IT Risk Manager | Auditor | Security Consultant | Quality Manager
National Digital Certification Autority (Certified ISO 9001:2008 by TUV Rheinland)
Total years of experience :14 years, 8 Months
*** Quality Manager System : ISO 9001 ***
- Project manager: Implementation of the Quality Management System (QMS) within the National Public Key Infrastructure “PKI” - Tunisia
- Scope definition
- Internal Audit of the Quality Management System: ISO 19011
- Risk Process Analysis (AMDEC)
- Writing and managing Quality documents (policies, processes, procedures...)
- Corrective and preventative actions
- Staff quality awareness training
- Generate and present Quality KPI and Dashboard to CEO
·*** IT Risk Manager and internal Auditor
- Plan, Design and implement risk assessment processes, procedures, policies…
- Develop Risk Management Framework;
- Conduct risk assessment and control effectiveness review for high risky processes
- Develop risk management strategies. Avoidance- Mitigation- Transfer- Retention risks
- Prepare and maintain the Inventory of Key Risk Indicators, KRI
- Control risk treatment;
- Risk reporting in an appropriate way for different audiences;
- Conduct audits of policy and compliance to standards, including liaison with internal and external auditors;
- Manage the external audit and manage the audit recommendation;
- Create risk management awareness program;
- Provide support, education and training to staff to build risk awareness within the organization.
- Internal and external penetration testing assessments including networks vulnerabilities scanning (Nessus) Application security testing, social engineering, log management (SEIM)
· *** Chairman of the Chief Information Security Officer Committee ***
- Evaluation of the security services offered by the NDCA according to the European standards ETSI
- Information security and information assurance
- Incident handling
- Policy and Standards Management, development of the security policies and operational procedures, Business Continuity Management, Disaster Recovery Plan...
- Developement and implementation of the security programs to protect and control the company assets..