Sr. Manager - Information Security & Governance
Paladion Networks
Total years of experience :24 years, 3 Months
Information Security Policy / Procedure Documentation
o Information Security Governance Framework
o Information Security Strategy Development
o Information Security Policy Update / Revision
o Information Security Framework updates or Revision
o Information Security Procedures /Guidelines Update or Revision
Information Security Risk Assessment
o Information Security Threat Assessment
o Process Security Assessment
o Data Centre Security Assessment
o Development of Risk Treatment Plans (RTP)
Support various teams to implement controls as per RTP
Track and Follow closure of Risk Treatment Plans
Maintenance and Management of ISMS - ISO 27001
Conduct Internal Audits for ISMS - ISO 27001
Support User Awareness Campaigns
Prepare for external audits
Review and Support Technical Requirements related to Information Security
ITIL and ISO 20000 Policies and procedure Documentation
o Develop, Review and update ITIL processes.
o Maintain ITIL Governance Framework
o Manage IT Service Management implementation.
o Conduct Internal / assessment audits.
o Prepare for external audits.
Business Continuity Management
o Establish and document the BCM Plan and DR strategies, ensuring that all of the technical and business stakeholders have their requirements and constraints considered.
o Create and maintain the overall plan for executing the DR process, both in testing and in the event of an emergency situation.
o Provide oversight and assistance to the various technical teams as they develop their individual implementation and testing plans. Ensure these are appropriately added to the document control system and linked into the overall DR process plan.
o Collaborate with Information Security team to conduct threat, risk, and vulnerability assessments and work with technical teams to implement the DR strategy improvements recommended.
o Analyze Current State, conduct a full Risk and Business Impact Analysis (RBIA), affirm Business Process Priorities, and establish Recovery Time Objective (RTO) and Recovery Point Objective (RPO) for various business functions.
o Establish Business Continuity and Disaster Recovery Management Framework with accordance to ISO 22301
o Develop Availability and Recoverability Strategies and Procedures.
o Develop a detailed Business Continuity and Disaster Recovery Plan.
o Provide fault tolerance and ensure data integrity.
Maintain the ISMS and build and manage local security teams
Responsible for Regulatory Compliance
Responsible for Contractual Compliance
Responsible for Anti-Fraud Compliance
Responsible for Physical Security Compliance
Manage and measure contractual and Anti-Fraud compliance and create reports
Manage the incident response team
Coordinate Teleperformance Policy/Compliance Analysts
Conduct and maintain Vulnerability and Risk assessments.
Conduct and maintain an inventory of business information assets and assign owners, classification, criticality levels, and other relevant information to such assets.
Prepare the company for BCMS: 22301 Certification.
Conduct business impact analysis (BIA) to define and map RTO and RPO to business processes.
Conduct a risk analysis to identify, valuate, justify, and prioritize the controls to be adopted in order to preserve the confidentiality, integrity and availability of information.
Supervise analyzing the current technology environment to identify deficiencies and recommend solutions and areas of improvement.
Leads the operation and maintenance of the Information Security Management System based on the ISO/IEC 27000 series standards, including certification against ISO/IEC 27001, ISO/27002 and PCI-DSS where applicable.
Serve as the Payment Card Industry Security Officer as required in the PCI-DSS Security Standard and maintain the company compliant status.
Investigate security needs, and recommend information security improvements.
Liaison with and offers strategic direction to related governance functions (such as Physical Security/Facilities, Risk Management, IT, HR, Legal and Compliance) plus senior and middle managers throughout the organization as necessary, on information security matters such as routine security activities plus emerging security risks and control technologies.
Establish and maintain a review and monitoring system of processes, plans, implementations, operations and usage related to Information Security throughout the organization.
Evaluates existing systems, networks, and software designs for potential security and fraud risks, and resolves integration security issues across disciplines. Makes recommendation to enhance existing security infrastructure.
Play a leading role in developing the Company’s disaster recovery and business continuity plans in order to ensuring that such plans adequately cover business operations contingencies and incident response.
Establish an information security culture within the company.
Prepare and deliver information security awareness training sessions and campaigns.
