Senior Manager Information Security
National Water Company
مجموع سنوات الخبرة :24 years, 4 أشهر
• Aligning Information Security to business & transforming strategic initiatives into actionable sets of processes & controls.
• Developing and implementing a SABSA-based Enterprise Security Architecture.
• Developing and maintaining the enterprise-wide information security strategy, policies, procedures & risk methodology by ensuring alignment with enterprise goals and objectives, leading industry standards, and applicable laws and regulations.
• Developing and maintaining security governance framework, operating model, and information security portfolio in line with leading practices, laws, and regulations.
• Defining, managing, and monitoring cybersecurity KPIs.
• Managing and delivering regular cybersecurity executive reporting and communication.
• Performing security and risk assessments; assessing the effectiveness of existing policies and controls; and recommending remediation/measures (Risk Treatment Plans).
• Driving the life cycle of identification, prioritization, & remediation of risks and vulnerabilities.
• Managing and supporting National Cybersecurity Authority (NCA) controls implementation, including Operational Technology Security Controls for critical national infrastructure in NWC Headquarter and six regional clusters covering all over KSA. NCA controls frameworks including ECC, OTCC, CSCC, TCC, DCC, CCC, OSMACC,
• Developing and maintaining data classification framework aligning with National Data Management Office (NDMO) regulations.
• Implemented security solutions including vulnerability management, file integrity management, mobile device management, data classification, data rights management, and data leakage protection.
• Providing Hajj security assessments before the annual Hajj season for all the holy sites including Makkah, Arafat, Mina, etc.
• Providing consulting services for security solutions, including Identity and Access Management, SIEM system architecture, design, implementation, and system integration to ensure successful solution delivery.
• Implementing and maintaining security standards, including NIST, ISO 27001, SWIFT Cyber Security Framework, and other regulatory requirements and best practices for the entire infrastructure.
• Providing Subject Matter Expertise (SME) to IT & business with regard to Risk Assessment, Identity & Access Management, and Security Operations Centre (SOC).
• Mentoring employees to enhance their security skills.
• Assisting development of the security awareness program/campaign.
• Developing RFI/RFPs for new security solutions requirements, conducting gap analysis for security solutions & processes, performing proofs of concepts, User Acceptance Tests, and deployments in production environments.
• Advising management and leadership on matters related to cybersecurity governance, best practices, and regulatory requirements.
• Ensuring ongoing collaboration with relevant governance teams to improve the governance and performance of controls.
• Working closely with internal groups, including Human Resources, Corporate Governance, IT Governance, Internal Audit, Legal, and Compliance on matters of policy, risk management, and compliance.
Responsible to build a company-wide information security strategy and vision. Working with senior executive management, oversee the creation and maintenance of IT security policy, leads security risk assessment efforts, identify and evaluate all critical systems. Design and implement security processes and procedures and perform cost benefit analysis on all recommended strategies. Also advises and collaborates with group units on business requirements, business continuity and disaster recovery plans, audit and governmental/institutional compliance practices. Collaborate with external auditors to conduct in-depth compliance audits and penetration testing, presenting all results to senior executive management. Develop curricula and facilitate awareness training for management and employees.
Responsibilities: •Manage to gather business requirements for Finance, Assets Management, Custody and other business operations.
•Leading all stages of system selection project including co-ordination between business units and vendors, detailed requirements definition (RFI), system architecture, proof of concept exercise, testing etc.
•Manage the development and implementation of overall IT security and other policies, standards, guidelines and procedures to ensure ongoing maintenance of security.
•Information protection responsibilities includes network security architecture, monitoring network access, maker checker functions in financial applications reviewing logs and access rules etc.
•Oversee incident response planning as well as the investigation of security breaches, and assist with regulatory matters associated with such breaches as necessary.
•Conduct regular internal security audits of systems and software as well as for business operations to ensure compliance with all security controls defined in company policies and Tadawul /CMA security and E-trading requirements and report results to executive management.
•Successfully migrated corporate email server from legacy version to Exchange 2010 and configured high availability using DAG.
•Responsible for migrating the corporate emails and active directory to the cloud using office 365.
•Administration and support of ERP system to the satisfaction of users, through direct support and/or escalation of problems to vendor. This includes patches, upgrades and enhancements.
•Examine, validate & prioritize new application requests, change requests from users in agreement with business & IT side.
•Liaise and supervise the validation of user testing on new IT systems and enhancement with the business users.
•Perform backup of corporate central data on daily, weekly, monthly and yearly basis as per policy.
•Configure firewalls and tune its traffic to minimum required and by applying best practices of security.
