Manager Information Security GRC
Al-Rajhi Bank
Total years of experience :19 years, 7 Months
• Risk Assessment and Remediation Management
• Cyber Security Frameworks
• Leading Security GRC team & Consultants to achieve desired objectives.
• Security Reviews for Major Changes and representing Information Security Department in Change management committees such as (Change Advisory Board - CAB, Architecture committee and Release meetings).
• Information Security Governance (Frameworks, Policies, Procedures, Standards and Guidelines) Implementation and enforcement.
• Information Security Strategy and Road Map Planning, Implementation, Effectiveness and Maturity Management
• Liaison with Business and Management for the effective Implementation and enforcement of Security Controls, Identity and Access Management and Security Monitoring.
• Performed a Cloud Security Risk Assessment and treatment Project.
• PCI-DSS Compliance Programs Management for local and international branches.
• Data Protection Management (Data Leakage Risk, Data Security Architecture, & controls implementation)
• Compliance & Regulatory Management (PCI-DSS, SAMA, CBJ, Tadawul, CMA)
• Program Manager (E-Banking Risk Management, Data Protection / Data Leakage Prevention)
• Enterprise Security Architecture Implementation and Management.
• IS / IT eGRC Solutions Management and Automation
• Security Awareness Program Development and Management for Staff and Customer.
• Internal & External Audit Requirements Management
• Online Banking Security, Anti-Fraud, Brand Protection and Cyber Threats Management
• Implementing Information Security Management System / ISO 27001
• E-Banking Risk and Compliance requirements Management
• IS Incidents Management, Investigation / Forensics and reporting.
• Security Testing Program Management (Vulnerability and Technical Compliance)
• Security Assessment and Governance for ARB International Branches.
• Advance Penetration Testing and Red Teaming.
• ATM and POS Security.
* Leads the IT organization for the regional offices (Riyadh, Jeddah and Amman) and supervises the entire administration and maintenance of the company's IT infrastructure. Responsible for the whole IT and data center operations (24/7).
* Established a world-class data center for the launch of managed services with over 150 servers and network devices.
* Recognized by VeriSign/SecureWorks as the fastest technical team to establish the MSS business in MENA.
* Led the project to achieve BSI ISO 27001 certification.
* Formulated departmental 600k USD budget for building a disaster recovery site with more than 75 servers and network devices.
* Played a key role in designing, developing and implementing the processes, policies and procedures to achieve ISO 20000 (ITIL) for the SOC department.
* Developed DR/BC plans for managed services and data centers.
* Managed the deployment and architecture of datacenter WAN connections for newly launched services.
* Applied the ITIL controls (Incident Management, Problem Management, Change Management, Configuration Management and Release Management) across the IT organization to comply with the best security and ITIL practices
* Initiated and co-developed root cause analysis process to get beyond symptoms of mission critical service interruptions.
* Successfully led the design, development and implementation of AX2009 ERP and CRM solutions.
* Established and maintains vendor relationships and manage the purchase of hardware and software products and other IT supplies at the regional level.
* Creates short-term/long-term budgets.
* Established asset management practices and processes to track all IT assets from purchase to disposal.
* Created a supportive team environment that was defined by collaboration and knowledge sharing with a very high employee retention rate.
* Ensures that all processes, policies and procedures are in place in the company’s offices.
* Works - along with the project teams - to ensure implementation of internal systems.
* Successfully interacts with internal clients at all levels to resolve IT-related issues and provide timely solutions.
* Monitors IT KPIs and has greatly improved the overall performance of the IT Team.
Accomplishments :
--------------------------
• Successfully, created two Standby oracle Database nodes.
• Upgraded the Oracle9i Database (2 TB) to Oracle 10g Release 2.
Responsibilities:
-------------------------
• Directed installation, configuration and monitoring of Oracle Database and Standby Oracle database 10g under SUN Solaris platform.
• Facilitated Backup, Recovery and Performance tuning operations on all Databases
• Held multifaceted responsibilities like installing and configuring different Oracle products under various platforms including: SUN Solaris, IBM AIX, Linux, HP-UX, Compaq Alpha Server /Tru64, SCO Unix, Windows NT/2000/2003.
• Actively, involved in Implementing high availability & disaster recovery solutions (Oracle RAC, Data Guard and Fail Safe).
• Channeled Backup & Recovery strategies including (EXP/IMP, RMAN).
• Delivering many training courses like:
>> Oracle Database Administration 9i/10g.
>> Oracle Developer Suite 6i/9i/10g (SQL, PL‐SQL, FORMS, REPORTS).
>> Oracle Portal.
>> Oracle10g New Features.