IS/IT Auditor
AOT
Total years of experience :20 years, 10 Months
Working as Information Systems and Security Auditor based on a many International and national Standards such as ISO 27001, ISO 2001, ISO 22301, ISO 31000, COBIT, and other Standards provided by KSA Governmental, and public Authorities, Plus performing a full security Assessment for most of our customers in different Sectors to help them implement a full Security program, Perform Risk Assessment, Business Impact Analysis, IT Governance, Monitoring and checking the effectiveness and efficiency of security Control.
Working as Information Systems and Security Unit manager, ( about 15 member )
responsible for Building and operate a comprehensive data center mainly hosting a mission critical application such as "Order Management System for Brokerage Companies:" and many other financial application plus ERP systems for factories
Job Responsibilities:
Design and Implement a full Environment systems, network and Security of data center including Access Control, Network Security, Physical Security, Business Continuity and Disaster Recovery Planning, Risk Management, Operations Security, and support to Comply with TADAWUL Security Regulations, Compliance and Investigations )
Hardware Sizing Servers and Network Equipments)
Hardware Installation (Rack Design)
Eliminate any SPF “Single Point of Failure” for High availability .
Setup Linux ISCSI Storage for Oracle Database RAC
Setup Linux Network Load Balance
Setup Linux Firewall and IPS
applying system and network hardening
Develop the Operations and Maintenance Procedures
Develop Security Procedures and Policies
Develop the most required Documentation based on ITIL framework and ISO 20001 for ITSM such as
1- Change management
2- Configuration management
3- Patch management
4- Capacity management
5- Incident response plan
6- problem management
Build a DR site and develop the appropriate procedures.
Developing a full BCP/DRP based on BS 25999 and updated with ISO 22301
Start a process to implement Iso 27001 in our environment and to be accredited the two ISO Certificates 27001 and 22301
Building an alerting system “email and SMS gateway”
performing a troubleshooting and find the root cause for most of the problem.
providing our external customers with systems (mainly for Linux) and security support and recommendation,
performing security assessment and vulnerability scans
performing gap analysis for IT environment based on the most international Standard and best practices
Provide Linux based custom solutions to clients
Provide Linux support service
Provide Linux Clustering Solutions (High Availability, Load Balancing)
Provide Linux Based Storage Solution “based on ISCSI Technology”
Provide VoIP solutions based on the open source SoftPBX Asterisk
Building Data Centers serving Brokerage Companies. Based on Net
Technical responsibilities include problem identification, system architecture definition, hardware/ software specification and design.
Planning for deployment of open source software infrastructure
Migration planning, and System integration.
Providing Network Security Design and Assessment solutions.
Providing Redhat Enterprise Linux training
Designing and Building UFE Secure infrastructure including Access Control for staff and Students, UFE DC physical Security design, Design of Network Security
Secure Mail system with postfix-cyrus-imap-ldap and integrated with MS active directory
Installing and admin for moodle (online education center)
Installing and admin Joomla (professional web design tool based on php and mysql )
Installing and admin Egroupware system (professional Group ware system )
Network security and monitoring using iptables, IDS, and others
Project management and planning
Server maintaining, backup and recovery solutions
Design and implementation for windows 2003 server Active Directory
Manage full IT jobs
Design and implementation for Galav Metal infrastructure including access control, telecommunication and network Security, physical security, BCP/DRP plan, Risk management for IT infrastructure
Building the network from scratch (cabling, servers and client)
Installation and administration of windows 2000 AD and Exchange 2000
Installation and administration of MS ISA server 2000
Technical support for many windows based software
Backup and recovery
Migration from windows
Client training staff and workers
Assistant in PLC’s integration and system monitoring
Design and implement full network infrastructure based on MS windows server 2003
Installation and administration of MS Exchange 2003
Installation and administration of MS ISA Server 2000
Installation and administration of windows server 2003 Active directory
assist in implementing an insurance application based on Oracle DB