EMEA Information Security Responsible
SOPRA HR SOFTWARE
Total years of experience :15 years, 6 Months
Job: Information Security Responsible (EMEA)
ISO 27001 Implementation Within SOPRA HR France & Tunis
ISO27001 Policies and Procedures elaboration
Statement Of Applicability gap analysis and measures definition
Risk Management (Assessment & Treatment Plan)
Clients questionnaires fulfillment and compliance plan follow-up
Physical and environmental security implementation
Physical access management review
BCP documentation and Test
Employees Awareness training
Internal audit & actions follow-up
Management meeting progress presentation
Manage ISO 27001 implementation/certification for 10 Vermeg’s sites (Tunisia, France,
Belgium, Luxembourg, UK, USA and China)
• SOC2 type 2 preparations (Scope of 2 products)
• Risk Management
1. Risk identification
2. Risk assessment
3. Risk treatment plan definition
4. Risk communication and follow-up
• Internal Audits planning and performance
1. Laptops audit
2. Servers audit
3. IT Room audit
4. Physical Security audit
5. HR Security audit
6. GDPR audit
7. Network Segregation audit
8. Suppliers audit
• Corrective and preventive actions follow-up with different
teams(IS, IT, HR, Facilities, Purchasing, Dev, etc..)
• Coordination with the different suppliers for pentests of critical
Applications
• BCP test scenarios definitions and coordination for completion
• Conduct weekly Information security meetings to follow-up with major stakeholders
• Conduct Information Security awareness trainings for new joiners
• Policies and procedures review
• SPOC with all Vermeg clients to provide security assurance via
questionnaires, conf calls or on-site audits
• JIRA access requests approval
• Incident management
Local IT team management
• Risk Management
• Ensure the availability and continuity of IT infrastructure
• Physical IT Room Security study and implementation
• Coordination with the different suppliers and make sure they are meeting the
expectation
• Provide weekly reports to the general manager
• Training of end users(Procedures, Policies and best practices)
• Ensure the application of global company policies and procedures
• Closure and sign off for infrastructure project
• Project management for production projects
• Coach and guide the local it team members in order to meet the business requirements
• Conduct appraisals and discuss the personal development plan
Team management
• Define a job function for each team member
• Separate functions within the team members to ensure performance, efficiency and
segregation of duties
• Make sure a handover is done to a secondary task responsible to ensure the business
continuity in case of leave, sickness or vacation
• Schedule a bi-weekly one to one meeting with the team members to discuss performance,
updates, progress and behavior in case of need
• Lead bi-weekly team meetings to discuss the team progress and make sure the team share the
same vision and focus
• Define team objectives, discuss personal objectives and conduct appraisals
• Personal Development Plan
• Escalation Management
• Listen to the end users and management escalation
• Asses the criticity, urgency and the impact of their request
• Explain and discuss the agreed SLAs
• Ask for prioritization in case of need
• Project Management: Infrastructure
• Study and implement a new network architecture(level 3 load balancing and network
segementation)
• Study and implement a new system architecture(migrate from physical to virtual
environment with two redundant hypervisors and storage array
• Implement a physical monitoring box
• Study and implement SAGE Intranet HR for leaves and HR requests
• Migrate from SEP 12.1.3 to SEP 12.1.5(Antivirus)
• Migrate from SCCM 2007 to SCCM 2012(Patch Management)
• Study of a disaster recovery plan (DRP)
• Study of firewall replacement
• Compliance
• 90% progress on WAVE1 project to make sure KPMG Tunisia is level 1 certified considering
KPMG international standards
• Schedule and make sure monthly reviews are conducted(Antivirus, Patches, IT Room access,
starters and leavers…etc)
• Communication
• Schedule meetings within the major business stakeholders to understand their vision and
share updates
• Prepare a monthly report to the top management
• Induction training for the new starters to make sure they understand the local policies and
procedures
• Coordination with various technology teams and escalate technical issue if
necessary(level3)
• Supplier relationship management
• Negotiate contracts and pricing with the new suppliers
• Chasing and make sure the supplier is able to meet the company’s expectation
Job :
Study and implementation of virtualization infrastructure :
Installation and configuration of a virtual Data Center :
• Installation and configuration of VMware ESX 3.5 on four SUN physical servers
• Creation of New virtual machines based on Redhat or Ubuntu server as OS
• Migration of 80% of existing physical servers to virtual machines using
VMware converter
• Installation and setup of VMWare Vcenter and License server
• Configuration of HA and DRS
• Management and Monitoring through virtual infrastructure client connecting
to Vcenter
• Vyatta : routing, VPN, Firewall (virtual)
• Knowledge of Vsphere and the cloud new products and solutions
courses: Field: telecommunications Degree: telecom Engineer
- 2003Baccalaureate Field: