Osama Salah

Selected within the capacity of security program leader position to lead the IT Information security transformation program at the Abu Dhabi Department of Finance. Serve as the recognized principal-level expert resource in cybersecurity planning and activities. Deliver technical support, guidance, and strategic direction on maturing information security management and governance best practices. Head and deliver projects from inception to completion such as GRC, risk management, vulnerability management, incident response planning, and NESA compliance maturity.

Key Achievements:

Increase the efficiency and performance of company functions by developing and executing a new risk management process.
Meet strict IT security control by improving the vulnerability management program
Increasing incident management maturity through process changes, playbooks and tabletop exercises.

Played a key role in leading the IS Planning and Governance practice to ensure the seamless running of functions. Recognized as an integral member in leading and chairing the ICS Information Security Steering Committee driving IT/OT convergence. Identified potential problems by creating and implementing the risk management program. Ensured the adequate management of IT/OT NESA compliance and advising OT on ICS security best practices.

Key Achievement:

Co-ordinated and led IT/OT steering committee to step up and achieve pragmatic NESA compliance.

Strengthened and maintained the operational integrity of the technologies and services provided, including servers, network, radio and paging systems, applications, and cloud services. Leveraged technical capabilities during the management and maintenance of the security infrastructure to protect the business.

Key Achievement:

Streamlined resource allocation and team collaboration.
Improved asset life cycle management

Performed various operations as a pragmatic Information Security, Governance and Risk Management Leader with consistent success in leading information security programs. Spearheaded the development and implementation of the risk management program. Administered the development and improvement of IT Governance, including ISO 27001 certification and NESA compliance. Directed several large-scale initiatives, including development and implementation of security awareness and risk management programs and IT service management best practices. Developed and improved the incident response management practice covering incident response playbooks and tabletop exercises. Conceptualized and formulated the IT disaster recovery and DR test plans.

Key Achievements:

Build a vulnerability management program to mitigate and prevent exploitation of IT vulnerabilities covering asset discovery, vulnerability assessment, prioritization, patch management, and configuration management.
Instrumental in deploying application whitelisting to workstations and servers resulting in zero malware infections since deployment.
Achieved and adhered to compliance with ISO 27001 standard as well as ensured compliance with NESA standard, leading to a large reduction of non-compliance in external audits to next to none.
Devised, defined, and formulated well-developed plans and strategies to generate world-class performance, efficiencies, and solutions without compromising security or quality metrics.
An early adopter of Managed Security Services to improve SOC operations and deal with skills and resource constraints.
Managed ITSM project covering the rollout of Remedy and ITL processes.
Institutionalized the Enterprise Architecture practice.
Managed the Microsoft Enterprise Agreement ensuring compliance and maximum benefits utilization.