Head of Trusted Advisory Services (Security Governance, Risk and Compliance)
National Bank of Abu Dhabi
Total years of experience :23 years, 4 Months
As the Head of Trusted Advisory Services of the newly formed Group Security Office and while reporting to the Group Chief Security Officer (GCSO), specialized in the development of Risk, Security and IT Strategies, Risk enabled Security Governance Framework, , IT & Security Operating Model, Governance Frameworks, and Sourcing Approaches. Key accountabilities included:
Established the Security Governance framework & revamped policies, procedures and processes in alignment with business objectives, industry standards (PCI DSS, NESA, ISO 27001) to conform to regulatory requirements and proper functioning of the Security Function;
Was nominated to lead the Merger with First Gulf Bank from Group Security Office to form the largest bank in the MENA region;
Defined, maintained and managed the risk focussed and business integrated Security Strategy process to ensure Security enables and supports the achievement of business objectives in line with the overall NBAD Corporate Strategy;
Developed the Group Security Performance Management Framework with relevant KPIs and KRIs;
Developed and implemented the Group Security Office and Group Security Steering Committee Charters to ensure effective governance;
Developed the Security Risk Management Framework aligned with NESA and NBAD’s Operational Risk Management Framework;
Performed Security Audits jointly with the Group Internal Audit and worked closely with the Operational Risk Management Unit to regularly report on the effectiveness of controls;
Worked closely with the Security Architecture & VAPT Teams to assess security controls around new technology led solutions;
Developed and maintained a formal Security Awareness Program covering Staff, Vendors and Customers across NBAD in line with best practices and industry standards to promote a Security aware culture across the Group;
Managed and implemented all Security related Local and International Regulatory and Audit findings and worked along other relevant functions and Security related professionals in international regions to ensure proper remediation and adherence;
Centrally developed and managed NBAD’s overall Third Party Vendor Cyber Security Risk Management Framework to ensure proper security due diligence is undertaken while evaluating or on-boarding Vendors and Service Providers;
Provided oversight on the development of Security Incident Management Program in consultation with IT Service Continuity, Business Continuity, Security Operations Monitoring Centre (SOC) and IT Incident Management Teams;
Program managed the PCI DSS Certification program within NBAD
Joined ENEC as the Head of ICT Planning & Delivery and assisted the ICT Director in setting up the ICT Department. Worked on a number of initiatives, summary of some of which are stated below:
Governance
Worked with the ICT Director in setting up the CIO Office within ENEC and lead the Information Security & Compliance team apart from Leading the Strategy and Planning function within ICT.
Managed ICT PMO, Supplier & Vendor Management, Business Relationship, Budget and Business Planning Teams.
Developed requirements for the development of ENEC’s Corporate ICT Strategy and worked with IBM in the development of the Strategy & Roadmap documents.
Worked with the Korean Prime Contractor, KEPCO & KHNP, to develop the Braka Nuclear Power Plant (BNPP) ICT Strategy. Reviewed the Strategy with the Korean counterparts on an annual basis.
Developed the ICT Outsourcing Model for the Infrastructure Team and Managed Services Contract.
Liaised with the Finance & Business Teams to receive project details to prepare the ICT Budget for the year 2010, 2011, 2012, 2013 in excess of AED 100 million and delivered with 10% variance.
Collated information from different ICT functions and prepared ICT Annual Report for 2009 for the CEO.
Responsible for developing the ICT Initiatives and Business Plan for 2010, 2011, 2012 & 2013 including KPIs and Metrics and ensured that the Business Plans were kept updated throughout the year. Was nominated as the Corporate Strategy Champion representing the ICT team.
Prepared Weekly reports for the ICT Director and Monthly Reports for the CEO and Corporate PMO Departments.
Assisted with the implementation of ISO 20000 processes within the ICT Team and worked intensively to augment the ICT Organizational Structure. Took the roles of Service Level (SLM) and Budgeting and Service Costing Manager.
Managed Projects
Managed the initial implementation of Oracle HRMS, Finance and Procurement & Supply Chain Modules.
