محمد الشهراني

• Developed and evolved information / cyber security strategy and roadmap.
• Governed all SAICO security policies, procedures, designs, standards, network, applications deployments.
• Decreased threats 55% in 1 year by performing risk analysis, identifying counter security measures.
• Grew audit compliance from 0% to 70% while lowering risk 60% in first year by creating 5 new information security processes: Security Governance, Risk Management, Security Incident Response, Vulnerability Management Strategy and Third Party Cyber Security.
• Delivered 38% decrease in response time by automating cybersecurity incident response.
• Introduced 450+ controls during roll out of information Security Program centered on compliance against regulatory requirements.
• Achieved 50% reduction in phishing attacks - from 70% to 20% by creating and deploying Security Awareness Program.
• Established Data Privacy program with collaboration with all teams.
• Improved safeguarding of Customer data by building Computer Incident Response Team "CIRT" and working with IT department and Risk department on Disaster Recovery/ business Continuity Plans.

• Leader of 25 employees that serves over 80, 000 + beneficiaries.
• Reduced IT operating expenses by 1, 000, 000 SAR by negotiated current and future mutual interests with company vendors.
• Virtualized 60% of company Data Center reducing life cycle expenses.
• Managed IT budget of over 16 Million SAR.
• Team won local awards for Nphies integration with CHI.
• Led and speed up implementation and development of new core system application.
• Increased achievements of 110 major tasks and projects within 4 months timeline by promoting coordinations and collaborations between infrastructure team, Application Team, database team and IT security team.

• Establish and maintain department strategy, Information Security program, data classification Program, and awareness program to ensure that business operations, information assets, and technologies are adequately protected due to hosting critical data for more than 10 Saudi banks.
• Oversaw security operations, governance, compliance, internal/external risks.
• Eliminated all audit findings regarding in less than 1 year and half, by establishing company automation methodology frameworks, and tools.
• Drafted security operating procedures and training materials for human resource department.
• Achieved immediate 50% decrease in internal and external risk by holding workshop for company employees.
• Partnered with business and IT leaders to develop security policies, standards, guidelines, and procedures to ensure confidentiality, integrity, and availability of internal systems and data.
• Completed both progressive and regressive testing scenarios by applying testing frameworks.

• Grew IT process efficiency 25% by initiating several initiatives to improve communication.
• Guided implementation of Company-wide security strategy for network and hardware, disaster recovery, data protection and endpoint protection.
• Responsible for planning, designing, budgeting, operating. The infrastructure includes enterprise servers, storage & SAN and host ERP, other financial, batch processing applications. My team is responsible for physical facility management, OS and all business applications management.
• Worked with other IT leaders to refine incident & problem management of 24x7 service operation and established change management of the service strategy as part of the IT service management.
• Led disaster recovery and business continuity setups of tier -3 applications/infrastructure. Established RTO and RPO of applications.

• Architect, manage and maintain primary services located in university's data center to serve 10 Colleges and more than 5000 users.
• Assess university's security measures, such as firewalls, IDS, anti-virus software, and passwords.
• Assess university's IT infrastructure performance optimization, such as internet bandwidth, routers, switches, servers, and storage.
• Manage and supervise IT controls prevention systems, including authentication, authorization, physical security, and encryption.
• Manage and supervise IT controls restoration systems, including backups, replication, fail-over, and disaster recovery.
• Manage and supervise IT controls detection systems, including monitoring and auditing. Manage data center expansion project successfully.

• Monitored network capacity and performance to diagnose and resolve complex network problems• Provided network support services for devices such as hubs, bridges, routers, and other hardware for more than 700 branches and 3000 ATM.
• Troubleshot complex multi-vendor network service provider issues Within short time.
• Provided complete end-to-end engineering and installation of route-based IP network solutions for 800 ATMs with minimum downtime.
• Managed, tracked, and coordinated problem resolution and escalation processes.
• Performed troubleshooting for Juniper, Cisco, and packet analysis.
• Created VPN infrastructure and allowed for secure remote connections.

- Deploy wireless Access Point on university campus.
- Checking network connectivity