance KPI reports on the status of risk assessment, control effectiveness, gap remediation, internal audit and
- Quarterly reporting of IT security risk monitoring
- Mapping of Requirements, Risks and Controls
- Establishing data standards for the database environment, including defining fields and creating rules for data entry and retrieval
- Reviewing data sources to identify any security gaps.
- SOC planning
- Provide security advice and guidance to all EBS teams, especially the Networking Team, Customer Support Team, and Operation Team
- Ensure the third-party secure connectivity with EBS as a payment processor.
- Developing a database management plan for large-scale data security analysis
- Auditing/hardening planning and implementation
- Risk assessment and mitigation plan.
- Third-Party Risk Management
- system access control management
- Ensure controls are in place over applications to ensure data integrity by performing data integrity gap analysis.
- Develop control structures within EBS to ensure the accuracy and quality of data through all upstream and downstream data channels.

HARDWARE & SYSTEMS ENGINEER at EBS

• Sudan - Khartoum
• January 2014 to September 2017

Oracle Database Administrator at EBS

• Sudan - Khartoum
• January 2013 to January 2014

SOFTWARE DEVELOPER & DBA at FAERMER'S COMMERCIAL BANK

• Sudan - Khartoum
• September 2011 to December 2012