Lead Information Security Consultant
FIS
مجموع سنوات الخبرة :18 years, 2 أشهر
The company offers comprehensive range of consultation services specifically Incident Handling, Digital Forensics, Compliance and Risk Assessment, Network and Infrastructure, Secure Application Development, and Technical Support, to its customers across the MENA region.
Highlights:
• Developing FIS proposals and reviewing them before submission.
• Bid Management and analysis and member of the bids’ go/no-go evaluation committee.
• Responsible for the technical aspects for all projects delivery across GCC area and their implementation methodologies.
• Played an instrumental role in developing methodology and model for establishing digital forensics labs.
• Built strategic relationships with customers and strove to exceed their expectations by offering tailor-made end-to-end innovative and integrated information security solutions/services.
Key Responsibilities:
• Managing the delivery of technical security engagements including penetration testing, vulnerability assessments and network architecture reviews.
• Analyzing the client's overall security risks and requirements. Providing technical security insight, perspective and assessments on various technologies, products and resources.
• Facilitating the reassessment of the current technology architecture, analyzing system gaps and implementing a new technology roadmap to meet future needs.
• Developing, implementing and enforcing organizational information systems security policies and procedures.
• Planning with the operation team to define the product release schedule and assigning tasks to team members for on-time project deliverables, ensuring client satisfaction goals are met.
• Investigating information security incidents and breaches, determining the cause and effect(s) of the incident and providing incident response and forensics investigations report to clients.
• Training and supporting the local sales team for presales activities, setting goals/targets and enabling them to leverage client relationships to maximum extent possible to obtain a competitive position in the industry.
• Providing regular updates to the senior management on implementation success, potential delays and resource adjustments needed in order to achieve project goals.
Accenture is a management consulting, technology services and outsourcing company helping clients become high-performance businesses and governments. It is the world's largest consulting firm as measured by revenues and is a Fortune Global 500 company.
Highlights:
• Delivery consultant for advanced projects in Security Risk Management, Security Strategy, Cloud Security Assessments, and Enterprise Security Architecture with focus on Cyber Security projects.
• Conducting cyber security assessment for ICS/SCADA Systems on power grids for a utility company.
• Working on business development and presales activities for revenue generation opportunities.
• Communicate opportunities that enable businesses to thrive and achieve its business goals by enabling IT architecture.
• Involvement and contribution in more complex designs with regard to IT security expertise, providing guidance early in project planning and solution definition phases.
• A high contributor in designing IT security solutions according to business and architectural requirements & standards.
• Lead the provision of detailed specifications for ICT security solutions and supporting the development of testing plans.
• Lead, from an information security perspective, the supplier assessment process used in order to ensure that a supplier’s capability to support services to an agreed level/standard is accurately assessed and reported.
• Lead product evaluation activities to ensure products are fit for purpose and comply with minimum security requirements.
• Create detailed solution documentation to include architecture diagrams, SIEM strategy and governance processes, and SOC processes.
Key Responsibilities (Samples Only):
• As a part of an Enterprise Architecture Study, for a retail company, and its integration with security components, I worked to assess the customer’s information security maturity while planning for three years information security initiatives roadmap.
• Cyber security assessment for Industrial Control Systems (ICS), for a utility company, and assessing the risks for its interaction with the outside world and internal corporate network.
• For a chemical company (JV with a major Oil & Gas Company in the world):
- Developing cyber security strategy with the integration of intelligent cyber security capabilities through a three years security project roadmap.
- Member of the onsite incident handling team, leading and coordinating the incident handling activities till resolution and lesson learned phases.
- Developing Threat Management Framework to help the client assessing its attack vectors, inherent and emerging threats.
A leading universal bank in the MENA region with Investment Banking and Commercial Banking operations, it has a proud history of innovation, market leadership and dedicated client service.
Inducted as a Senior Information Security Specialist, charted a phenomenal growth curve through exceptional performance to merit promotion as Corporate Information Security Manager.
Designation Chronology:
• Jan ‘08 - Nov ‘12: Corporate Information Security Manager
• Apr ‘06 - Dec ‘07: Senior Information Security Specialist
Highlights:
• Served as member of the intrusion analysis team for EFG-Hermes Security Operation Center (SOC) and responsible for its architecture and operations in regional corporate offices.
• Dexterously handled responsibility for IT security and risk governance methodology for all corporate offices in nine different countries.
• Acted as a solution architect, pioneered technical solutions for the in-house development of Network Admission Control (NAC) system.
Key Responsibilities as Corporate Information Security Manager (Jan ‘08 - Nov ’12):
• Developed corporate wide Security Operation Center (SOC) in all corporate offices in 5 countries.
• Designed, implemented and supported the information infrastructure to protect the business from potential security breaches.
• Conducted IT risk assessment on new and existing infrastructure, to optimize IT risk posture and manage IT risk, performance and cost for maximum business returns.
