Senior Information Security Officer
Abu Dhabi Media
Total years of experience :15 years, 3 Months
Abu Dhabi Media Company is a vertically integrated media company, operating across the broadcast, publishing, and digital media sectors. Khaled role was to manage the overall information security governance effort in the company which includes setting up information security strategy to in line with the overall goals and objective of ADMC, develop information security framework to support the information security strategy, define and communicate the roles and responsibilities related to information security. Develop and maintain information security policies in line with the strategic goals and objective of information security, manage information security risks and compliance program across the company.
Role responsibilities and activities:
Lead the development of a comprehensive information security program based on international best practices and standards such as ISO27001 and ADSIC
Managing the development and continuous review of Information Security Policies, procedures and processes across the organization to ensure it reflects current need, laws, regulations and best practices.
Recommend, define, and document Information Security roles and responsibilities in line with best practices
Manage the overall information security risk management effort in the company
Establishing and maintaining information security awareness program to promote an effective security culture across the company
Manage information security compliance program across the company
Supervise information security internal audit and manage the communication with external auditors
Developing and implementing information security incident response framework across the company
Establish information security metrics to evaluate the effectiveness and efficiency of the information security program
Establish communication plans to report information security activities and operations across all levels
Major Projects:
Managing information security risk management project for 56 business services across the company which includes conducting BIA, AV&PT assessment, systems configuration review and process risk assessment.
Implementation of Information security GRC portal which is used to manage the overall information security governance processes
Development and implementation of Information Security Incident response framework by assessing the current capabilities and identification of gaps, development of information security incident management governance structure based on industry best practices, development of a road map to reach the targeted state to be able to respond to information security incidents within acceptable timeframes
Managing information security awareness program which includes the implementation of online LMS to provide ADMC employees with information security awareness materials. Conducting in class workshops, development of information security induction program for new joiners.
SCA is a federal regulatory Authority responsible for setting the rules and regulations related to the capital markets in UAE. Khaled role was not limited to network security. Due to the lack resources Khaled worked on different domains in information technology and security during his employment in SCA. In summary he was managing the overall Information Security Management System, Install and maintain network and security infrastructure, managing risk assessment, managing information security policies development, managing information security awareness activities, managing information security audit activities and preparing studies about best practices in information security.
Role responsibilities and activities:
Evaluation and selection of IT security products and consultation services.
Participating in the design and implementation of the IT security architecture and infrastructure
Developing, maintaining and updating the Information Security policies and procedures
Preparing, reviewing and performing drills for the Disaster Recovery Plan
Preparing & maintaining Information Security risk management framework, Conduct risk assessment & prepare risk register
Performing coaching and Information security awareness training
Conducting periodic information security audit as per ISO27001 standard
Managing penetration testing and vulnerability assessment activities
Implementing and Managing different IT and security solutions :
Network Proxies: MS-TMG with Websense Web security filler, Bluecoat proxySG
Endpoints security: MacAfee complete End point protection
Network load balancer and application firewall: F5 BIG-IP
Network firewalls : Cisco PIX, juniper SSG and SRX
SIEM: Juniper STRM
Secure Remote Access: Juniper SA
Secure wireless : Juniper RingMaster and Smartpass
Network Switches : Cisco Catalyst switches, juniper EX-Series
Major Projects
ISMS implementation and certification project based on ISO 27001:2005.
Disaster recovery and business continuity planning and implementation which include conducting BIA, identifying critical service, designing and implementing disaster recovery site.
Application platform security project. Which includes the deployment of application load balancer with application layer firewall
Network infrastructure security upgrade project which includes the implementation of core firewall, secure WIFI, network access control and secure remote access with two-factor Authentication.
End point security improvement project which includes implementation of the following technologies Anti-malware, HIPS, HFW, HDLP, End point encryption and secure removable media.
Information security awareness program which includes conducting social engineering tests, security posters, security tips and awareness workshops
2 years MBA with 48 credit hours
5 years with 162 credit hours