Assistant Manager
American Express Saudi Arabia
مجموع سنوات الخبرة :7 years, 6 أشهر
ISO 27001 Lead Auditor in February ‘15
ISO13485 Lead Auditor in August ‘15
CSM - Certified Scrum Master in November ‘18
Career Highlights
IT Security Governance and Audit
Responsible for managing IT Security portfolio for Asia region.
Conducting Third Party supplier (some big 4 companies) on-site audits as per ISO27001 framework. To
validate adherence to physical and logical control requirements.
Desk audit to verify secure access configuration and adherence to technical control requirements.
Review local policies and procedures to verify the presence of procedural security control requirements.
Cyber threat awareness and relevant engagement procedures.
Working with suppliers on an annual basis to submit or update the IT security checklist and requirements and
supporting documents.
As part of Cigna International markets team, major role is to govern the Asian countries from IT Security
standpoint.
Developing customized checklist for different vendors depending on the services they provide.
Responsible for Risk assessment development and socialization.
Providing IT Security related consulting as and when required to Asia countries.
Performing onsite Data centre and offshore/onshore audits. Performed audits in Belgium, HK, Indonesia and
Sri Lanka.
As part of compliance, monitoring and tracking the application and OS vulnerabilities.
Since 4th
IT Security Audit and Compliance
Preparation of all the audits carried out in the organization. Documentation of process and procedures in line
with ISMS and organization needs.
Implementing ISMS in the current project for client.
Amendments whenever there are changes are required on standards and guidelines.
Preparation and front ending PCI DSS audit for specific projects.
Preparation and front ending ISO27001 audit.
Risk management, risk treatment and risk mitigation.
IT Security governance and compliance.
To maintain a consolidated risk register of all the risks identified after risk assessment.
Mentoring the staff whenever help is needed for all scheduled compliance activities.
Applications assessment in terms of threat and vulnerability.
Preparing monthly dashboard depicting current situation of the organization’s threat & Vulnerabilities.
Application auditing with respect to ISO27001 for a specific project.
Preparing dashboard of overall status of open and close risks pertaining to project applications for the review
of leadership.
To conduct IT Security related awareness Programme.
Discussion with respect to new threats and risks available in the industry. To train the employees / staff in
order to defend the organization.
Playing a key role for implementing ISMS for a UK based client.
Since 12th
courses: CRISC
. (
courses: CISM (Certified Information Security Manager)