Joined Ernst & Young as a Manager and was promoted as the youngest Senior Manager in the Abu Dhabi office within one year. As a Senior Manager in the Technology and Security Risk Services practice, strategic responsibilities included the development and deployment of business plans, resource plans and new products and services. Operational responsibilities included business development, project management and quality assurance of service delivery and client relationship management. Resource development included recruitment, counseling and career progression planning of resources and development of training plans. Exceeded annual personal sales, delivery and revenue targets. Initially recruited into a fledgling practice which focused mainly on information systems audits, played an instrumental role in developing the consulting practice and its revenues to a point where the Abu Dhabi practice is considered to be one of the key TSRS centers of Ernst & Young Middle East.
Emirates Nuclear Energy Corporation (January 2009 - May 2009)
Developed policies & procedures based on ITIL framework and ISO 27001 Standards including Organizational Structure and job descriptions.
Etihad IT Audit (January 2008 - March 2008)
Managed the entire IT Audit for Etihad Airlines which involved meeting senior IT executives and vice presidents. Discussed the key risks with the senior management to ensure smooth sign off of the audit.
Abu Dhabi National Energy Company (TAQA) - (November 07 - February 08)
Development of Information Technology and Security Policies, Processes & Procedures based on the ITIL framework and ISO 27001 standards. This assignment included conducting a current state assessment, gap analysis against the frameworks and development of Information Technology and Security Policies, Processes and Procedures. Also developed the organizational structure and job descriptions for the IT department.
Client Advisory and Systems Support
Supervised and managed client expectations on various projects at client sites working in teams delivering IT assurance and advisory services to clients. Advised and delivered solutions ranging from IT server and client audit, assurance, process improvement and modeling, due diligence to IT risk and control. Supervised various server operations teams for managing servers in order to increase efficiency and productivity. Devised strategies for upgrading systems to newer technologies.
Client Systems Analysis and Assurance
Provided complete email systems analysis and assurance for clients. Worked internally to improve the quality and standards of documentation provided on the Intranet. Identified risks, issues and problems and advised solutions to them. Ensured compliance with quality and performance standards and design integrity. Took lead designer role on a project and advised junior project staff involved in design activities.
Department for Work & Pensions (DWP) - 6 months (June 06 to February 07)
Currently assisting the department with lowering the costs of EDS contracts, and getting a 20% efficiency improvement within its applications development function, while also improving the consistency and effectiveness of the development and maintenance functions by using the Capability Maturity Model Integrated (CMMI) process improvement model. Designed and managed Business Processes for DWP's Performance & Service Optimization department. Ensured that strict procedures were followed and that the designed processes and other client deliverables were of the highest quality using industry’s best practice. Managing two consultants and reviewed their deliverables on the engagement.
Achievement: Awarded an Outstanding Contribution Award (OCA) on this engagement
Systems Design and Implementation
Designed and managed projects by implementing strategies to upgrade and roll out servers to newer technologies and operating systems. Worked with clients in the telecom and financial industry to plan and build their server infrastructures. Assisted in the selection of the technical platform and resolved design issues. Assisted analysts in translation of functional and non functional requirements into a specification (system design) of network infrastructural components. The client relationship built and performance on the assignment was appreciated with two achievement awards.
Systems testing and prototyping
Assisted in the definition of functional and performance testing procedures and documentation. The role involved working closely with different departments including R&D, design and production areas. Key outputs for the role involved planning and performing testing activities efficiently and effectively to meet project targets, co-ordinate testing activities, monitor and report progress on a regular basis as well as making a positive contribution to the teams effectiveness. Network resilience and throughput testing has also been conducted at different clients site.
Department for Constitutional Affairs - Aramis/Libra Project (London) - 10 months (Feb 05 - Dec 05)
Planning the migration of 10, 000 mailboxes alongside a technical architect from Microsoft Exchange 5.5 to Exchange 2003 Server using Quest tools: Exchange (EMW) and Domain Migration Wizard (DMW). Designed solutions for Goldfax, Faxination and EMC’s MailXtender archiving system.
Lloyd’s of London (London) - 4 months (Sep 04 - Dec 04)
Analyzing and assisting the Server Operations Team at Lloyds to manage their servers in order to increase their efficiency and productivity. Also managed and supervised a small team of consultants and provided with their performance evaluation and feedback.
MSc. in Analysis, Design & Management of Information Systems GPA: 3.5 Scholarship Awarded for 1/3 fees paid as grant
BSc Joint Honours in Computer Communication & Information Systems GPA: 3.6