Information Security and Business Continuity Manager
Avu Dhabi Government
مجموع سنوات الخبرة :15 years, 7 أشهر
Information Security
- Formulated and implemented a comprehensive information security framework, including policies, procedures, processes, and other related documents in alignment with best practices and industry standards.
- Successfully implemented the information security program, resulting in an increase in the compliance score from 20% to 87%.
- Enhanced information security across departments by integrating security measures into key business processes and systems, including change control, vendor management, system development, acquisitions, etc.
- Managing and executing risk assessment process to identify, evaluate, and mitigate security risks and vulnerabilities, including security audit, vulnerability assessment and penetration testing.
- Lead incident response efforts, including investigation, containment, and remediation of security incidents and breaches.
- Overseeing the selection and evaluation of cloud service providers based on their security capabilities, certifications, and adherence to industry best practices.
Business Continuity
- Formulated, and implemented a comprehensive business continuity framework, including policies, procedures, business impact analysis, business continuity strategies and plans, crisis communication plan, disaster recovery, scenarios test, and other related documents in alignment with best practices and industry standards.
- Successfully implemented Business Continuity Management System (BCMS), resulting in enhanced organizational resilience, 90% compliance score, and ISO22301 certification.
- Conducted comprehensive risk assessments and business impact analyses to identify vulnerabilities, assess potential impacts, and develop tailored mitigation strategies.
- Collaborated closely with the business teams to streamline business continuity implementation.
- Regularly testing and validating the business continuity plan, conducting exercises and simulations including realistic scenarios, identifying areas for improvement, and refining response strategies.
- Conducted post-incident reviews and lessons-learned exercises to identify opportunities for improvement and update the business continuity plans accordingly.
Common
- Established a new dedicated information security and business continuity unit that aligned with the organization's goals and objectives.
- Developed and implemented information security and business continuity strategy, objectives, and metrics to evaluate effectiveness.
- Designed and delivered innovative information security and business continuity awareness and training program to foster a culture of good security and incident response practices among employees, resulting in a 100% increase in the reported rate of security incidents.
- Tracking spending against budget and project progress to ensure the effectiveness of financial controls and accuracy.
- Actively participating in information security and business governance committee, procurement committee, and other committees pertaining to HR policy violations.
- Implemented and maintained an information security program in alignment with UAE Information Assurance standards.
- Managed security incidents, monitored effectiveness, and swiftly contain impacts.
- Managed regular vulnerability assessments and penetration testing and led the security team.
- Developed and delivered effective information security awareness for staff.
- Managed and responded to daily security incidents, including detection and analysis, containment, eradication, recovery, and post-event activities.
- Achieved a 95% reduction in suspicious security events through effective root cause analysis.
- Reviewed policies, procedures, and evaluate new technologies such as DLP and data classification to improve the organization’s security.
- Acted as a manager and ensured efficient team performance.
- Implemented strategic virtualization initiative, resulting in 9 million cost savings, improved resource utilization, flexibility, agility, and simplified management.
- Managed critical IT core systems, including Exchange server, Active Directory, GPO, DNS, DHCP, VMware, file server, SAN storage, backup system, DLP, and data classification.
- Successfully upgraded and migrated essential IT infrastructure systems, improving support for organizational operations. Upgrades included:
o End users' machines: Windows XP to Windows 7 transition.
o Active Directory: Windows Server 2003 to Windows Server 2008 R2.
o Exchange server: 2007 to 2013 migration and upgrade.
o RSA Secure server: Upgraded and migrated to the latest version.
o Blackberry software: Upgraded and migrated to the latest version.
- Provided support to employees, brokers, and investors, addressing their concerns satisfactorily.
- Installed, configured, and set up software and hardware for smooth operations. Maintained essential IT systems, resolved any issues that arose, and ensured accurate IT inventory records and proper asset management.