Manager, Information Security & Compliance
Banawi Industrial Group
Total years of experience :17 years, 10 Months
• Manage information risk to an acceptable level to meet the business and compliance requirements of the organization.
• Establish and manage the information security program in alignment with the information security leading practices.
• Plan, establish and manage the capability to detect, investigate, respond to and recover from information security incidents to minimize business impact.
• Managing and delivering Information Management & Security related advisory projects.
• Responsible for managing complete lifecycle of IT Governance and Information Security related projects from analyzing RFP, developing proposals, project delivery and post project activities.
• Conducting internal and external IT Governance related trainings for staff and clients.
• Conducting Information Systems Process Re-engineering projects.
MAJOR PROJECTS
DEVELOPMENT OF DISASTER RECOVERY PLAN FOR MHD OMAN AS TEAM LEADER
DEVELOPMENT OF DATA CLASSIFICATION FRAMEWORK FOR OETC AS TEAM LEADER
IMPLEMENTATION OF (ISO 27001) INFORMATION SECURITY MANAGEMENT SYSTEM FOR MUSCAT SECURITIES MARKET & MOHSIN HAIDER DARWISH OMAN AS TEAM LEADER
INFORMATION SYSTEMS AUDIT TRAINING AS INSTRUCTOR
DEVELOPING PROJECT MANAGEMENT OFFICE FOR OETC AS TEAM LEADER
• Information Technology Process Control Assessment and Consultancy Services.
• Revenue Management Chain & Revenue Assurance Advisory.
• Appraisal of Information Security Management System.
• IT Audits and Information System Evaluation.
MAJOR PROJECTS
IT PROCESS AUDIT & EVALUATION FOR NATIONAL BANK OF OMAN
CORE BANKING SYSTEM DATA MIGRATION ASSURANCE PROJECT FOR BANK MUSCAT
CORPORATE SECURITY AFFAIRS ADVISORY PROJECT FOR OMAN LNG
IT PROCESS AUDIT & EVALUATION FOR OMAN QATARI TELECOM (NAWRAS) AS TEAM LEADER
IT ORGANIZATION RESTRUCTURING USING ITIL FOR OMAN GAS COMPANY (OGC) AS TEAM LEADER
DEVELOPMENT OF IT STRATEGIC PLAN USING COBIT FOR OETC AS SECTION TEAM LEADER
INFORMATION SECURITY MANAGEMENT PROJECT FOR OMAN AIR SERVICES AS TEAM LEADER
ORACLE ERP INTEGRITY REVIEW FOR GDI QATAR USING EY ANALYZER
DEVELOPED SELF ASSESSMENT WORKSHEETS FOR BANK MUSCAT BASED ON E&Y IT EFFECTIVENESS METHODOLOGY
• Information Risk Management Advisory for systems in use by the clients.
• Assessment of Security Controls in place for the safeguard of information assets.
• Business Process controls review.
MAJOR PROJECTS
Entity level controls assessment
Financial reporting process review
Logical and Physical security assessment
Change Management Procedure Implementation
Data Backup system and Disaster Recovery Plan review.
MAJOR CLIENTS
United Bank Limited
DHL Express Pakistan
NJI Life Insurance Company
Engro Chemicals Pakistan ltd.
• Installation, Commissioning and Technical Support for THALES’ Communication & Transaction Security Equipments for ATM Networks & Secure Card Payment Systems:
HSM (Host Security Modules), DC2K (DataCryptor 2000), P3 (Personalization Preparation Process)
• Technical support to the Master Card & VISA International regarding DTUs, Routers, Firewalls.
• To setup Network Infrastructure for Voice communication over Internet for Tele Marketing.
• To design and implement CMS (Call Management System).
• Technical support for Asterisk System.
Certified Information Systems Security Professional (CISSP) is an independent information security certification governed by International Information Systems Security Certification Consortium also known as (ISC)². A CISSP is an information assurance professional who defines the architecture, design, management and/or controls that assure the security of business environments. The vast breadth of knowledge and the experience it takes to pass the exam is what sets the CISSP apart. The credential demonstrates a globally recognized standard of competence provided by the (ISC)²® CBK which covers critical topics in security today, including cloud computing, mobile security, application development security, risk management and more.
The ISO 27001 Lead Auditor certification consists of a professional certification for auditors specializing in information security management systems (ISMS) based on the ISO/IEC 27001 standard and ISO/IEC 19011. ISO 27001 Lead Auditor certification is the recognition that the individual can be engaged by certification bodies to perform information management system audits under their direction and management system.
Certified Information Systems Auditor (CISA) is a professional certification for Information Technology Audit professionals sponsored by ISACA, formerly the Information Systems Audit and Control Association. CISAs are recognized internationally as professionals with the knowledge, skills, experience and credibility to leverage standards, manage vulnerabilities, ensure compliance, offer solutions, institute controls and deliver value to the enterprise.
Computer Engineering is applied reasoning which requires the ability to implement ideas through Software and Hardware technology. The Course is concerned with software and hardware aspects of Microprocessors, Mini-computers and Main-frame computers. The course is designed in such a way so as to facilitate young Computer Engineers to be able to work in the field confidently or take advanced studies and research work in the related field. The course is also supplemented through laboratory work and seminars. Ample computing facilities with modern computers are available.