Executive Manager IS Governance, Risk and Compliance Department
AlRajhi Bank
Total years of experience :14 years, 10 Months
IS Governance, Risk and Compliance
Being an Information Security Governance, Risk and Compliance Section Manager, i am currently handling this Function and leading IS-GRC Team on Bank-wide level, including International Operations, current duties include, but not limited to the following:
- Risk Management
- Cyber Security
- leading Security GRC team & Consultants to achieve desired objectives.
-Information Security Governance (Frameworks, Policies, Procedures, Standards and Guidelines) Implementation and enforcement.
-Information Security Strategy and Road Map Planning, Implementation, Effectiveness and Maturity Management
-Liaison with Business and Management for the effective Implementation and enforcement of Security Controls, Identity and Access Management and Security Monitoring.
-PCI-DSS Compliance Programs Management for local and international branches.
-Data Protection Management (Data Leakage Risk, Data Security Architecture, & controls implementation)
-Compliance & Regulatory Management (PCI-DSS, SAMA, CBJ, Negara Bank, Tadawul, CMA)
-Program Manager (E-Banking Risk Management, Security Awareness, Data Protection / Data Leakage Prevention)
-Enterprise Security Architecture Implementation and Management.
-IS / IT eGRC Solution Management and Automation
-Security Awareness Program Development and Management for Staff and Customer.
-Internal & External Audit Requirements Management
-Online Banking Security, Anti-Fraud, Brand Protection and Cyber Threats Management
-Implementing Information Security Management System / ISO 27001
-E-Banking Risk and Compliance requirements Management
-IS Incidents Management, Investigation / Forensics and reporting.
-Security Testing Program Management (Vulnerability and Technical Compliance)
-Security Assessment and Governance for ARB International Branches.
-Security Reviews for Major Changes, Participation in Architecture and Change Committees.
-Development of periodic IS reports for Management & Regulatory Bodies.
-ATM and POS Security.
Also handled following responsibilities:
- Principal Consultant / SME (IT Security, Audit and Business Continuity Management)
- Business Development, Analysis and Strategic Planning
- New Services and Solutions Profile and offerings development
- Pre-Sales, Responding to RFI’s/RFP’s, Scoping, Cost estimates, Presentations, Proof of Concepts.
- Projects Management and Reporting to PMO
- Vendor management & contract negotiation
- Information Security Auditing and Certifications.
- IT Audit and Assurance Consulting
- IT and Enterprise Risk Management Frameworks development and advisory.
- Business Continuity Management and Disaster recovery Consultant / SME
- IT Governance & Enterprise Architecture management
- IT Service Management and Certification.
- Sr. Security Solutions Architect (System & Network)
- Technical Systems & Network Solutions evaluation, testing, implementation, troubleshooting and Support.
- Network Security Architecture Design and Analysis.
- SOC (Security Operations Centers) Design and Implementation
- Managed the ICT Framework development and Implementation based on COBIT and ITIL best practices.
- Staffing analysis, Recommendations Report and ICT organizational structure update
- ICT Departments and staff job descriptions and Responsibilities update
- IT Strategy Review and recommendations
- IT Service Catalog development (Including Service Adoption and Transitioning process)
- SLA (Internal and External) requirements definition and development
- KPI’s definition and calculation for each service (KPI’s definition, Formulas, performance metrics and Balanced Score Cards).
- Service Desk Function Structure and KPI’s Definition (Incident Management, Problem Management, Request Fulfillment, Change Management, Configuration Management, Access Management, Knowledge Management and Service Level Management)
- IT Governance Management Structure and Roles & Responsibilities
- Implementation Plans (including Project Schedule, Road Map, CSF’s, Approach, Pilot processes, Activities, Milestones, IT and Business Roles)
- IT Governance Implementation Reviews and enhancements report.
- Project Implementation and Communication Plans Definition, Team Structure, Roles and Responsibilities definition
- Update existing IT processes policies, procedures and forms
- IT Disaster Recovery Planning and Business Continuity review.
- Implementation plan execution Review and QA Report
-Developed Audit bench-marking, Information systems audit strategy, information systems risk universe, preparation of risk based audit plan.
-Handled IS Audit Work Programs Development (Planning, Checklists, Evidence requirements, Reporting), IS Audit Review Methodology, IS Audit Metrics in role as Information Systems Audit Professional.
