Information Security Director
Arabtec Holding PJSC
Total years of experience :11 years, 7 Months
- Develop and suggest strategies and procedures for IT security to the Chief Information Officer to better serve the Arabtec Holding's vision & mission. Partner with line managers to drive IT related activities results, bringing on board highest level of security.
- Structure, provide and manage proactive and protective security measures and tools for the company. Manage the unit operations and align resources to better serve IT Department strategies and objectives. Foster, coach and mentor future manager; identify and champion high potential talent; create high-performing teams.
- Plan and manage the overall security and risk assessment activities for Arabtec Holding and its subsidiaries. Provide adequate guidance and effective support on plans, standards, procedures, and manuals as needed. Manage and protect implementations, systems, database, applications and equipment from security perspective and as per adopted standards and measures.
- Ensure high level of protection of all company's data by managing identity, access and by setting up security tests as well as providing physical security. Design and manage disaster recovery plans and incidents responses.
- Evaluate tenders and submissions related to Security and Risk assessment and provide recommendations that serves credibility and trust, cost effectiveness, and long-term business relationships with external parties and providers.
- Manage the services provided by the Security team to ensure high quality of performance in security, risk assessment, threat identification and corrective measures in compliance with the IT guiding principles i.e. deliver projects within cost, time, scope & quality standards. Maintain the highest level of service availability within minimum service downtime.
- Manage the empowerment of all contracts and agreements signed with internal and external parties as addressed by the IT Department management and in line with the company's expectations. Facilitate communication of agreements among Security team.
- Manage the implementation of standards, policies, procedures and set measures that meet company's IT Security requirements within the IT Security Unit in compliance with adopted standards. Conduct internal/external audits regularly.
- Identify and manage IT Security Unit budget estimates/expenditure in line with company's guiding principles. Provide required support on budget issues to the CIO and management team as needed. Ensure the staff of the IT Security Unit meet the required competencies that guarantee achievement of the set goals and objectives.
- Manage all IT Security, risk assessment, threat identification, disaster recovery and improvement issues and problems and execute appropriate technical/non-technical solutions.
- Project Manager for several projects in the department including planning, organizing and implementing several projects, preparing requests for proposals (RFPs), attending workshops for vendors, performing technical evaluation for proposals, combining scores with financial evaluations and selecting winning vendors.
- Follow up the implementation and projects plans and managing projects with vendors and other Arab Bank departments to achieve completion within the deadline time and planned budget.
- Contribute in the event monitoring and incident handling at the bank through different security solutions such as MMS, DDOS, SIEM, FIM, Anti-Phishing, by approving the scope, communicating with the vendors, follow up the implementation, assigning tasks to resources, reviewing the reports, and follow up and the remediation plans.
- Manage bridging gaps and closing the findings reported by audit, penetration testing, vulnerability management solutions, and MSS in coordination with the IT department.
- Define and review the security requirements for information systems, and follow up on the code reviews, penetrations tests, and vulnerability assessments.
- Participate in the Information Security monthly dashboards presented to Information Security Committee, and participate in developing the Information Security Policies and frameworks such as the Incident Management framework and procedures, and coordinate the efforts with all stakeholders to roll out and implement the security framework across the organization.
- Manage the regulatory compliance for Arab Bank PLC, by assessing the compliance level of AB PLC with all the InfoSec & BC related regulations issued by the central banks in the countries where AB reside. Then creating action plans and following up till full compliance is achieved.
- Contribute in applying the security measures required to support compliance with the Payment Card Industry Data Security Standards (PCI DSS) on all system components that are included in or connected to the cardholder data environment.
- Perform risk assessments throughout the bank's network in all regions to classify all information assets and find solutions and controls for vulnerabilities. Follow up implementing the proposed controls to minimize the risks imposed. Assess security issues and risks in order to give suggestions on whether such risks should be accepted or remediated, and review and approve policy exceptions.
- Manage the Information Security Department expenses, estimating budget and man-days on yearly bases, and monitor the Information Security projects variables (cost, effort, scope, etc.) against the project management plan and the project performance baseline.
- Produce monthly, quarterly and annual budget and expenditure status reports and prepare projects budget revisions for Arab Bank EPMO & sponsor in coordination with Financial Control department.
- Liaise with the Information Technology Department to implement the required technical controls, RFP preparations, vendor selection and follow up projects implementation and progress, and provide security consultancy where needed.
- Participate in the Information Security Incident Response Team, which is responsible for tracking any unusual or suspicious network behaviors and attacks.
- Participate in developing, maintaining, and promoting the Information Security Awareness program.
- Establish the network for the Showroom, Service Center, and the offices.
- Plan the IT department activities and projects. Manage the IT team through the overall duties to completely accomplish the team’s goals and targets within the predefined time scale.
- Organize the daily tasks and duties upon the IT team members to successfully support the company’s main functions.
- Plan, design and implement IT department projects, and analyze the outcome to achieve best evaluation of completion status and upcoming deliverables.
- Maintain and troubleshoot the hardware and software of the servers and the workstations at all branches.
- PPN (Porsche Partner Network) Coordinator, communicate with Porsche offices in Dubai and Germany to manage the PPN user accounts at the company.
- Procurement of software and hardware.
- Connect all branches to the headquarters using VPN.
- Administrate the mail domain through the web mail, configure and update the users email software.
- Manage automobile related software such as ETKA, POSES, ELSA & PET.
- Recruit and train new employees and analyze their performance with the effort to develop their skills.
- Office Network Administrator;
- Project Network Administrator for Engicon projects spread around Jordan;
- Troubleshooting network and server problems;
- Hardware problems solving;
- Software problems solving;
- Procurement of software and hardware;
- Apply and follow up all procedures related to the Contractor Quality Control program in accordance with the Quality Control Plan and the Contract Documents;
- Follow up and produce all correspondences and submittals requested to The United States Corps of Engineers (USACE) office in Egypt and USA using the RMS (Resident Management System);
- Maintain the Project Network;
- Troubleshoot all network problems on Site;
- Assist in installing the VSAT based network and follow up all maintenance procedures;
- Assist in installing the network system for the site offices for the Contractor and Subcontractors;
Five months training at General Computers and Electronics Inc. (GCE), in the network department.
GCE is one of the leading computer companies in Jordan.
Certified Ethical Hacker (CEHv6)