Ali Alammar

Direct and approve the design of security systems;
• Ensure that disaster recovery and business continuity plans are in place and tested;
• Review and approve security policies, controls and cyber incident response planning;
• Approve identity and access policies;
• Review investigations after breaches or incidents, including impact analysis and
recommendations for avoiding similar vulnerabilities;
• Maintain a current understanding the IT threat landscape for the industry;
• Ensure compliance with the changing laws and applicable regulations;
• Translate that knowledge to identification of risks and actionable plans to protect the
business;
• Schedule periodic security audits;
• Oversee identity and access management;
• Make sure that cyber security policies and procedures are communicated to all personnel and
that compliance is enforced;
• Manage all teams, employees, contractors and vendors involved in IT security, which may
include hiring;
• Provide training and mentoring to security team members;
• Constantly update the cyber security strategy to leverage new technology and threat
information;
• Brief the executive team on status and risks, including taking the role of champion for the
overall strategy and necessary budget; and
• Communicate best practices and risks to all parts of the business, outside IT.

Establish & maintain a framework to provide assurance that information security strategies
are aligned with the business objectives and consistent with applicable laws and regulations.
• Provide leadership and direction for all internal and external IT Audit activities.
• Implement information security policies and procedures for the organization to align
information security with business objectives.
• Identify and manage information security risks to achieve business objectives.
• Perform information security risk assessments and serves as an

Implement adequate security controls on information assets from vulnerabilities leading to
denial of service, unauthorized access and information theft.
• Quality Assure business applications.
• Systems and Software delivery process improvement.
• Responds to security events, determines root cause and recommends
• Corrective action by working with IT staff members.
• Coordinate the staff training and awareness program across the company.
• Evaluating new application vulnerability, perform vulnerability assessments on business
applications and make recommendations.
• Ensure compliance with all security polices and standards; responds to security events,
determines root cause and recommends corrective action by working with Business Systems
staff members.

Fix detected vulnerabilities to maintain a high-security standard.
• Monitor computer networks for security issues.
• Investigate security breaches and other cyber security incidents
• Maintain Policies and Procedures.
• Operating security incident and event management (SIEM).
• Perform penetration testing.
• Help colleagues install security software and understand information security management.
• Research security enhancements and make recommendations to management.
• Stay up-to-date on information technology trends and security standards.
• Investigate suspicious Activities, contain and prevent.

Operating and maintaining security tools such as AV, Vulnerability Scanner, and SIEM.
• Running and analyzing vulnerability and compliance scans to support continuous
monitoring reporting and vulnerability management.
• Using security configuration management tools to identify risks and track findings against
security policies and guidelines for mitigation planning and remediation.
• Implements and monitors security measures for communication systems, networks, and
provide advice that systems and personnel adhere to established security standards and
Governmental requirements for security on these systems.
• Monitor the virus submit mailbox and perform initial assessment of emails to determine if
they are SPAM, phishing emails, or malware.
• Submit tuning requests as needed to Network Security Services, Endpoint Security
Services, and Cybersecurity Data Analysis Services

Implement network security policies, application security, access control and corporate data
safeguards
• Analyze and establish security requirements for your networks.
• Collaborate with colleagues on authentication, authorization and encryption solutions.
• Evaluate new technologies and processes that enhance security capabilities.
• Test security solutions using industry standard analysis criteria.
• Deliver technical reports and formal papers on test findings.

Designing and implementing technical policies for user groups to adhere to
• Administering groups and organizational units in the system to correspond to business units
and teams requiring similar access levels
• Implementation and administration of Security systems and applications.
• Auditing user access and activities from log files.
• Securing and auditing Active Directory.
PROJECTS
• Single Sign-on Project (SSO), KFMC, 2019.
• Penetration Testing project (Pentest), KFMC, 2019.
• Privilege Access Management project (PAM), KFMC, 2019.
• Identity and Access Management project (IAM), KFMC, 2018.
• Mobile Device Management project (MDM), KFMC, 2018.
• Penetration Testing project, KFMC, 2018.
• Vulnerability Management project, KFMC, 2018.
• Security Incident and Event Management project (SEIM), KFMC, 2017.
• Data Loss Prevention project (DLP), KFMC, 2017.
• ISO 27001 Project, Almarai, 2016.
• Security Incident and Event Management project (SEIM), Almarai, 2016.
• ISO 27001 Project, King Fahad Medical City, 2017.
• PAM, Email Gateway, PT, EDR, FW and IAM, 2019-2020.