Mohamad Ballan

Department Head - IT Audit

As an experienced Audit, Risk and Control professional and in addition to my professional involvements, I am responsible for engagement planning, budgeting, organizing, executing work plans, managing daily aspects of engagements, scheduling and conducting interviews, executing engagements and communicating the results of work in technical, as well as non-technical, terms. His role also includes managing and mentoring staff during engagements in addition to communicating opportunities to improve the system of internal controls.

a. Participate actively during internal audits and follow-up on remediation actions of findings;
b. Work with outside consultants as appropriate for independent security audits;
c. Develop and conduct security training and awareness programs; including ISMS awareness training and workshop for all the staff of the bank to communicate bank information security policy, standards and procedures;
d. Promote and develop security mission, mandate and IS Governance;
e. Develop, and implement security controls, policies and standards; in accordance with the bank’s corporate governance, regulatory requirements and industry best practice;
f. Assist the head of Operational Risk in coordinating and driving compliance in all information security streams;
g. Presenting the information security program and related framework to the Bank’s management; conduct periodic information security forum in Operational Risk Management Committee, or an appropriate committee, meeting to frequently report the effectiveness of the control and security environment;
h. Develop policies framework for IS risk assessment, acceptance and deviation methodology, manage Information Security reviews and submit assessment reports on adequacy of control in accordance with policies, standards, procedures to safeguard Bank’s assets;
i. Oversee incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary;
j. Co-ordinate with all departments for continuous assessment, mitigation and control of information security related risks;
k. Help in recruiting the skilled resources to achieve the Bank’s ISMS objectives;
l. Managing other levels of personnel who implement the information security program and perform information security duties that are required under the policy and practices of IS framework implementation; including ISMS coordination and resource allocation

a. Help in recruiting the skilled resources to achieve the Bank’s ISMS objectives;
b. Managing other levels of personnel who implement the information security program and perform information security duties that are required under the policy and practices of IS framework implementation; including ISMS coordination and resource allocation;
c. Plan and select resources based on skills required to conduct IT reviews of various information assets as per the plan in order to achieve the desired ISMS objectives;
d. Act as in-house consultant and recommend best practices for consistently raising the standards;
e. Develop a IS risk assessment methodology to identify risky areas exposing the bank’s assets;
f. Act as the source of reference within IS to facilitate and promote understanding of IS risk and compliance requirements;
g. Act as subject matter expert for all IS policies and procedures and as a single point of contact for process improvement;
h. Evaluate and recommend new security solutions to be implemented in the Bank;
i. Represent the bank on FS-IREC membership and participate actively;
j. Interface and interact with internal and external entities (such as Department Heads, Branch Managers, Internal and External Auditions, ITD units, BCM, user departments, external businesses, suppliers, vendors, security solution providers, etc.) with respect to information security governance and compliance requirements, policies, standards and procedures and other areas as required;
k. Maintain relationships with law enforcement and other related government agencies.

As an experienced Audit, Risk and Control professional and in addition to my professional involvements, I am responsible for engagement planning, budgeting, organizing, executing work plans, managing daily aspects of engagements, scheduling and conducting interviews, executing engagements and communicating the results of work in technical, as well as non-technical, terms. His role also includes managing and mentoring staff during engagements in addition to communicating opportunities to improve the system of internal controls.

As an experienced Audit, Risk and Control professional and in addition to my professional involvements, I am responsible for engagement planning, budgeting, organizing, executing work plans, managing daily aspects of engagements, scheduling and conducting interviews, executing engagements and communicating the results of work in technical, as well as non-technical, terms. His role also includes managing and mentoring staff during engagements in addition to communicating opportunities to improve the system of internal controls.

As an experienced Audit, Risk and Control professional and in addition to my professional involvements, I am responsible for engagement planning, budgeting, organizing, executing work plans, managing daily aspects of engagements, scheduling and conducting interviews, executing engagements and communicating the results of work in technical, as well as non-technical, terms. His role also includes managing and mentoring staff during engagements in addition to communicating opportunities to improve the system of internal controls.

As an experienced Audit, Risk and Control professional and in addition to my professional involvements, I am responsible for engagement planning, budgeting, organizing, executing work plans, managing daily aspects of engagements, scheduling and conducting interviews, executing engagements and communicating the results of work in technical, as well as non-technical, terms. His role also includes managing and mentoring staff during engagements in addition to communicating opportunities to improve the system of internal controls.