Assistant Manager Information Technology Consulting Service
Baker Tilly Kuwait
Total years of experience :28 years, 0 Months
duties of a cybersecurity auditor can vary depending on the size and complexity of the
organization, the scope of the audit, and the industry
• Define the audit objectives and scope: This involves determining what systems
and data will be audited and what risks will be assessed.
• Develop an audit plan: This outlines the methodology and procedures that will
be used to conduct the audit.
• Identify resources and tools: This includes selecting the appropriate personnel
and software tools to perform the audit.
Policy and Procedure Review:
Review security policies and procedures: This involves ensuring that the
organizations policies and procedures are up-to-date, comprehensive, and
appropriate for the business needs.
• Assess compliance with relevant regulations: This involves ensuring that the
organization is compliant with all applicable security regulations, such as
HIPAA, PCI DSS, and GDPR.
• Identify and address policy gaps: This involves identifying areas where the
organizations policies and procedures are lacking and recommending
improvements.
• Document audit findings: This involves writing a comprehensive report that
outlines the vulnerabilities identified, the risks associated with those
vulnerabilities, and recommendations for remediation.
• Prioritize remediation efforts: This involves working with the organization to
prioritize the vulnerabilities that need to be addressed first.
• Monitor and track progress: This involves monitoring the organizations
progress in addressing the identified vulnerabilities and tracking the
effectiveness of the implemented security controls.
Duties:
• Cybersecurity audits are crucial for organizations to assess their current security posture and identify vulnerabilities that could be exploited by attackers. The specific duties of a cybersecurity auditor can vary depending on the size and complexity of the organization, the scope of the audit, and the industry
• Define the audit objectives and scope: This involves determining what systems and data will be audited and what risks will be assessed.
• Develop an audit plan: This outlines the methodology and procedures that will be used to conduct the audit.
• Identify resources and tools: This includes selecting the appropriate personnel
Nov. 2021- October 2023
• Designs, implements, maintains, and operates information system security controls and countermeasures.
• Spearheads the development and implementation of the organizations cyber security tools, ensuring alignment with business objectives and compliance requirements.
• Analyzes and recommends security controls and procedures in business processes related to use of information systems and assets, and monitors for compliance.
• Monitors network traffic and security alerts to detect and respond to potential security incidents.
• Conducts forensic investigations and root cause analysis for security breaches, providing detailed incident reports to stakeholders.
• Implements and maintains security tools, including firewalls, intrusion detection/prevention systems, and endpoint protection solutions.
• Contributes to the creation of security policies, procedures, and guidelines to ensure compliance with industry standards and regulations.
• Monitors information systems for security incidents and vulnerabilities; develops monitoring and visibility capabilities; reports on incidents, vulnerabilities, and trends.
• Installs and configures Palo Alto Firewall & XDR, intrusion prevention system (IPS), web filtering, mail filtering, and malware solutions.
• Conducts studies that evaluate, recommend, and implement security solutions to enhance core security capabilities in the areas of security infrastructure, access management, networking, databases, and servers.
Duties:
• Designs, implements, maintains, and operates information system security controls and countermeasures.
• Spearheads the development and implementation of the organizations cyber security tools, ensuring alignment with business objectives and compliance requirements.
• Analysis and recommends security controls and procedures in business processes related to use of information systems and assets, and monitors for compliance.
• Monitors network traffic and security alerts to detect and respond to potential security incidents.
• Conducts forensic investigations and root cause analysis for security breaches, providing detailed incident reports to stakeholders.
• Implements and maintains security tools, including firewalls, intrusion detection/prevention systems, and endpoint protection solutions.
• Contributes to the creation of security policies, procedures, and guidelines to ensure compliance with industry standards and regulations.
• Monitors information systems for security incidents and vulnerabilities; develops monitoring and visibility capabilities; reports on incidents, vulnerabilities, and trends.
• Installs and configures Palo Alto Firewall & XDR, intrusion prevention system (IPS), web filtering, mail filtering, and malware solutions.
• Conducts studies that evaluate, recommend, and implement security solutions to enhance core security capabilities in the areas of security infrastructure, access management, networking, databases, and servers.
Success criteria:
• Internal Lead Auditor for towel holding 27001 ISO.
• Deploy and configure Palo Alto firewall, XDR, Fortinet firewall and Bit Defender Gravity Zone for MOI projects.
• Deploy and configure checkpoint firewall for MOH and government hospitals.
• Deploy and configure Aruba Clear pass and AP for MOD and Ministry of Awqaf.
• Deploy and configure Aruba SD Wan for PAMP.
• Deploy and configure Fortinet fire wall and Forti Switch for Ali al Ghanim BMW
• Designs, implements, and maintains information system security controls and countermeasures.