• Assisted in the accomplishment of vulnerability assessments to assess the threats from potential hazards to the infrastructure. Provided status reports to the senior management with recommendations to mitigate/ eliminate the most serious vulnerabilities.
• Determined the efficacy of the enterprise wide security infrastructure and developed and deployed tools and procedures to safeguard organization’s information assets.
• Investigated and analyzed security incidents, customized the security incident handling plan according to the specific operational needs.
• Defined, directed and maintained a security strategy, developed information security policies and procedures ensuring compliance with every country’s regulations where the company has a presence.
• Liaised with different business units to implement the information security measures for new deployed systems or other business requirements whilst ensuring compliance with company polices.
• Formulated IT security budgets for new projects and controls to be applied in branches across the globe.
• Promoted best practice risk management through effective internal risk controls and monitoring. Reviewed monthly reports regarding the IT Security posture in the company for all its corporate offices.
• Assessed team’s current capabilities and delivery against goals and objectives, determined resource and training needs to optimize skill sets and budget requirements.
Key Responsibilities as Senior Information Security Specialist (Apr ‘06 - Dec ’07) :
• Directed and managed the evaluation/analysis of all technology changes within the organization’s business model, current and future needs. Participated in the development of security-specific policies, procedures and processes.
• Conducted vulnerability assessments to assess the threats from potential hazards to the infrastructure and followed up on the latest security patches.
• Handled the maintenance of IT Security Systems and their operations. Ensured products and services under management remain secure, current and operational.
• Directing security teams and deliverables, serving as the principle liaison for all technical and operational audits, whose scope includes a review of any security specific items and the development and presentation of all responses to noted audit findings, reporting status until resolution.
• Provided second level support to the help desk team, attended diverse request from users, assisted in creating/ maintaining operational procedures, to accomplish greater operational effectiveness/ efficiency.
• Monitored, tracked, reported daily health check for all security systems and monthly status report for different security events or incidents, recommended processes to improve quality/efficiency of operations.
• Stayed abreast of new developments in industry to enhance the security system on an ongoing basis and develop Information Security Policies.
• Deployed the following systems in all branches:
- Web Content Filtering systems and its corporate policies
- IPS (Intrusion Prevention System); network, server, host based IPSs.
- Locking Removable Media Software
- Multifactor Authentication Systems
- Vulnerability Assessment Software
- Enterprise Antivirus Software
- Hard disk encryption software for laptops
Previous Professional Experience:
• Jan ’05 - Mar ‘06: Systems Engineer, Middle East Network Solution (MNS)
• Aug ’03 - Dec ‘04: Software Engineer, Middle East Network Solution (MNS)
• Oct ’02 - Jul ‘03: Computer Science Instructor, Riyadh College of Technology
Thesis: Assessing Network Security through Automated Attack Graph Based Multi-Level Penetration Testing
• SABSA Chartered Foundation (F1 & F2), SCF Certificate, Abu Dhabi, UAE, April 2015. • ISO 27001 Lead Implementer, Riyadh, KSA, March 2013. • SANS Mentor for SEC504: Hacker Techniques, Exploits, and Incident Handling, May 2012. • ATM Security Conference, London, UK, October 2010 • SANSFIRE 2010, Baltimore, MD, USA, June 2010 - SANS MGT305: Technical Communication and Presentation Skills - SANS FOR508: Computer Forensics Investigations and response - SANS 561: Network Penetration Testing: Maximizing the Effectiveness of Reports, Exploits, and Command Shells - SANS What Works in Penetration Testing & Vulnerability Assessment Summit • CISSP, Cairo, Egypt, March 2010 • RSA Europe 2009, London, United Kingdom, October 2009 • SANS On Demand, SANS503: Intrusion Detection in Depth, June 2009 • SANS Oman, SANS560: Network Penetration Testing & Ethical Hacking, Muscat, Oman, April 2009 • SANS504: Hacker Techniques, Exploits and Incident Handling Certificate: GCIH, Egypt 2008 • MITSEC2008 (Middle East IT Security) Conference, Dubai, SANS540: VOIP Security • SANS Secure Europe, SANS502: Perimeter Protection in Depth, Brussels, Belgium 2008 • AmidEast, Cairo, Egypt, Managing Software Projects Course (PM), February 2008 • SANS On Demand, December 2007: - SANS452: IP Packet Analysis - SANS517: Cutting Edge Hacking Techniques - Hands On • ISS, Cairo, Egypt, ISS IPS Products, July 2006 • Synergy Cairo, Egypt, Cisco CCNA course, June 2006 • FGF Scholarship Cairo, Egypt, November 2003 - Microsoft Windows 2003 Track Courses - Certificate: Microsoft Certified System Engineer (MCSE) - Microsoft Certified Database Administrator (MCDBA) - Business Correspondence at Berlitz Training Center - Effective Communication and Human Relations at Dale Carnegie Training Center