Cyber Security Specialist
Maaden
مجموع سنوات الخبرة :9 years, 9 أشهر
• Cyber Security Management
• Handling SAMA requirements and standards for Cyber Security and follow up the consultant team.
• Develop risk assessment to find out which incidents can happen to TUCI, in order to minimize the damage of such incidents.
• Develop business impact assessment to determine the Maximum Acceptable Outage/Recovery Time Objective, Maximum Data Loss/Recovery Point Objective.
• Develop cyber security awareness program within all TUCI employees to aware the employees about the best use of information security.
• Create and enhance cyber security policies and procedures based on ISO 27001 and make sure to impalement those policies.
- Manager/Cyber Security Analyst at Riyad Bank, Riyadh, Saudi Arabia; May 2014- January 2018
• Security Operation Center (SOC):
• Work with ArcSight team to identify prioritize security threats, organize and track incident response activities, and simplify audit and compliance activities
• Build (weekly, monthly) Cyber Security Statistics Dashboards for External and Internal connection threats targeting for high managements.
• Work with Penetration team to create Penetration Test Dashboard, assign, tracking, test, and recording applications defects
• Work with security monitor team to monitor applications logs and investigation on time at expected quality
• Riyad Bank Applications Integration
• Review & analyze the Application and security logs, follow up with concern team
• Develop and use systems to organize and keep track of information or work progress
• Discover new security risks and suggest mitigating controls
• Enhance the usage of Arcsight to detect security risks
• Quickly and effectively solve customer problems. Present a cheerful, positive manner with customers.
• Ensure customer problems are solved within the security policies framework.
• Maintain positive, long-term working relationships with customers.
• Security Compliance:
• Provide quality support to IT projects and assure that information security risks are well controlled
• Follow up on the implementation of the proposed actions, in order to support the creation of secured environment of banking operation.
• Analyses all available date and information and monitors the transaction under investigation, so as to identify the degree and importance of the security breach
• Provide assistance, information, or other support to colleagues to build and maintain relationships with them. Work for solutions that all team members can support. Share expertise with others. Seek opportunities to work on teams as a means to develop experience, and knowledge. Consistently work well with a variety of different people. Treat all team members with a respectful, courteous, and professional manner; support team despite different point of view or setbacks
• Enhance knowledge about information security environment and security processes
• Identify what needs to be done and take action before being asked or the situation requires it. Maintain commitment to goals in the face of obstacles and frustrations.
• Keep everyone informed about progress and problems; avoid surprises. Share Ideas and information with others who might find them useful. Organize written ideas clearly and signals the organization to the reader. Deliver accurate, clear, and concise messages that inform and help others to take action.
• Effectively analyze the problems, root causes, and underlying issues. Propose and participate in the implementation of solutions as applicable. Discover more than one solution to problems. Notice trends in the environment and develops plans to address anticipated problems. Processes knowledge and skill in technical areas as applicable.
• Build relationships with people whose assistance, cooperation, and support may be needed
• Information Security Governance & Risk:
• Develop, enhance and enforce information security policies based on (ISO, PCI)
• Interpret information security policies, standards and other requirements as they relate to a specific internal information system, and assist with the implementation of these and other information security requirements
• Responsible for providing security guidance and support to the technical administrators
• Generate a weekly vulnerability threat management report to control information security risks “Based on Qualys Scan Reports”
• Generate security Awareness survives targeting Riyad Bank staffs
• Generate and update security policies and procedures within RyadBank
• Monitors and guides the mitigation of the information security risks and security non-compliance exceptions
information security