• Analyzes and recommends security controls and procedures throughout the system lifecycle.
• Monitors information systems for security incidents and vulnerabilities and develops monitoring and visibility capabilities.
• Manages security responsibilities for various security devices.
• Creates and reviews reports on security incidents, vulnerabilities, and trends.
• Develops and maintains security policies and raises awareness of security policies and procedures.
• Performs information security assessments and audits of internal networks and systems.
• Facilitates new electronic data interchanges between other financial firms.
• Assists in the enforcement and monitoring of Compliance regulations.
• Investigates and responds to security violations.
• Defines security requirements and reviews systems to determine if they have been designed to comply with established security standards. Develops new standards as necessary.
• Analyses business needs, research, and recommends solutions.
• Establishes and manages relations with vendors and related equipment suppliers.
• Performs other related duties incidental to the work described herein.
• Responsible for driving vision and laying out roadmap for security technologies.
• Assists in the implementation of logical user access policies, standards, and guidelines that balance business requirements, risk tolerance, and the clients policies.
• Conducts risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs.
• Maintains the regulatory systems about ISMS policy (Information System Management Systems).
Duties:
• Designs, implements, and maintains information system security controls and countermeasures.
• analysis and recommends security controls and procedures throughout the system lifecycle.
• Monitors information systems for security incidents and vulnerabilities and develops monitoring and visibility capabilities.
• Manages security responsibilities for various security devices.
• Creates and reviews reports on security incidents, vulnerabilities, and trends.
• Develops and maintains security policies and raises awareness of security policies and procedures.
• Performs information security assessments and audits of internal networks and systems.
• Facilitates new electronic data interchanges between other financial firms.
• Assists in the enforcement and monitoring of Compliance regulations.
• Investigates and responds to security violations.
• Defines security requirements and reviews systems to determine if they have been designed to comply with established security standards. Develops new standards as necessary.
• Analyses business needs, research, and recommends solutions.
• Establishes and manages relations with vendors and related equipment suppliers.
• Performs other related duties incidental to the work described herein.
• Responsible for driving vision and laying out roadmap for security technologies.
• Assists in the implementation of logical user access policies, standards, and guidelines that balance business requirements, risk tolerance, and the clients policies.
• Conducts risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs.
• Maintains the regulatory systems about ISMS policy (Information System Management Systems).
Success criteria:
• Detect and analyse vulnerabilities for both system and network by Nexus Vulnerability scanner and provide solution for each.
• Deploy ZTNA for Network and firewall.
Zak Solutions for Computer systems project COM - GPF (Government Performance Follow‐ up Agency) Senior Security & Network Engineer, Kuwait
Implementing network security policies and procedures.
• Install and Configure Fortinet Fire Wall Antivirus.
• Intrusion Prevention System (IPS)Web filtering-mail filtering, including protection
against spam and grayware Data Leak Prevention (DLP)Application Control
ICAP.
• Install and configuring Symantec, Mcafee Enterprise AV End Point Protection.
• Install and configure SolarWinds Network performance monitoring.
• Deploying the F5 BIG-IP System with SMTP servers and configure F5
Load Balancer.
• Managing, monitoring, and updating malware prevention systems.
• Monitoring security advisory groups to ensure all necessary network security.
• Install and configure Malware Solutions.
• Preventing and detecting intrusion Performing intrusion detection analysis.
• experience on IPsec, SSL VPN, Sandboxing, Forward and reverse proxy,
NAT, syslog, DNS, NAC and cloud computing (AWS/Azure).
• Experience with Routing protocols: BGP, VPNv4, EIGRP OSPF, ISIS, RIP, and
VRF) and Multicast protocols (PIM, MSDP and MBGP)
• Experience with Switching protocols (spanning tree, CST, MISTP, PVST,
RPVST+, VTP, DTP, GVRP, MAB, VLAN and private VLAN)
• Network design and integration using Type-1 crypto devices.
• Enterprise Level IT Network Development/Design/Upgrade/Maintenance
• Experience with VRFs, ACLs, DMVPN, VoIP, QoS, SNMP, VPC, and VSS
• Expertise across a variety of security products including firewalls, URL filtering,
information security and virus protection.
Install, configure Security Devices such as Fortinet Firewall Forti Web and Forti
Analyzer,
• rolls, policy’s, routing, and the security Antispam Anti Malware Servers Symantec
AV server & end point.
• Installing, Configure and managing cisco Wireless controller & Access Points.
• Install, Configure, and upgrade Symantec Net Backup, backup Exec rolls and
Backup Policy’s for servers
• Installing, Configure, Managing and Upgrade VMware ESXI and Hyper-V.