• Overseeing the entire gamut of tasks related to IT infrastructure, applications and operations support for branches and offices
• Serving as part of the IT Team in order to ensure core administration system and provide required level of service to customers
• Liaising with team members and cross-functional peers to ensure adherence to the business plan and values of the company
• Interfacing with business teams and enhancing IT processing to improve and enhance the company’s business proposition
• Functioning as a liaison with the internal business owners and external service providers for ongoing issue management
• Developing the IT issue management process for use by internal customers and third parties
• Handling software & hardware technologies including Servers, SAN, VLANs, Firewalls, Switches, Network Monitoring Tools and System Backup and Archiving
• Supervising the design, implementation, maintenance and repair of the company’s web portal
• Formulating the departmental documentation and statement of procedure (SOP)
• Enforcing the disaster recovery plans, data replication and backup solutions to maintain the business continuity plan
• Devising and reviewing IT operational processes as well as managing staffing levels and quality of service
• Maintaining the infrastructure in line with company growth plans and changing business requirements
• Monitoring the contact center and quality management functions which have significant impact on the business unit operations
• Exploring and improving the systems and procedures required for the Service Team
• Implementing an incident process through Microsoft System Center - Service Manager 2012 to ensure timely response and resolution to escalated issues
• Articulating the standard operating procedures (SOPs), policies and guidelines that support the prescribed business process
• Driving the workshops with CRS Experts to define future state business process
• Performing the IT internal audits to prepare the company for ISO 27001 and ISO 20000 certifications
• Executing IT special projects including planning, managing and reporting the progress for new system implementations
• Acting as member of Change Advisory Board Committee (CAB) and Information Security Core Team Committee (ISCT)
• Coordinating with internal & external compliance auditors and consultants on both of IT service management and information security-related audits, risks and mitigation efforts
• Accountable for leading IT service management process and aligning it with (ISO-20000) framework
• Conducting the quality management internal audits for IT process and (ISO-20000)
• Spearheading the information security certification process (ISO-27001) and performing client’s wide risk assessment & business impact analysis
• Monitoring the installation and implementation of Microsoft Dynamics AX 2012 on customer environment
• Enhancing various systems and services which support core business activities and promote future growth
• Guiding the implementation of a new Microsoft Dynamics AX 2012 into the business environment, in addition to the current one (CRM 2011)
• Collaborating with key internal stakeholders including Sales, Marketing, Consulting, Client Services, Finance and Leadership Team to identify, understand, prioritize and deliver a CRM development plan
• Preparing functional requirements / specifications for system changes and identifying appropriate technical solutions
• Assuring that business-critical CRM platforms are always operational and conducting regular maintenance & system upgrades
• Tracking the Microsoft CRM over the company web portal.
Responsible for supporting the IT Governance program, which includes assisting with the review and updating of IT Policies and
Standards, maintaining the IT Governance Framework and supporting access governance processes (role design, access
Reviews…etc.).
Key Objectives:
Identify and implement improvements to IT Governance process.
Collaborate with IT subject matter experts to update and publish IT policies, and standards.
Leverage framework tools to incorporate industry/regulatory requirements and best practices into IT documents.
Build consensus with management and business partners to determine requirements align with business strategies.
Promote compliance to IT standards, procedures and guidelines developing communications for the IT Division and other Lines of Business regarding policies and standards; facilitating information sessions; and developing guidance documents.
Respond to internal customer queries and requests regarding IT policies and standards.
Create and maintain documentation to support analysis performed and recommendations/decisions.
Maintain knowledge of IT GRC (Governance, Risk and Compliance) best practices and regulatory/industry requirements.
Assist in facilitating and supporting access governance processes.
Analyze and present recommendations on proposed access role changes and new roles (IT and Business).
Participate in preparing, facilitating and managing access reviews.
Obtain and compile information; perform analysis; and generate IT Governance reports/presentations.
Knowledge and experience of IT & IS practices in a security conscious corporate environment.
Broad knowledge of security vendors, products and tools for implementing preventative, detective and corrective security controls.
Manage and monitor Security Incidents for all detected vulnerabilities.
Revise and develop the IT strategy.
Member of Change Advisory Board committee (CAB).
Perform the role of Change Manager as per ITIL V3.0 standards.
Maintain a program of activities that ensures IT services, security policies and procedures are complained with the professional standard.
Establish and maintain a review and monitoring system of processes, plans, implementations, operations and usage related to Information Security and Service Management throughout Xceed.
Member of ISMS, ITSM and PCI-DSS steering committee to prepare, assist and audit all related documents to achieve the standard compliance.
Member of Information Security Core Team (ISCT) to discuss all system’s vulnerabilities and actions taken towards them.
