Hani Massalkhi

Developing a flexible annual IT audit plan using an appropriate risk-based methodology.
Plan and execute assignments in compliance with the applied auditing standards.
Prepare the Audit Programs and Update them continuously based on the new internal policies and procedures.
Identify areas of greatest IT risk exposure to focus audit resources.
Evaluate the adequacy of operating processes and internal controls.
Determine the adequacy of enterprise wide compliance efforts related to IT policies and internal control procedures.
Require appropriate corrective action to address deficient internal controls and follow up to ensure that management promptly and effectively implements the required actions.

General Duties
 Developing a flexible annual IT audit plan using an appropriate risk-based methodology.
 Plan and execute assignments in compliance with the applied auditing standards.
 Prepare the Audit Programs and Update them continuously based on the new internal policies
and procedures.
 Identify areas of greatest IT risk exposure to focus audit resources.
 Evaluate the adequacy of operating processes and internal controls.
 Determine the adequacy of enterprise wide compliance efforts related to IT policies and internal
control procedures.
 Require appropriate corrective action to address deficient internal controls and follow up to
ensure that management promptly and effectively implements the required actions.

Being held responsible on information governance as a whole by issuing the IT Security Policy
manual and by providing the overall strategic direction, support and review necessary to ensure that information assets are identified and suitably protected throughout the Bank;
 Leading and strategically directing the function, ranging from planning and budgeting to
motivational and promotional activities clarifying the value of information security;
 Being the secretary and a voting member in the IT Security Committee of the Bank;
 Coordinating with the External Auditor in all issues subject to the safe implementation of
fundamental IT security rules as required by IT security standards (BCC222, ISO 27k);
 Monitoring the IT operational risk in conjunction with the Risk Management department and
developing a formal policy for the IT operational risk.
 Planning, executing, maintaining, monitoring IT security plans, and implementing applied
standards to make sure that authorities are properly distributed as required.
 Monitoring and formalizing the users access and profiles based on formal policies.
 Monitoring the planning phases of all the IT activities to ensure its compliance with the security
standards of the Bank;
 Testing the IT activities, projects, and plans during execution, in the testing phases, and after
implementation to monitor its compliance with the security standards of the Bank;
 Conducting regular audits of IT security methodologies, rules and contingency plans.
 Preparing regular evaluation reports to general manager and the IT Security Committee.
 Addressing IT security incidents and ensuring the measures taken to prevent reoccurrence;
 Participation in the planning and testing of contingency planning, business continuity
management & IT disaster recovery in conjunction with relevant functions and third parties;
 Providing IT security awareness programs and trainings for employees;
 Recommending steps to be taken and participating in the investigation and remediation of
information security incidents or any violations to procedures established.
 Providing certain mechanisms for immediate monitoring of sudden incidents.
 Monitoring the Bank’s classified information.
 Monitoring and auditing all log files, processes, and transactions on the systems;

Identify areas of greatest IT risk exposure to focus audit resources. Promote the confidentiality, integrity and availability of information systes. Determine the effectiveness of management’s planning and oversight of IT activities.
• Evaluate the adequacy of operating processes and internal controls. Determine the adequacy of enterprise wide compliance efforts related to IT policies and internal control procedures.
• Require appropriate corrective action to address deficient internal controls and follow up to ensure that management promptly and effectively implements the required actions.
• Execute the weekly and monthly schedules for the different assignments. Assist in developing a flexible annual audit plan using an appropriate risk-based methodology.
• Execute the weekly and monthly schedules for the different assignments.
• Review compliance with the Bank’s guidelines for ethical business conduct and ensure that the highest standards of individual and professional performance are met.
• Identify areas of IT risk and appraise their significance in relationship to operational factors of costs and quality.
• Ensure that Management has defined an IT strategy to satisfy the bank’s business objectives taking into account all related risks.
• Ensure that IT Committee monitors IT investments which should be documented in line with established budget and approved by Senior Management.
• Ensure that an adequate Project Management process is developed to achieve the best cost/time/quality delivery of IT projec.
• Ensure that the Bank acquires the technology infrastructure that best supports the business applications in accordance with the IT strategy and regulatory requirements.
• Ensure that physical access controls are in place for defined locations within the IT Department.
• Ensure that contingency plans are developed and regularly tested.

Citrix Certified Administrator; Deploy and manage a centralized and secure architecture using
Citrix Presentation Server. Centrally administering line of business applications while providing
secure, rapid access to resources anywhere, on any device and any network.
 Install, administer AD and perform security administration functions, including creating users’
profiles, secure AD infrastructure, GP objects and access management.
 Manage and troubleshooting AD replication, DNS, DHCP, user and computer authentication
problems.
 Deploy and administrator Exchange Server, responsible for the administration, implementation
and development of Exchange server systems.
 Served on technical team that supports Exchange Server operations on a 24/7 schedule.
 Maintained several types of communication equipment, including Windows Server, AD, and
Microsoft Exchange.
 Hold complex responsibilities for configuring, installing and administering Windows servers
and telecommunications systems.
 Complete administration of Windows servers including Servers backup, security, Patch
management, service monitoring and automated recovery actions.
 Implement, configure, troubleshoot and maintain corporate Windows in users’ environment.
 Provide server level support for Exchange servers, AD Servers, Windows and ISA Servers.
 Manage, support and monitor infrastructure systems such as switches, routers, firewalls at
headquarters and local sites.

Provide service desk-based troubleshooting, support, problem and incident resolution and
ticketing documentation in timely manner.
 Complete administration of Windows servers including backup, security, Patch management.
 Install, administer AD and perform system security administration functions, including creating
users’ profiles, secure AD infrastructure, GP objects and access management.
 Manage and solving AD replication, DNS, DHCP and computer authentication problems.
 Administering of Windows servers including backup, security and Patch management.
 Implement, configure and maintain corporate Windows in users’ environment.
 Provide server level support for Exchange, AD, Windows and ISA Servers.
 Fulfilled administrative responsibility's including the maintenance, restoration and
troubleshooting of server class systems specifically Dell and HP.
 Install, repair the physical components of computers and assemble computers according to a
predetermined design and ensure that each component is fully powered and compatible.

Performed infrastructure maintenance and support of AD, Network Infrastructure, and
monitoring infrastructure.
 Work with groups within IT Infrastructure and IT Applications in resolving technical issues.
 Implement, configure, troubleshoot and maintain corporate Windows in users’ environment.
 Install, repair the physical components of computers and assemble computers according to a
predetermined design or create custom models and ensure that each component is fully powered
and compatible with every other component.

Provide service desk-based troubleshooting, support, problem and incident resolution and
ticketing documentation in timely manner.
 Managed User Accounts on Windows environment (Creation, Deletion, and Permissions).
 Install, repair the physical components of computers and assemble computers according to a
predetermined design or create custom models and ensure that each component is fully powered
and compatible with every other component.