Dawood Behbehani

• Development of information security strategy, security programme in alignment with business objectives and strategy.
• Managing and developing bank’s information security management systems, to achieve ISO27001 and CBK’s cybersecurity compliance.
• Developing, enhancing and reporting metrics (key performance indicators \[KPIs\], key risk indicators \[KRIs\]) and reporting to top management the effectiveness of the information security strategy.
• Ensuring that all divisions under Information Security are delivering their tasks and deliverables within the agreed timeframes.
• Managing information security projects and ensuring that they are delivered as per to their project plan.
• Provisioning security controls for business and IT projects and ensuring that all systems procured are in accordance with bank’s information security policies, procedures and security best practices.
• Reporting on the effectiveness of information security to Head of Information Security.
• Continually enhancing the unit’s operational process to achieve operations excellency.
• Ensuring Information Security compliance with the relevant laws, regulations, and information security related standards such as ISO 27001, PCI DSS, etc.
• Managing information security team members from operational and administrative prospective.
• Development of information security deterrence security controls to combat the booming information security threat landscape.
• Conducting incident response, threat analysis, and malware reverse-engineering.
• Conducting cyber security threat intelligence analysis targeting the bank and region’s financial industry.
• Deputising for the Head of Information Security.

• Managing and developing bank information security management systems, to achieve ISO27001 compliance and maintain information confidentiality, availability and integrity
• Defining and implementing controls to minimise information security risks, and performing security risk assessments and audits
• Researching innovation in banking information security, staying abreast of trends, networking with other information security professionals and recommending system improvements
• Actively promoting information security awareness among all bank staff and driving compliance with information security policies, standards and procedures
• Playing an integral role in setting the strategic direction for information security across the business and planning responses to incidents and breaches
• Contributing significantly to business recovery and contingency planning to achieve operational continuity
• Liaising extensively with cross-functional teams to identify current and future security vulnerabilities, and implementing measures to reduce risk
• Reporting on the effectiveness of information security
• Delivering training in security awareness
• Setting baseline controls and conducting security control reviews
Key achievements
• Successfully implementing an information security management system in compliance with ISO27001:2012 standards
• Reviewing, improving and enforcing security policies, procedures, processes and controls
• Implementing a new information security dashboard and security metrics, as well as a data classification project and a SIEM solution
• Initiating and leading a Bring Your Own Device project
• Deputising for the Head of Information Security

• Liaising with IT colleagues in the Head Office to implement changes to operational procedures, processes and hardware locally
• Overseeing all computer networks within the branch, including taking full responsibility for computer and information security
• Evaluating the design of new systems to ensure appropriateness, compatibility and regulatory compliance
• Providing technical input into system implementations and enhancements, particularly those requiring overnight processing or data interfaces
Key achievements
• Playing a key role in numerous successful projects, including an automated teller machine implementation, business continuity management, traditional business specification and IBAN project

Nov 07 - Jan 10 Senior IT Operations at Bank of Bahrain & Kuwait, Kuwait Branch
• Serving as primary technical contact for both critical and non-critical issues related to user desktop applications and the core banking application
• Resolving technical failures in a timely manner, automating application monitoring tools, and providing technical expertise for application upgrades as required
• Preparing technical training and process documentation for end users in addition to utilising, on a daily basis, an in-depth knowledge of core banking systems, Sybase and MySQL databases
• Managing user access to all systems and reviewing applications from a security perspective
Key Projects: Core System Upgrade, KASSIP STP, CSC, Document Management System & End-User Utilities