Responsible for managing the technical risk in terms of information & physical security and business continuity functions of the bank. The division includes dedicated sections responsible for business continuity management, security operations, centralized access management of critical systems and applications and cards fraud monitoring.
Information Security Management
Experience of 15+ years in managing information security programs, information security compliance programs, IS security and control strategies based on the industry standards including ISO 27001 and COBIT. Security product and service evaluations, IS Risk Management and security business case analysis.
Key Achievements
Created security-conscious culture through policy, training and education.
Prevented potential losses by performing risk assessments on systems, networks and applications and developing minimum security baselines and internal audit checklists.
Streamlined incident response by developing and testing formalized plan, acting as primary coordination point and driving remedial actions when necessary.
Ensured compliance with local regulators including Central Bank of Oman, Capital Market Authority and other commercial regulations such as PCI-DSS.
Executed key enterprise projects like establishment and implementation of data classification framework, risk assessment, data loss prevention solution, log and vulnerability management solutions.
Physical Security Management
Responsible for management of the physical security setup across the banks premises in all three countries.
Key Achievements
Established the physical security framework including the policy and associated procedures in-line with Central Bank of Oman & Royal Oman Police guidelines.
Implemented key projects including centrally monitored CCTV surveillance system, Access control system, Fire alarm system, Security alarm system across the head office buildings, branch and offsite ATM network.
Business Continuity Management
Masters Business Continuity Professional (MBCP) with 7+ year experience in developing, documenting, implementing, testing and analyzing business continuity and disaster recovery plans based on industry standards.
Key Achievements
Successfully developed and documented business continuity strategies and plans for the recovery of key functions including retail branches, treasury dealing room, mortgage processing center, card processing center and administrative units.
Simulated disaster scenarios and tested strategies, plans and procedures to validate that recovery requirement are met. Coordinated testing between data centers, work sites and third parties, involving management and staff.
Developed and implemented Emergency Management Team and Crisis Management infrastructure to enhance corporate response to disasters affecting core business processes.
Developed and presented high level contingency planning program to the top management and Board Risk Committee.
Managed the bank’s crisis management process during major disaster situations including the tropical cyclone Gonu (2007), tropical cyclone PHET (2010) and country wide social disturbance (2011).
Key routine business continuity management activities including Business Impact Analysis, Risk Assessment, Technology Gap Analysis, etc managed internally.
Cards Frauds Management
Established cards fraud management section in 2007 and associated framework to monitor cards frauds offline and investigate the reported fraud cases. Liaison with Visa, MasterCard, other Issuing / Acquiring Banks on fraud related issues. Implemented real-time cards fraud monitoring solution (RiskNet).
Cross Functional Assignments
Secretary of Board Risk Committee (from 2008 to 2012)
Responsibilities include organization and management of quarterly board risk committee meetings, preparation of the meeting agenda & minutes and follow-up action plans.
- مجال الشركة:
- البنوك
- الدور الوظيفي:
-
تكنولوجيا المعلومات