•Troubleshoot networks, systems and applications to identify and correct malfunctions and other operational difficulties.
•Maximize & optimize the use of network resources.
•Responsible for documenting the configuration of the systems.
•Developed and maintained company-wide business continuity program that addresses disaster recovery, business recovery and emergency response management.
•Produce and update BCP/DR materials and documentation for e.g. plans, emergency response procedures, call lists, test results etc.
•Plan and coordinate all business continuity technical and user testing.
•Work closely with IT to develop / maintain disaster recovery plans for critical systems and applications and to ensure that internal recovery sites are updated and functioning properly.
•Perform risk analyses for functional area to identify points of vulnerability, single points of failure and identify risk avoidance and mitigation strategies.
•Analyze and report on implications of regulatory requirements on BCP/DR programs.
•Assisting in all stages of system selection project including detailed requirements definition, evaluation system architecture, proof of concept exercise, testing and co-ordination between business units and vendors etc.
•Working with Project Managers in all aspects of project management / project documentation / liaising with the vendor and keeping track of all outstanding issues and their resolution.
•Manage to gather business requirements for Finance, Assets Management, Custody and other business operations.
•Manages day-to-day operational aspects of a project and scope.
•Maintain and ensure project documentations are complete, current, and stored appropriately.
•Facilitates project team and vendor meetings effectively.
•Coordinating the various components which contribute to the project as a whole to ensure they are being delivered on time; ensuring that deadlines are met; and updating staff and keeping all interested parties in the project informed of progress and any issues which may arise.
•Gathering user requirements and help preparing the workflows.
•Follow-up on outstanding issues.
•Maintaining control and ownership of system integration and user testing.
•Providing ongoing system support to all the users in all aspect of the system.
Position Objective: Responsible for installing, supporting, and maintaining servers or other computer systems, and planning for and responding to service outages and other problems. Other duties may include project management for systems-related projects, supervising or training computer operators, and being the consultant for computer problems beyond the knowledge of technical support staff.
Responsibilities:
• Installation of new Server Systems.
• Installation of Antivirus Servers and automatic clients.
• Installation and administration of the servers WSUS, Web, SharePoint, VPN etc.
• Installation and administration and daily follow up of Exchange front end and back end and publishing that in the firewall.
• Installation and administration and daily follow up of ISA Server and creating its catch and access rules, and publishing that in the firewall.
• Applying operating system updates, patches, and configuration changes.
• Installing and configuring new hardware and software.
• Adding, removing, or updating user account information, resetting passwords, etc.
• Answering technical queries.
• Responsibility for IS security.
• Responsibility for documenting the configuration of the system.
• Troubleshooting any reported problems.
• Insuring that the network infrastructure is up and running.
Responsibilities:
• Managed a 15-members technical support department as a whole.
• Administration of Exchange Server 2003 & ISA Server 2004.
• Implemented Security using Security Configuration and Analysis tool.
• Configured new group policy objects for security and assign logon scripts within group policy at the OU level.
• Checking security holes on daily basis using network security scanner.
• Installed and configured SUS Server to automate the process of updating client computers on network for updates and security patches.
• Implemented IPSec policies and IP Filter Rules to provide additional security on network.
• Configured VPN Servers for remote connections.
• Providing desktop and network support to 90 branches of Bank including Head Office.
• Managing inventory of Head Office and all branches of Bank.
• Managing and procurement of new PCs and other IT equipment requirements from all over branches.
• Installation of Servers and PCs.
Responsibilities:
• Installation, Configuration and Administration of Windows NT 4.0 and Server 2000.
• Troubleshooting TCP/IP related configuration problems
• Managed Exchange Server 2000.
• Define Backup procedures for network environment in general.
• Troubleshoot in-house network and customer premise based problems.
• Manage Hardware/Software/OS installation and Support.
• Configure DD Link (Router) (WAN Connectivity 128 K).
• Complete Setup and Configuration of Internet and E-Mail for LAN Environment through router.
• Provide Internet Sharing to all LAN users using Microsoft Proxy Server, ISA Server and Win Route.
• Performing Windows NT/Server 2000 domain administration for users administration.
Responsibilities:
• Provided complete Computer Hardware solution to Clients.
• Assembled PCs, Installing Operating System and required software’s.
• Troubleshooting of Software/Hardware/IRQ/Driver-conflict related problems.
• Troubleshoot and/or Configure local LAN for Internet Sharing.
Job description included to:
• Maintain MCSE/MCSD/MCDBA Computer Lab.
• Conduct practical/hands-on classes in lab.
• Helped network students in their practical/hands-on projects.