• Prepared and Configured windows exchange mail server for the site (install -
configure- rolls - permit ions).
• Install and configured the Symantec antivirus server with rolls and tasks.
Prepared and configured additional domain server & additional mail server.
Duties:
• Designed and implemented a SIEM (Security Information and Event Management) system, enhancing real‐time threat detection and incident response capabilities. Resolving the existing security issue including hardware malfunctions
• Generating and maintaining the virtual private network, firewalls, web protocols and email security decorum.
• Configure, Manage and Monitor Palo Alto firewall models (Specifically the PA‐ 5050 and the PA‐5260).
• implement security measures to resolve data loss vulnerabilities, mitigate risk and recommend security changes or system components as needed.
• Implement advanced Palo Alto Firewall features like URL filtering, User‐ID, App‐ ID, Content‐ID on both inbound and out bund traffic.
• implement the Global Protect VPN, IPsec VPNs and SSL VPNs through IKE and PKI on Palo Alto firewalls for site‐to‐site VPN Connectivity Status reports of hardware and software products as per designated policies.
• Supervising the installation of new softwares and hardwares
• Recommend modifications in legal, technical and regulatory areas that affect IT security.
• Monitoring of web security gateways, perimeter security, network access controls, endpoint security
• Configured, managed, monitored, and analysed IDS/IPS Signatures Attacks, Firewalls log, Systems, Applications and Security Event Log for comprehensive security monitoring and vulnerability management.
• Intrusion Prevention System (IPS)Web filtering‐mail filtering, including protection against spam and Crapware Data Leak Prevention (DLP)Application Control ICAP.
Plans, designs, and implements data connectivity for local area network (LAN) and wide
area network (WAN) systems.
• Switching protocols (spanning tree, CST, MISTP, PVST, RPVST+, VTP, DTP, GVRP,
MAB, VLAN and private VLAN).
• L2 - L7 protocols such as Ethernet, IP, TCP, UDP, RTP, HTTP/S, FTP, SMB, etc.
• Configuring, Maintaining, and administrating DHCP, DNS, FTP Server, HTTP Servers in
• Win2003, 2008, 2012
• Installs, maintains, and troubleshoots the Storage Area Network (SAN).
• Support end user hardware and applications inquiries
• Maintaining and installing windows server 2003, 2008 and 2012 with clients.
• File Server Clustering and Print Server Clustering - SQL 2008 Clustering - Kaspersky server.
Duties:
• Implements data connectivity for local area network (LAN) and wide area network (WAN) systems.
• Installing, Managing and implements data connectivity for local area network (LAN) and wide area network (WAN) systems.
• Ensure compatibility of all communications and computer hardware/software.
• Viewed as technical SME in network analysis, design, and engineering.
• Manage network projects related to technology pilots, conversions, implementations.
• Troubleshoot the most complex network issues as level 2/3 engineering support.
• Full knowledge of the business and architecture of the network.
• Manage the installation of data communication lines, networking and security equipment.
• Ensure Network Operations notification and escalation procedures are accurately followed.
• Effectively communicate network event status and impact to management.
Implements data connectivity for local area network (LAN) and wide area network
(WAN) systems.
• Installing, Managing and implements data connectivity for local area network
(LAN) and wide area network (WAN) systems.
• Ensure compatibility of all communications and computer hardware/software.
• Viewed as technical SME in network analysis, design, and engineering.
• Manage network projects related to technology pilots, conversions, implementations.
• Troubleshoot the most complex network issues as level 2/3 engineering support.
• Full knowledge of the business and architecture of the network.
• Manage the installation of data communication lines, networking, and security
equipment.
• Ensure Network Operations notification and escalation procedures are accurately
followed.
• Effectively communicate network event status and impact to management
System Administrator for Active Directory, Exchange Server DHCP, DNS.
• Install and configure VMware, Hyper-V, and SCCM.
• Network Planning, Installation and Administration.
• Installing and configuring windows clients and Antivirus
• System Administrator for Active Directory & SQL & ISA.
• Network Monitoring, Performance & Security
As technical support engineer for Dell & HP Servers and computers
• Technical support for LAN and Cisco switches
• Support for Pc’s / Servers problems (Hardware / Software) Managing Windows 2003
and 2008 Networks, Remote Access Connectivity, Software Installation of MS
Office, Windows XP Prof - Applying Patches on servers.
• Console server, Managing Antivirus (Symantec, MacAfee, Kaspersky) software,
systems, and applications to identify and correct malfunctions and other operational
difficulties. Develop and conduct various training and instruction for system assist
users which maximizing use of networks and computing systems. Anticipate
communication and networking problems and implement preventive measures
Information Systems