Produce regular reports for the audit and compliance committee of the Information Security Core team and Board of the Directors as a status updates for the ISMS, ITSM and PCI Frameworks in Xceed.
Collaborating as a liaison with corporate compliance, HR, IT, Finance and all related departments to ensure compliance with all standards.
Monitoring all departmental systems development and operations for security and privacy compliance.
Coordinate for internal audit plans, defines the Audit Objectives & conduct Internal Audit as per ISO/IEC 27001-ISMS & ISO/IEC 20000-ITSM Frameworks.
Coordinating for external audit processes of business owners.
Experience in working with third party vendors in long-term relationships, contract management and problem resolution.
Guide the Support Management team as they deliver a unique service, providing high quality information and support to
all company customers ensuring that SLAs are met and that quality targets are reached and maintained.
Key Objectives:
• Efficiently allocate incoming incidents to the team, prioritizing actions and monitoring team resource so that customer deadlines are met.
• Manage and monitor all levels of support for the systems/applications using CA Unicenter Service Desk System.
• Work with internal customers in defining business needs and identifying cooperative relationships to improve business processes.
• Meet on a regular and timely basis with IT management, and staff as needed to ensure proper communication flow, project status, and implementation schedules.
• Resolve problems presented by management, staff, and clients regarding work processes, policies, procedures, and methods.
• Building a systematic and integrated department policy.
• Develop and document project plans for projects as assigned.
• Design and implement IT Services Support processes, procedures, polices, and frameworks
• Assemble and manage teams to implement, operate and administer computer and software, networks and information systems.
• Enforce department policy and procedure.
• Communicating with other departments in planning for new projects and supervising its implementation.
• Developing and promoting IT training programs.
• Monitoring the whole team performance and direct their everyday activities to guide them to achieve the department objectives.
• Preparing the department budgets and business plans.
• Act as a liaison between IT Support team and other departments to coordinate in removing any obstacles could affect the workflow, whatever it is.
• Manage the flow of complaint handling system (CA Unicenter Service Desk) by applying ITIL modules to follow ISO-20000
• Track open customer issues; supervise the way of communicating the status to them.
• Monitor and ensure that all Computers are meeting the Information Security standard following to ISO-27001
• Test and implement new versions of products that required by the customer through their Statement Of Work (SOW).
• Follow up with customers to verify solutions are successful.
• Proactively contact customers to ensure their satisfaction.
• Member of Change Advisory Board committee (CAB).
• Member of Information Security Core team committee (ISCT).
• Perform, monitoring and reporting day - to - day operations and performance for all the Data Center servers and Client Operating Systems. Perform regular maintenance, system checks activities and detect / solve bottleneck points.
• Collaborating as a liaison with all related departments to ensure compliance with all standards.
• Responsible for SW Installation, administration, upgrade, Maintenance, Support & troubleshooting. Suggest tools and procedures to enhance systems performance.
• Improve efficiencies for the Service Desk system to improve the service quality and assuring customer satisfaction.
• Perform Systems routine backups, apply patches and upgrade / upload seismic packages using Kingdom Suite Seismic and Geological Interpretation and Geo Frame Reservoir Applications.
• Implement and manage Symantec Backup Exec application on all devices to retrieve all important data in the backup system.
• Create and review information security policies/ procedures.
• Conducting information security awareness sessions
• Maintain a regular inventory of all peripherals and manage them via Asset Management System.
• Establish a complete forecast plan for all required Software and Hardware through Strategic budgetary planning to be discussed with the management of the board.
• Evaluates existing systems, networks, and software designs for potential security risks, and resolves integration security issues across disciplines.
• Identifies significant cyber security weaknesses, recommending specific modifications and solutions to reduce information systems security risks. Develops strategies for responding to future security challenges.
• Maintain IDEAS ERP system, Data configuration and system Backups.
• Install, configure and test operating system and application software releases, and fixes in both test and production environments.
• Administer MS Exchange 2007 Mail Server.
• Prepare technical evaluation of tenders related to computer hardware and software for submission to bid committee.
• Monitoring and maintaining the computer systems as well as the networks within the organization
• Installing and configuring computer systems
• Diagnosing and solving hardware / software faults
• Logging customer/employee queries
• Analyzing call logs to spot trends and underlying issues
• ABAP/4 Developer in SAP R/3 system.
B.Sc. of Science Major: Computer Science Minor: Pure Math Grade: Good Graduation Project: Expert Systems & Artificial Intelligent Grade: Excellent