Senior Manager - IT & IS Audit
Nakheel
Total years of experience :19 years, 0 Months
● Play a dynamic role in IT risk assessments and assist the Head of Department in the development of the IT audit plan for the various business units/ departments of the company.
● Plan individual engagements assigned, by (i) performing IT application/infrastructure/process understanding and documentation allowing identification of key processes and associated risks and controls; then (ii) prepare risk and control matrix and/or audit program to facilitate testing and meet engagement objectives.
● Prepare internal audit reports and corresponding presentation materials containing audit issues along with suggested action plans and business recommendations to allow the audit client to make the necessary improvements to its processes.
● Effectively support operational and financial teams on their assignments as and when necessary.
● Assist the Head of Department to champion information systems control, IT risk management and governance concepts throughout the business to assist management in such areas through consulting engagements and special projects.
● Participate in or lead any special audit assignments or fraud investigations mandated by the Head of Department or Audit Committee/ Board of Directors.
● Participate in the preparation of periodic reports and presentations to the Audit Committee / Board of Directors.
● Stay abreast of IT best practices both internally and externally with regard to auditing and in sharing them with other members of the audit team and the company, as a whole, if applicable.
● Ensure that detailed audit work is effectively focused on areas assessed as high risk, thus ensuring maximum payback from the assignment.
● Represents the Internal Audit function in meetings with external parties, including Government Audits (FAA), Dubai Electronic Security Council (DESC) and similar parties.
● Supports the head of department in optimization of Data Analytics, Continuous Audit Monitoring, Risk Management.
• Identifying, assessing, evaluating and reporting on Cyber Security risks in a manner that meets external and internal requirements, as well as supports forming a 360-degree view on enterprise cyber risks for MAF Entertainment
• Architects, designs, implements, and maintains information system security controls and safeguards pertaining to company IT assets and data
• Analyses trends, news and changes in threat and compliance environment with respect to organizational risks, advises IT senior management in developing and executing plans for compliance and mitigation of risks
• Define and implement appropriate KPIs to measure cybersecurity posture of the company
• Good understanding of managing internal and external audits (ISO & PCI) and assurance activities, including testing the design and operational effectiveness of security controls
• Comprehensive understanding of Cyber Security Frameworks (NIST, ISO 27001, GDPR, NESA, COBIT, PCI, etc.)
• Ability to review and coordinate changes to information security policies, procedures and standards
• In-depth knowledge and hands on in Security Domains: (Network Security, Endpoint Security, EDR, Data Security, SIEM, DLP, SOAR, Deception, Threat Hunting and Cloud Security, Audit & Compliance)
• Experience with Security functions including Incident Management, Change Management, Identity and Access Management, and Vendor Security Risk Management
• Good Knowledge of SIEM solutions like LogRhythm, ArcSight, and IBM QRadar, SIEM Architecture and health checks
• Review and responds to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; interacts and coordinates with third-party responders
• Experience with IDAM industry standard methodologies and related solutions such as Active Directory, Azure AD, LDAP, SSO, MFA, etc
• Experience with PAM solutions such as SailPoint and CyberArk
• Strong understanding and experience with secure SDLC and DevOps and security automations
• Ability to operate and lead in a fast-paced organizational transformation and able to navigate and champion change across organizational complexity
• Project Management: Sources and implements new fit-for-purpose security solutions based on changing threat landscape to effectively protect the organization
• Effectively communicate with other teams involved in projects during entire project lifecycle
• Play the role of subject matter expert and support vendor to implement various InfoSec/Digital projects within MAF Entertainment.
• Conducts internal security audits, IT risk assessments, and business impact assessments and identify strategic opportunities to adopt industry-leading information security and compliance standards
• Applied effective time management techniques to meet tight deadlines.
• Demonstrated a high level of initiative and creativity while tackling difficult tasks.
• Cultivated interpersonal skills by building positive relationships with others.
• Used strong analytical and problem-solving skills to develop effective solutions for challenging situations.
• Exercised leadership capabilities by successfully motivating and inspiring others.
• Participated in team projects, demonstrating an ability to work collaboratively and effectively.
● Experience in IT risk management with strong understanding of cyber threats, vulnerabilities, probability and impact.
● Perform deep analysis across a full spectrum of IT and Data Security areas, including review of Application, Infrastructure, and Cloud Risks and controls (including Logical Access, Change Management, Vulnerability Management, and assisting with 3rd party risk assessments).
● Assist and coordinate development/update of IT and Security Standard Operating Procedures (SOPs), contribute to governance and policy updates through assessment, research, and recommendations.
● Identify and bring together the appropriate resources, subject matter experts, and stakeholders to meet goals.
● Work directly with business units and other internal departments to facilitate cybersecurity risk analysis and management processes, identify acceptable levels of residual risk.
● Evaluate Confidentiality, Integrity and Availability of the IT Systems based on the criticality of Assets to the Business Operations.
● Provide support to data protection programs, including insider threat Management and Data Loss Prevention (DLP).
● Reviews Access controls on Windows Servers, SUN Servers and Network systems through IDAM solution.
● Review high privileged user accounts (ex. Root, system, Administrator etc...), permissions, and access rights.
● Tracks and reports cyber security risk management trends, opportunities and remediations.
