Chief Information Security Officer
Shadi International Dental and Orthodontic Center
Total des années d'expérience :17 years, 5 Mois
• Strategic Leadership: Spearhead the development and implementation of comprehensive information security strategies and policies across the organization. Collaborate with senior management to align security initiatives with business objectives.
• Risk Management: Conduct regular risk assessments to identify vulnerabilities within the IT infrastructure. Develop and implement risk mitigation strategies to protect sensitive patient and organizational data.
• Compliance and Standards: Ensure compliance with healthcare industry standards and regulations, including ADHICS. Regularly update security protocols to meet evolving regulatory requirements.
• Incident Response: Lead the response to security incidents and breaches. Develop and maintain an incident response plan, ensuring rapid and effective action in the event of a security threat.
• Team Leadership and Development: Manage and mentor a team of IT security professionals. Foster a culture of continuous learning and improvement within the team.
• Technology Implementation: Oversee the selection and deployment of advanced security technologies, such as next-gen firewalls, anti-malware software, and intrusion detection systems.
• Training and Awareness Programs: Develop and conduct organization-wide security awareness training programs to educate employees about cybersecurity best practices and emerging threats.
• Vendor Management: Work closely with external vendors and partners to ensure that third-party services meet the organizations security standards.
• Budget Management: Responsible for the allocation and management of the information security budget, ensuring optimal investment in security resources.
• Reporting and Analysis: Provide regular reports to senior management on the status of information security, highlighting potential areas of improvement.
Development and implementation of comprehensive information security strategies and policies across the organization.
Collaborate with senior management to align security initiatives with business objectives.
• Ensure compliance with healthcare industry standards and regulations, including ADHICS. Regularly update security
protocols to meet evolving regulatory requirements.
• Formulated and executed comprehensive company-wide security policies, aligning with the Abu Dhabi Health Information
and Cyber Security (ADHICS) standards. Successfully integrated these policies across all departments, ensuring robust
compliance and enhancing our overall security framework in accordance with regional healthcare security regulations.
• Conduct regular risk assessments to identify vulnerabilities within the IT infrastructure. Develop and implement risk
mitigation strategies to protect sensitive patient and organizational data.
• Lead the response to security incidents and breaches. Develop and maintain an incident response plan, ensuring rapid and
effective action in the event of a security threat.
• Successfully conducted regular vulnerability assessments across the organization, identifying and addressing potential
security risks to maintain a robust and resilient IT infrastructure in line with industry best practices.
• Led the establishment of business continuity and disaster recovery protocols in line with ADHICS standards, ensuring
operational resilience and compliance with regional healthcare security regulations.
• Manage and mentor a team of IT security professionals. Foster a culture of continuous learning and improvement within the
team.
• Oversee the selection and deployment of advanced security technologies, such as next-gen firewalls, anti-malware software,
and intrusion detection systems.
• Develop and conduct organization-wide security awareness training programs to educate employees about cybersecurity
best practices and emerging threats.
• Led the ADHICS audit, steering the organization to a successful compliance score. Demonstrated strong adherence to
regional healthcare cybersecurity standards, reinforcing our commitment to data protection and security.
• Work closely with external vendors and partners to ensure that third-party services meet the organization's security
standards.
• Responsible for the allocation and management of the information security budget, ensuring optimal investment in security
resources.
• Provide regular reports to senior management on the status of information security, highlighting potential areas of improvement.
Achievements
• Implemented the ADHICS framework across the organization, strengthening data security controls, reducing risk exposure,
and ensuring compliance with healthcare regulations.
• Led the preparation for the ADHICS audit, resulting in the organization achieving a strong compliance score.
• Developed and delivered a comprehensive information security awareness training program, increasing employee
understanding of cyber threats and best practices.
• Led the organization-wide implementation of the Heimdal Next Gen Endpoint Security solution, enhancing cybersecurity
defences across all endpoints.
• Develop and maintain an information security strategy that aligns with the organizations business objectives and risk appetite. This includes identifying security goals, defining security policies, and establishing a roadmap for implementation.
• Create, update, and enforce information security policies and procedures to guide the organizations personnel in their security responsibilities and adherence to best practices.
• Conduct regular risk assessments to identify potential security vulnerabilities and threats. Develop risk mitigation plans and
• coordinate efforts to minimize security risks to an acceptable level.
• Ensure the organization complies with relevant industry regulations (e.g., ISO 27001) and internal security standards. Monitor changes in regulations and update security practices accordingly.
• Regularly report on the organizations security posture, incidents, and compliance status to executive management and other relevant stakeholders.
• Oversaw the design and implementation of security controls, including Next-Gen firewalls, intrusion detection and prevention systems, Email Security Solutions, Next-Gen Endpoint Security Solutions, Identity and Access Management Solutions, SEIM Solutions etc.
• Implement data protection measures, such as data classification, encryption, and access controls, to safeguard sensitive information from unauthorized disclosure or alteration.
• Ensuring Periodic Vulnerability assessment and Penetration Testing are established and managed effectively to obtain information about technical vulnerabilities of information systems in a timely fashion, evaluate assets exposure to such vulnerabilities, and apply appropriate actions to mitigate the associated risks within defined timelines.
