Information Security Manager
Abu Dhabi Cooperative Society
Total years of experience :16 years, 6 Months
• Information Security Risk Assessment of different applications and systems in scope of PCIDSS v3.2 and ISO 27001
• Policy reviews and updates
• System Administrative support of Metric Stream GRC product in Riyad Bank
• Establish Risk Register of banking applications through GRC system
• Advise on numerous InfoSec solutions
• Measuring Information Security department KRI’s through SAS KRI system
• Measuring KPI in scope of ISMS by GRC System
• Develop Information Security KRI and KPI framework
• Provide Information security awareness training and developing framework with awareness messages
• Work for continuous improvement in ISMS program.
• Validate information security audit observations
• Implement ISMS program on Riyad Online Corporate channel and primary data center.
• Internal Control testing of Information Security department
• Ensure corrective and preventive measure on timely basis of ISMS program
• Review of Oracle & SQL Database access Control.
• Review of Active Directory of different (SaaS) environment through AD Manager Plus.
• Backups Audit of Oracle & SQL of different (SaaS) environments.
• Review of Windows and Linux Patch Deployment on monthly basis.
• Review of AD Password Policy.
• Supports information security awareness through assisting in development of training materials, facilitating orientations and drafting written communications.
• Annual review of Service Organization Controls (SOC 2 Type 1/2).
• Review SOC2 Report of Service Providers.
• Review the Sales Force Ticket Management System, Open Source Ticket Management system (OTRS) and HCM Ticket system by (Sea pine Test Track).
• Annual Canadian Standard on Assurance Engagements (CSAE 3416) Type 2 review of 3rd party Services
• Annual International Standards for Assurance Engagements (ISAE 3402) Type 2 review of 3rd party Services
• Ensure that monthly, semi-annual and annual application inspections are conducted accurately and in a timely manner.
• Ensure that all requests are properly authorized and approved by the application or business owner prior to committing the change.
• Process and manage IDs and access
• Overcome various internal and external Audit Observations of different domains as an Auditee.
• Evaluation and implementation of role matrices.
• Identifying Key Risk Indicators (KRI) of Information System in Risk Management Project.
• Creation of Risk Control Self-Assessment (RCSA) Matrix - INFORMATION TECHNOLOGY
• Creation of IT ICFR (Internal Control of Financial Report) on the requirement of SBP
• Review monthly backup reports of database on DR Site.
• Input into the design and implementation of the risk assessment methodology.
• Manage access control to systems such as file shares or document repositories.
• Identify and improve security processes and controls. Assist in implementing these improvements. Provide remediation support for deficiencies.
• Provide detailed technical information security advice and guidance to the support teams with in the IT units
• Responsible for configuration management involving strict adherence to change management process
• Establish and manage relevant SLAs with IT suppliers and ensure operational contracts are in place.
• Coordinates with SBP Audit/ Internal & External Audits of Information Technology Division.
• Organize, update and perform regular follow-up for compliance of SBP, Internal & external findings of IT Division.
• Access Control Administration (including process doc, resolution of all access requests and periodic reviews of User profiles / access rights).
• Manages user account update requests, including add/remove users and change permissions.
• Provide first level technical security support to business unit employees
• Contributing in DR Drills to ensure critical applications are accessible.
• Review security audit reports and address potential gaps and risks.
• Conduct DR Drill with maximum load on every year and create a report.
Achievements
As an essential part in two big integrations
Integration; of Prime Bank with ABN AMRO Bank.
Integration; of ABN AMRO Bank with RBS Bank.