Chief Information Security Officer
MCDR
Total years of experience :19 years, 0 Months
Develop, manage and improve a comprehensive information security risk-based program to ensure the integrity, confidentiality and availability of information assets.
Develop an IT security architecture roadmap that will identify security controls, and identify and assess technologies that will enforce the organization’s security priorities.
Develop, maintain, and promote information security policies, standards and guidelines. Ensure that controls comply with contractual obligations, corporate policies, and legal and regulatory requirements.
Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users.
Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address findings with collaboration of the Sr. Director of Compliance and Compliance Coordinators.
Create, communicate and implement a process to manage vendor risk, including assessment and remediation efforts to address such risks that may result from partners, consultants and other service providers.
Provide strategic risk guidance and consultation for corporate IT projects, including the evaluation and recommendation of technical standards and controls.
Establish and implement a process for incident management to effectively identify, respond, contain and communicate a suspected or confirmed incident with collaboration of the Sr. Director of Compliance and Compliance Coordinators.
Identify, assess, and prioritize IT risks to corporate data and systems, including external threats, cyber-crimes, internal threats and third-party risks.
LAST UPDATE APRIL 2018
Advise relevant stakeholders on the appropriate courses of action to mitigate or eliminate risk.
Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas.
Effectively manage an information security budget, and monitor for variances.
Provide regular reporting on the current status of the information security program to the senior leadership team and the board of directors as part of a strategic enterprise risk management program
1-Acts as expert for infrastructure teams in the plan, design, and delivery of IT solutions.
2-Advises teams of IT technology standard requirements, methodology and processes.
3-Drives short & long term architecture strategy for the overall IT project portfolio for key business segments.
4-Participates in proof of concepts to assist in defining technology direction and enabling business strategy.
5-Communicates and validates program architecture with infrastructure team, project management team, and technology services management team.
6-Conducts end-to-end technical plan design.
7-Develops long-term strategy for historical data retention and archival plan for storage needs.
8-Defines data retention, backup, and recovery methods and plans.
9-Develops enterprise standards to ensure compatibility and integration of multi-vendor platforms.
10-Design and develop infrastructure blueprints for the implementation of new solutions.
11-Responsible for impact analysis and design modifications to existing systems to support new solutions.
12-Develops specifications for interfaces from existing to new systems.
13-Maintain a common documentation library of standardized procedures and configurations
14-Provide third level support for incidents and problems in designated areas of expertise.
15-Analyze systems for security and efficiency
16-Explain best practices to upper management
17-Gather utilization metrics using monitoring tools to complete a performance assessment of the environment.
18-Developing, reviewing, and approving the installation requirements for LANs, WANs, VPNs, routers, firewalls, and related network devices.
1. Manage and liaise with Information Security Management & Chief Security Officer in identifying the bank’s security needs, to create and maintain a security conscious culture in CIB that complies with policies, procedures, rules and regulations.
2. Manage and liaise with IT Group Heads, Project Management, Change and Release Management in order to ensure proper integration of IT security controls across the Technology management discipline, identify security controls and requirements for the bank’s Business / technology projects as well as ensuring security readiness prior to any changes to the bank’s production platforms or new systems/applications launch/release.
3. Identify new security risks associated with new technologies and develop risk management plan and recommendations in order to ensure effective risk mitigation.
4. Understand and communicate the external and internal threat paradigm to the organization through monitoring of the changes in current threats and looking at trends for future threat analysis to enable the organization to plan the processes and design the environments proactively by protecting against known threats.
5. Ensure effective management of the Identity Access Management Program and the Security Infrastructure platforms, adequacy of its operations, availability as well as confidentiality and integrity of its information in order to enable the organization to control the processes and design the environments proactively by protecting against known threats.
6. Ensure proper analysis of security requirements (Secure code development, and others) within the overall projects, BRDs and SDLC processes, coordinate and ensure proper security architecture is in place across the bank’s information technology environment, in order to enable the organization to maintain the processes and design the environments proactively by protecting against known threats.
Working as computer technical support (help disk), database maintenance on MAXI MERLIN