Cyber Security Consultant
IExpert Solutions
Total years of experience :9 years, 4 Months
To ensure constant review and to understand the evolving and emerging compliance
requirements and incorporate them in the division compliance program.
To assist the section and the department manager in establishing a compliance
program ensuring compliance with relevant regulatory requirements affecting cyber
security across the organization.
To work with and involve representatives from key areas for the successful
implementation of the information security compliance program.
Conduct gap assessment to identify compliance gaps, propose remediation plan, work
with owners to ensure the gaps are addressed timely and also to ensure the gap
assessments result in the update of cyber security policy, standards and procedures
to accommodate any necessary changes.
To ensure that all critical information security compliance programs including PCI
DSS, ISO 27001, Saudi Arabian Monetary Authority ("SAMA") e-Banking rules,
SAMA framework and other mandates from SAMA, Capital Market Authority
("CMA") and CA-CIB and other mandatory (inter)national industry standards are
complied.•Assisting security projects DLP, Splunk and End point security.
Application Security, determining the most effective way to protect computers,
networks, software, data and information systems against any possible attacks.
Interview staff and heads of departments to determine specific security issues.
Performing vulnerability testing, risk analyses and security assessments.
Research security standards, security systems and authentication protocols.
Prepare cost estimates and identify integration issues for IT project managers.
Plan, research and design robust security architectures for any IT project.
Test security solutions using industry standard analysis criteria.
Deliver technical reports and formal papers on test findings.
Provide technical supervision for (and guidance to) a security team.
Defining and implementing and maintain corporate security policies.
Responding immediately to security-related incidents and provide a thorough postevent analysis.
Updating and upgrading security systems as required.
Interact with the technology, legal, and business stakeholders to understand risks critical to infrastructure
and de ne the potential business impact.
Develop, prioritize, and publish comprehensive company-wide strategies, policies, procedures, and
guidelines related to IT compliance, as well as information privacy and security.
De ne, coordinate, execute, and assess audits with other members of our Technology team to create
pragmatic action plans and monitor their execution and completion
Develop, prioritize, and publish an organization-wide risk register to re ect the company's overall risk
pro le.
Advise senior leadership on risk management issues.
Proactively identify threats and vulnerabilities, and collect, correlate, and analyze data to detect actual or
potential security-related incidents.
Assist with third party vulnerability testing process; document and report results to management.
Pro cient in NIST Cyber Security Framework, ISO 27001/27002, NIST 800-53, COBIT and COSO frameworks.
Testing and reporting of compliance levels and adherence to policies, standards and regulatory
requirements.
Provide guidance in de ning and the documentation of secure design speci cations and ensure alignment
with enterprise standards.
Share/leverage successful products, processes and best practices across the organization.
Conducts security awareness training
Investigates security requirements and assist IT and business partners to understand and implement such
requirements.
Communicate with IT administrators, developers and support teams to help improve the Company's
security posture.
Responsible for developing and implementing IT security and risk management frameworks and policies.
Develop and implement a Line 2 IT Risk Management Framework, supporting the design on Line 1 control
environment and build out risk policy and procedure.
Develop and establish IT risk reporting against established enterprise risk metrics
Conduct performance reviews and contribute to performance feedback for all levels of staff.
Manage, train and coach local IT Risk team, which supports regional objectives of CIB United Kingdom IT
Risk Management.
Fostering and developing strong networks (local, area, global) with key service line champions in the global
rm.
Manage communication and coordination with key stakeholders in the United Kingdom; in relation to IT
Risk Management.
Develop and maintain an IT roadmap in collaboration with the partners :
Liaise with stakeholders to develop new systems and processes.
Research and recommends new systems.
Procure, install and con gure hardware and software.
Project management and delivery.
IT security and compliance:
Comply with the GDPR from an IT perspective (European Clients).
Maintain effective system backups.
Develop, maintain and verify disaster recovery plans.
Monitor and maintain effective IT security systems.
Day-to-day support for around 40 end users.
Employee on-boarding / leaving procedures.
Equipment maintenance, repair and replacement.
Provide general technical expertise to other departments, e.g. e-commerce.
Liaise with external support providers.
Manage relationships and contracts with external providers:
Leased equipment, such as printers, Telephony equipment and services, Network equipment and
connectivity services.
Negotiate with suppliers to obtain the best value for the business.
User training
Contribute IT policies and procedures for inclusion within the Operations Manual to enforce standardised
working practices throughout the business.
Support the business operationally on a day-to-day basis by offering advice and troubleshooting IT issues.
In all cases, the need to arrive at satisfactory outcomes quickly and ef ciently is key to ensuring the
successful running of the business.
Contribute new ideas to achieve the goals of the business.
Work closely with other managers to ensure the goals of the business are met.
Critical Analysis, Advanced Topics in IT Security, Computer Security, Information Security Management, Trends in Cyber Crime, IT Project Management.