● Administered various IT audits such as ITGC, Data Centre review, Network Security, Oracle ERP review of Finance, & Procurement modules, IT Physical Controls, Mobile Apps, Sales Force (Sales & Service Clouds), Leasing System, Avaya & Cisco Telephony, 3CX, Tenfold, MDM Integration Audits, Cryptocurrency, GDPR, Payment Gateways, Yardi, Opera, Data Lake, etc.
● Plan and conduct vendor assessments across multiple IT systems. Perform Independent analysis of results of vendor assessments and testing to assess risks and provide appropriate recommendations for corrective actions.
● Knowledge of working with TeamMate, RSA Archer, and Power BI
● Advised senior management by identifying critical security issues, recommending risk-reduction solutions.
● Partnered with Data Engineering team to research and experiment with emerging Data Quality Profiling technologies and tools associated to data quality, metadata, data governance.
● Defined Data Governance roles, accountability, and ownership and decision rights within organization.
● Promoted culture of data protection compliance across all units within the organization
● Lead the highly successful Security Information and Event Management pilot program for DAMAC using LogRhythm SIEM to monitor internal/external threats; assessed process/hardware risks, identified threat vectors, identified security policies, and approved rules for LogRhythm SIEM.
● Managed Cyber Security projects such as Cyber Security Framework creation, Run book development for threat response, Incident response on Cyber Attack, SOP preparation for Cyber Attack.
● Reviewed & Evaluated Managed Security Solution Provider (MSSP) partners for DAMAC.
● Extensive knowledge and hands on experience on Cyberoam UTM, Trend Micro Office Scan Suite, Cisco Firewall ASA, SIEM, Forcepoint DLP, etc.
● Design and implement Information Security risk management processes including conducting periodic security assessments/inspections/audits of facilities and provide reports, recommendations and action plans on ways to improve and diminish any security threats the company may face in line with internal applicable policies and procedures.
● Analyze company requirements to ensure cyber security solution meets objectives by combining industry best practices, product knowledge, and business acumen.
● Act as a high-level technical expert, providing knowledge and analysis of Cyber Security software applications and operational environments.
● Track, analyze, and contain spam and malware emails through advanced hunting.
● Research, analyze and evaluate current technical cybersecurity trends, emerging technologies and standards, new software functionality, and alternative software solutions to determine applicability and viability
● Configure & monitor different attributes and handling scale up and scale down scenarios for the application on Cloud.
● Knowledge of network protocols and services (e.g., OSI model, IP networking, TCP/UDP familiarity, HTTP, SMTP).
● Experience of other commercial and open-source security tools (e.g., Firewalls, IPS, anti-malware).
● Interacting and partnering with Security Operations Center (SOC) team members as an escalation resource expert for incident response activities.
● Correlate and analyze events using the ArcSight SIEM tool to detect IT security incidents.
● Monitor multiple security technologies, such as SIEM, IDS/IPS, Firewalls, Switches, VPNs, and other security threat data sources.
● Conduct analysis of log files, including forensic analysis of system resource access.
● Respond to inbound requests via phone and other electronic means for technical assistance with managed services.
● Respond in a timely manner (within documented SLA) to support, threat, and other cases.
● Managed compliance requirements for ISO 20000 & ISO 27001 as per internal & external IT audit requirements.
● Managed & Implemented HP Service Manager (Helpdesk Solution), to fit the environment including solution administration, reporting, querying etc. in one of client of Paladion (GCAA).
Internal Audits; Information Security Audits; Compliance reviews, Third Party Information Security Audits; Application Audits; Vulnerability Assessment & Penetration Testing’s;
•Conducted info Sec audits as per ISO 27001:2005 and Internal Audits based on Cobit & ITGC.
•Executed application audits for clients in the Banking, Broking, Healthcare, IT & ITeS industries.
•Conducted IS awareness workshops & seminars and post implementation review for ERP Systems.
•Played Pivotal role in the CERT-In Qualification for BDO Consulting Pvt. Ltd.
•Successfully developed many IT processes for a Healthcare Client.
Key Profile: Solution Installation & Maintenance; Network Devices Maintenance; Desktop Management through Proprietary Solution; Patch, Antivirus, Spywares & Asset Management; Troubleshooting & Remote Support;
•Program Manager for various projects including Desktop/Server management and Network administration.
•Managed a team of Engineers for handling remote installations and delivering technical support.
•Maintained Routers L3/L2 Switches, Firewalls & Enterprise setup including Win2000/2003, Win XP, LAN/WAN.
•Administered performance and application of Servers.
•Handled CISCO and 3Com Routers and authenticated VLAN on 3Com Switches and Cisco Switches.
•Instrumental in re-engineering Network Infrastructure and IT Infrastructure.
•Assisted the Network Operation Centre (NOC) Engineers in maintaining clients’ networks & server globally.
Key Profile: Project Execution (Active Directory and Exchange 2003), NT Backup Management; Server Installation; Antivirus Management; DHCP & DNS Management; Project Management
•Managed active directory domains and TCP/IP, DHCP, DNS, Terminal Services & IIS and FTP.
•Handled NT Backup, performance monitoring & tuning, automation scripts & task scheduling activities.
•Managed Server Resource with the help of disk quotas & user permissions on Files & Printers.
•Handled Network Configuration (Internet & LAN) and Proxy Configuration.
•Played Pivotal role in the successful migration of Active Directory from NT to Exchange 2003.
•Successfully implemented Exchange 2003 and Asset management Solution (Zenith SAAZ).
Master in Business Administration - Information Technology