IT Security
National General Insurance Co. PJSC
مجموع سنوات الخبرة :18 years, 0 أشهر
* currently managing and overseeing the cybersecurity framework of the company.
* incharge of all security compliance and risk matters ensuring all incidents, issues, assurance and audit assessments are addressed and mitigated on agreed timelines
* incharge of policy enforcement of controls
* review and check all security patches from low to critical are pushed and updated to all endpoints and servers on daily and weekly basis
*check and review all alerts and investigations triggered in the XDR solution and ensure remediation and closure
* ensuring that phishing simulations are conducted
* ensuring that all security audits and risk assessments are completed
* submit quarterly requirements to regulatory bodies for security compliance
* review and check Network Access Control is working with no hiccups or abnormalities within the corporate network
Unit: Transitioned to Information Security Team
• Performed and led PCI DSS, ISMS, ISO & ISAE Audit Assessments on all required processes within the organization
• Reviewed and assessed all alerts on the latest Cyber threats and trends
• Responsible for reporting to Schemes for Compliance Submissions bi-annually to scheme bodies
• Managed investigations for all infrastructure related alerts for clients, servers, malware infections, detections, etc…
• Managed and overlooked server scans with Tipper Scan & Symantec DLP tools for reviewing and checking data on servers and EDR level
• Managing and reviewing Trend Micro AV & AM tool on server integrity against latest viruses and malware threats along with file integrity monitoring
• Managed and handled proof point email investigations on blocked and/or quarantined messages for intended recipients/senders
• Reviewed and validated all accounts that are found/detected with suspicious actions that are alerted and raised through the RSA Security Analytics and Monitoring tool
• Managed and performed reviews on all cloud applications that are not being sanctioned under Cloud security broker BITGLASS (Hybrid CASB solution)
• Overlooked card discovery scans by initiating through Symantec DLP tool on all endpoints
• Performed and managed phishing awareness campaigns within the organization on quarterly basis
• Reviewed and assessed SOC Alerts (Infrastructures and IOCs).
• Conducted reviews on accesses that are found to be dormant in Active Directory.
• Reviewed and assessed GUARDIUM DB Alerts.
• Performed and managed Data Leakage Prevention assurance reviews
• Performed and managed access matrix reviews (Role Base Access Control) on quarterly basis
• Performed and managed Folder Access reviews on SailPoint - SIQ on quarterly basis
Responsibilities:
• Reassessed all reviews on all daily system audit logs generated and checked by dedicated staff for daily review and raise any discrepancies/gaps that have not been addressed/noticed.
• Designated and assigned team to attend and process accordingly during business hours post checking all workflow applications (Empower & Remedy) for pending or unprocessed requests.
• Reviewing all pending/unprocessed user requisitions submitted by users in all managed applications which are getting highlighted and escalated. Reviewed and approves all scheme related requisitions submitted and raised by users registered under the company’s principle profile (principal ICA)
• Conducting reviews on applications/systems (existing/new) to be taken over of its user management process and advise application owners on points/concerns found in the checklist found to be non-compliant to the unit’s policies (in accordance to current best standards and mandates) and have them build/enhance access control functionalities in applications/ systems found to be lacking controls.
• Reviewed and submitted monthly and quarterly listings of identity accesses for the company and its clients for access reviews and for billing purposes. Including risk report for any gaps found within the unit’s processes and controls.
• Prepared and submitted monthly analysis reports of workload volumes and team efforts
• Coordinating with Risk and Compliance team on audit evaluations conducted by external auditors for organization certifications on PCI-DSS, ISO-27001 (Information Security Standards), SAS70, SISA InfoSec, etc. Met and liaised with vendors who present and propose better solutions of enhancement for identity access management
• Served as Lead SPOC for external auditors for the organization’s certification/re-certification on PCI-DSS, ISO-27001 (Information Security Standards), SAS70, SISA, etc.
• Prepared and submitted merchant compliance reports to scheme bodies (Visa, MasterCard, UnionPay, etc…)
• Supervised and checked day-to-day Online and email requisitions from Emirates NBD group users and 3rd party banks. Supervising generated notifications/acknowledgment forms of user credentials that are dispatched through courier for 3rd Party Bank users.
• Maintained and updated (own) Security Administration Profile password(s) and accesses on a monthly basis. Hands-on testing of systems/applications for Logical Security parameters that are handed over to the unit.
• Processed PS Audit reports in AS400 (Vision Plus and Equation) on weekly, monthly and quarterly basis for Network International, Emirates NBD group and 3rd party banks.
• Trained UAE Nationals (if any) in familiarizing them on the systems & applications in both user profile security administration to End User interface. Conducted Periodic Quarter reviews on all managed applications for all profiles. Processed periodic reviewed feedbacks received through email and through online workflow application.
• Prepared monthly review presentation of the unit’s team scores and volumes. Prepared and provided evidence reports of the unit existing controls on a quarterly basis to the unit manager.
• Administering and processing day-to-day Online workflow applications Emirates Bank users and hard copy user requisitions sent by Network International on behalf of 3rd party bank users
• Managing Online Workflow Database system for any new application to be setup
• Generate and dispatch User ID hard copies of acknowledgment forms which are couriered to Network International for 3rd Party client users.
• Generate ATM and Credit Card PINS for EBI, EIB, Mebank credit/debit, process/print BANKLINE Pins; and handle associated filing(s). Processed daily Card PIN files uploaded on shared folder for generation of PIN Mailers. Documented and maintained all PIN Generation activities being conducted in the secured card personalization room.
• Maintain/Update Security Administration Profile password(s) and accesses on a monthly basis. Processed PS Audit reports in AS400 (Vision Plus & Equation) on weekly, monthly and quarterly basis for Emirates Bank units and 3rd party banks.
• Conducted Quarterly access review of all profiles on all managed systems & applications. Implemented Periodic Review feedback received through email or through online workflow applications. Activated and authorized HSM (Host Security Module) for Cryptographic Key Generation for custodian. Facilitated ATM TMK injection for all Emirates Bank ATMs across the country along with TransGuard personnel.
• Train UAE Nationals (if any) in preparing and familiarizing them on the organization’s system and applications in both administering user access management process for all banking applications to
End User interface.
لقد تم حذف الرابط بسبب انتهاكه لسياسة الموقع. يرجى التواصل مع قسم الدعم لمزيد من المعلومات.