-Data Privacy and Protection Program development & Implementation, (using GAPP) (Frameworks, Programs, Reporting and implementation)
-ISO 27001 Development (ISMS Framework and Risk Management) and Implementation
-Executed and managed the below focused Audits:
o IT Projects Assurance
o IT & Security Governance
o Logical and Physical Access Review
o Third Party, Contracts, Service Level Agreements / SLA’s, OLA’s.
o Business Continuity Planning, Disaster Recovery Management
o Operating Systems Audit
o Network Security & Operations (Firewall/ Routers/ Voice / Data Network Review)
o Change Management
o IT Service Management (Based on ITIL and ISO 20000) (Incident Management, Problem Management, Configuration Management, Change Management, Release Management)
• Senior Security Consultant & Auditor
• IS / IT Senior Auditor
• BCP and DRP advisor
• Senior Systems & Networks Security Engineer
• Certified Trainer.
• Team Lead and Projects Manager
• Pre-Sales Engineer / Consultant
- Managed the development of information security process & frameworks, implementation of Vulnerability Management Framework & Process, Remediation Management & Patch Management.
- ISO 27001 Implementation, Gap Assessment, Audit & awareness sessions on Corporate Level.
- Focus on adoption & implementation of Compliance Management Solution, Security Standards Bench-marking /Standardization, Gap Analysis & Closure apart from implementation & customization of Configuration Assessment & change Audit Process using security tools.
- Involved in evaluation & assessment of Identity & Access Management Process & Solution to automate users provisioning, Web Access Control, Workflow Management, Secure Logging & Auditing, Single-Sign On & Strong Authentication process.
- Conducted risk assessment pertaining to implementation of new processes & adoption of business systems; accountable for Security Incident Management, Business Continuity, Vulnerability Assessment, Penetration Testing and Risk Management Processes Review apart from implementation of IT Services Management Frameworks / Processes.
- Developed the following Frameworks (Change Management, Release Management, Patch and Update Management, Incident Handling, Legacy, Obsolete and Risky System Management (Nozom), Third Party Contracts Management, Vulnerability and Remediation Management
Responsibilities included but not limited to:
- Definition of information security strategic plans, creation of security organization department with various divisions apart from creation of action plans for implementation of policies & procedures.
- Management of compliance/ assurance/audit in addition to implementation & enforcement of IT security.
- Conduct internal audit to certify Tadawul and CMA Requirements (ISO 27001 & PCI-DSS Standards) for Electronic Trading, Brokerage and Dealing Activities Processes.
- Involved in planning & designing of cost effective information security solutions besides conducting review of current IT and Network Security infrastructure and recommending changes / enhancements.
- Planning and design of cost effective information security solutions.
- Identify possible technologies and products to be used in security solutions
- Review the Current IT and Network Security infrastructure and recommend changes / enhancements.
- Review Email Security, Host Security, Parameter Security, Servers Security and Intrusion detection settings configurations.
- Review, create and Test procedures for incident handling and Business continuity planning.
- Implementation of users Access Management and provisioning process.
- Documenting the IT Security related processes.
Systems and Network Security Engineer for critical applications and Database hosting for Government and Enterprise level clients.
Performed windows Security auditing for servers, Vulnerability assessments, patching, updating, and responding to support issues.
-Worked for providing the overall management and support for the enterprise network, including servers, firewalls, routers and data center.
-Configuring and installing Antivirus solution, patching the servers and the clients, updating the perimeter level appliances and configuring the security policies.
- Supervising Operational team and vendors
- Designing Network and Systems Architecture
- Managed Network, Domain and Physical Access controls
- Managed Backup and Clustering systems
- Domain and Email management.
- Maintained IT Infrastructure including network file servers, PC workstations, printers, routers, switches, modems, cabling and Internet communications devices.
-Developed standards for use, operations, and security of network, personal computers, and data.
- Manage information systems personnel and contractors to design, develop, implement, operate and administer computer and telecommunications software, networks and information systems
-Managed network operations including: troubleshooting connectivity problems; installing & maintaining routers/ Switches; adding/terminating users; assigning rights and access; resetting passwords; establishing e-mail addresses; assessing and reporting operational status; performing backups and restores; etc.