• Developed, implemented, and operated controls to secure Azure cloud-based systems and Perform cloud security risk assessment for cloud applications in Azure.
• Collaborated with cross-functional teams to design and implement disaster recovery plans for operating systems, databases, networks, servers, and software applications with an emphasis on security.
• Implement systems and tools to monitor the organizations information systems continuously. Conduct security audits to assess the effectiveness of security controls and identify areas for improvement.
• Evaluated and selected security technologies and vendors, negotiating contracts and managing vendor relationships.
• Organize and conduct security awareness training sessions for employees to educate them about security threats, best practices, and their roles in safeguarding sensitive information.
Achievements
• Led the implementation of ISO 27001 framework across the organization, ensuring compliance with international information security standards.
• Developed and implemented a comprehensive risk management framework, providing a structured approach to risk identification, assessment, and mitigation.
• Implemented an incident management framework, establishing a structured process for responding to and resolving IT incidents, improving service availability.
• Enhanced organizational cybersecurity by strategically implementing critical security solutions such as a Next-Gen Firewall, Next-Gen Antivirus, Email Security, and a SIEM solution.
• Developed a data classification framework and implemented RBAC controls, effectively managing access to sensitive information based on its classification.
Developing and implementing IT strategies aligned with the organizations overall business goals which includes working with
senior management to identify technology needs, plan IT projects, and create budgets for IT initiatives.
•Developing and implementing IT policies, procedures, and standards to ensure consistent and secure IT practices across the
organization.
•Managing all security systems and their corresponding or associated software, including firewalls, intrusion detection systems,
Emails, Laptops, Desktops, Servers, VM’s and Endpoint Security according to Industries best practice.
•Managing IT projects from inception to completion, ensuring they are delivered on time, within budget, and meet the desired
objectives. This involves creating project plans, assigning tasks, and monitoring progress.
•Prepare, manage & control IT department budget (CAPEX and OPEX).
•Responsible for the administration of Firewalls, Wireless Access Points, Endpoint Security, Backup Solutions, SharePoint,
Exchange Server, Office 365, CCTV Systems, Biometric Systems, Audio Video Solutions, Avaya IP phone systems.
•Evaluating and selecting third-party vendors and IT service providers. Negotiating contracts, managing vendor relationships, and
ensuring service level agreements are met.
•Staying up to date with emerging technologies and assessing their potential value to the organization. Recommending and
overseeing the adoption of new technologies that can improve efficiency and productivity.
•Regularly reporting to senior management on IT performance, projects, and initiatives. Effectively communicating technical
concepts to non-technical stakeholders.
•Supervising and leading a team of IT professionals. Responsible for hiring, training, and evaluating team members to ensure a
capable and efficient workforce.
• Developing and implementing IT strategies aligned with the organizations overall business goals which includes working with senior management to identify technology needs, plan IT projects, and create budgets for IT initiatives.
• Developing and implementing IT policies, procedures, and standards to ensure consistent and secure IT practices across the organization.
• Managing all security systems and their corresponding or associated software, including firewalls, intrusion detection systems, Emails, Laptops, Desktops, Servers, VMs and Endpoint Security according to Industries best practice.
• Managing IT projects from inception to completion, ensuring they are delivered on time, within budget, and meet the desired objectives. This involves creating project plans, assigning tasks, and monitoring progress.
• Prepare, manage & control IT department budget (CAPEX and OPEX).
• Responsible for the administration of Firewalls, Wireless Access Points, Endpoint Security, Backup Solutions, SharePoint, Exchange Server, Office 365, CCTV Systems, Biometric Systems, Audio Video Solutions, Avaya IP phone systems.
• Evaluating and selecting third-party vendors and IT service providers. Negotiating contracts, managing vendor relationships, and ensuring service level agreements are met.
• Staying up to date with emerging technologies and assessing their potential value to the organization. Recommending and overseeing the adoption of new technologies that can improve efficiency and productivity.
• Regularly reporting to senior management on IT performance, projects, and initiatives. Effectively communicating technical concepts to non-technical stakeholders.
• Supervising and leading a team of IT professionals. Responsible for hiring, training, and evaluating team members to ensure a capable and efficient workforce.
Achievements
• Awarded Best Employee of the Year in 2015 in recognition of outstanding contributions.
• Led the implementation of a wide-ranging IT infrastructure (datacentre, cloud services (M365), networking, security solutions, telephony, AV, etc.), creating a robust technology foundation for organizational success.
• Provide first-line technical support to end-users via various channels, including phone, email, chat, or in person.
• Diagnose and resolve hardware, software, and network-related issues reported by end-users, ensuring timely resolution to minimize downtime.
• Install, configure, and maintain computer systems, hardware, software, printers, and other peripherals.
• Troubleshoot and maintain local area networks (LAN) and assist in managing wide area networks (WAN).
• Set up and manage user accounts, permissions, and access rights across various systems.
• Collaborate with the IT team to implement and maintain IT security measures, including antiviruses, software updates, patches, and system upgrades.
• Perform regular backups and disaster recovery procedures to ensure data integrity and availability.
Bachelor Of Engineering in Electronics and Communication