Information & Cyber Security Risk Management
Department of Health
مجموع سنوات الخبرة :6 years, 5 أشهر
Develop, implement and monitor policies, procedures and guidelines to ensure protection of data asset as per ISO 27001/ ADDA & NESA Standard.
- Coordinate to conduct business impact analysis and risk assessment as per NCEMA.
- Identify key departmental risk representative and ensure completion of risk management
cycle.
- Monitor and control day-to-day identified/ observed/ reported new Gaps/ Risks.
- Participate in preparation and implementation of business continuity plans.
- Follow up on closing gaps, cases of non-conformity, improvement opportunities and risks.
Participate in reviewing and updating business continuity management system documents
and procedures for the sectors and affiliated centers in the department and affiliated entities. - Coordinate with the internal and external audit team of the business continuity system, and
provide support during the audit process.
- Preparing and participating in exercises to test business continuity plans.
- Identify, Monitor, Review High risk impact areas.
- Ensure risk review in a quarter bases and report the same with Top mgmt.
- Maintain competency of staff involved in completion of risk assessment
- Prepare all necessary documents to ensure a smoothly ADDA audit
- Develop annual information security awareness plan, based on training needs analysis and
check for effectiveness.
- Monitor/ ensure the effectiveness of risk management cycle.
- Identify and report high impact Risks to Top Mgmt. and propose best suitable mitigation plan.
- Develop, implement and monitor strategic plan, policies, procedures and guidelines to ensure protection of data asset as per ISO 27001.
- Develop annual information security awareness plan, based on training needs analysis and check for effectiveness.
- Identify, manage and evaluate information security risk/ threat assessment at regular interval and report to top Mgmt.
- Investigate incidents, classify category, propose mitigation plan, develop incident investigation summary and report to top Mgmt.
- Monitoring and controlling day-to-day access control, windows access review, VPN access, E-mail security, Firewall, etc. and maintain/ updates records.
- Evaluate, recommend and implement solutions for information security
- Promote continual improvement of ISMS, leading to progressive trend
- Monitor and review SLA’s and NDA’s for all third-party service provider.
- Assuring the compliance with all safety regulations concerning the technical equipment.
- Develop Annual Internal Audit plan and execute on timely manner.
- Assist and implement corrective action plan to ensure non-conformity are closed within the timeframe.
- Review of DLP policy and Monitor DLP activities and report to top Mgmt. for any suspicious activities.
- Assist NAC project on technical support.
- Assist as a technical expert for vendor evaluation for PAM solution.
- Develop annual information security awareness plan, based on training needs analysis and check for effectiveness.
- Develop information security awareness session to build employees competency.
- Conduct CAB meeting and review CR's and approve suitable action plan.
- Monitor and evaluate change management KPI and report to IT mgmt.
- Identify, classify and categorized data according to data management procedures.
- Monitor/review windows and VPN access and grant approval.
- Ensured all the security advisories from the govt. entities are registered, communicate them to respective team and assure the closure on time within the acceptable risk.
- Participate in review and analysis of security products and services and make recommendations
- Review security advisories/guidelines obtained from governess and regulatory bodies, respond with suitable action plan whiten tolerable risk timeframe.
- Identify and report high impact incident to IT Mgmt. and propose best suitable mitigation plan.
- Worked on risk assessment.
- Developed confidential data request form that is related to ADSIC standard.
- Attend Meetings with one of the security specialist there to discuss the threats.
- Organized Meetings and prepared Meetings minutes.
- Understood and worked on ISO 27001 standard.
- Performed system testing and reported the issues.
- Risk Management course - Linux operating system - System penetration testing