MUSTAPHA BENGALI

Reporting to CEO, directs Corporate Information and Cyber Security for 10 separate global telecom operations (OPCO) across the GCC, Southeast Asia, and North Africa. Defines strategic information security framework and blueprints and ensures regulatory compliance with strict adherence to relevant laws, regulations, and local/regional policies. Trusted advisor to Executive Management and the Board on InfoSec program health and the industry threat landscape.

Represents Company at Mission-Critical National Security Forums, Working Groups, and Committees
➔ Qatar National Cyber Security Strategy Committee
➔ Qatar National Business Continuity Forum (QBCF)
➔ Ooredoo Strategic Security and Resilience Working Group
➔ Project Stadia and Fifa 2020 SCDL Cyber Security Working Group
Security Functions Ranked as one of the Most Mature and Prominent across Qatar within a 2 Year-Period
➔ Transformed the Information Security function from a cost to a profit center. Successfully developed and deployed the Security Information Center while establishing group OPCO security organization and annual strategy.
➔ Developed and implemented Managed Security services for customers. Ensured clean Telecom network while reducing information security risk and maximizing ROSI.
➔ Parlayed expertise to identify, assess, and prioritize risks, developing strategic security plans to close gaps and strengthen company capability to combat threats in support of corporate business objectives.
➔ Led the convergence of technical and physical security controls to better coordinate security resources in emergencies and enable identity-based reporting system.
➔ Architected robust function encompassing governance, risk, and compliance, telecom security architecture, operations, monitoring. Effectively mitigates cyber risk while advising other telcos in the group.
➔ Improved security incident detection through the establishment of Security Information Center, allowing constant monitoring and analysis of networks, servers, and databases.
➔ Collaborated with ERM/Resilience teams to evaluate and manage corporate risk Directs risk identification, assessment, and prioritization.
➔ Worked with the B2B function, in establishing the Managed Securi5ty Services offering from RFP and establishment.
➔ Planned and implemented the national clean pipe (Carrier DDoS) service.

Accelerated Advancement of Governance Framework & Structure through Skilled Deployment across all OPCO’s
➔ Developed and implemented Managed Security services for customers that ensured clean Telecom network.
➔ Established a group-wide Cyber Security strategy with set goals, objectives, policies, and standards frameworks; all OPCOs adopted functions and advisories.
▪ Formulated and executed SOPs to protect information and information systems, ensuring the organization maintains security best practices to comply with ISO 27001 standards and series.

I am a founding member of the Etisalat Information Security team & now the Business Continuity & Crisis management section. I am currently involved in establishing the Business Continuity Management framework for etisalat based on the NEP-T, TRA Directive No. 5 and the BS25999-2:2007 standards.

Prior to this role and as part of the Information Security section, I was involved in Security Governance, Awareness, Policies and Certifications based on ISO 27001; Risk Assessment based on ANZ 4360 & FMEA methods & BS25999 based BCMS and Mobile security projects.


Major Projects.

• Leading the Business Continuity Management System initiative for Etisalat, to enhance resilience of all Critical service and ensure continuity. The BCMS will be based on the new BS25999:2 standards. As part of the project, I have been involved in every service that Etisalat delivers broadly classified within Mobile & Fixed (Voice & Data), Internet, Television, Satellite and Carrier services. The project looks at Technological, Regulatory, Legal, Supplies and other aspects, providing immense exposure to all areas of risk and governance for a Telecom.

• I am leading the BCMS Organization to ensure various Telecom service groups in Etisalat are compliant to the UAE TRA & BS25999:2007 standard for Business Continuity Management.

• Leading the design of the Implementation of for all Information Security projects for Etisalat enterprise. This included securing Etisalat services (Mobile Systems etc.), Etisalat Web services, Etisalat Content provider infrastructure and Etisalat Gateways for staff services (Web, Email, Remote access).

Team member part of the Etisalat E4ME portal BS7799 certification. I was involved in creating Security policies and procedures related to the ISMS scope, creation of the ISMS Manual, performing Risk Assessment using ANZ 4630:2000 and Hybrid methods. I was also involved in the migration for the scope to the ISO 27001 certification.

• Establishing Security Governance and policy framework;
• Setup a framework to monitor measure and report security posture to management.
• Worked closely with business leaders to ensure Etisalat services & products were secured from internal & external threats.
• Developed technology strategies with IT leadership.
• Established a risk Management process to manage organizational Information Security risks.
• Setting up and conducting the security awareness program.
• Leading ISO 27001 ISMS Certifications for various Etisalat internal scopes;
• Internal Auditor for all ISO 27001 scopes in Etisalat.
• Conducting risk assessments based on ISO 27003, ANZ 4360 & FMEA methods.

2000-2002 - Assistant Engineer - Network Security
2002-2003 - Engineer - Network Security
Profile - Risk based network security design, implementation & maintenance. (Firewalls & IDS, Antimalware gateways) for Telecom infrastructure.
2003 - 2007 - Senior Engineer - NISD (Network & Information Security department)
2007-2008 - Manager, Information Security

Softcell Technologies is a leading Information technology services and solution provider based in Mumbai, India. My roles were as follows:-

• Founding member of the IT Services & Security team and responsible for IT & Security Planning, Design and Implementation for Softcell customers. It involved understanding the network/infrastructure, risk and ensure that adequate controls were implemented.

I worked for the Network Team at the Ministry of Information, Riyadh Saudi Arabia.

My role was to manage and administer an IP network running for systems and application servers and planning for new MOI systems.