Information Security Engineer
Telecommunication Department - State of Qatar
Total des années d'expérience :17 years, 11 Mois
- Create and maintain information security strategies and roadmaps for Telecommunication Department
- Define and implement information security policies, procedures, frameworks guidelines and controls to secure and protect data in transit, data at rest and data in use
- Supports our Risk Assessment Program by leading and completing and assessment activities utilizing the ISO27005 Risk Management framework
- Assesses security gaps in the current operating procedures against regulatory requirements, national standards (NIA), international standards (ISO 27001), corporate policies and industries best practices
- Advising security controls, procedures and guideline to the core telecom services which are provided nationwide that includes TETRA, LTE, MPLS and IPT services
- Ensuring the security of information with respect to its confidentiality, integrity and availability while dealing with third parties, contractors or external clients
- Established multiple committees to gain the management commitment to information security such as Information Security Staring Committee and Change Advisory Board
- Support pure technical assessments which includes Vulnerability Assessment and Penetration Testing, source code reviews, technical audits by creating RCM (Risk and Control Matrices) for core services such as Datacenter, Security Operation Center, TETRA, LTE, MPLS and IPT
- Act as liaison between the technical teams and top management by preparing and presenting monthly management report to the top management. In this report the implementation status of Information security program in accordance with the road map at glance, security and operations incidents happened during the month, major issues and roadblocks facing by the technical teams, critical project risk assessment results and audit finding are demonstrated to the top management
- Prepare training and awareness programs on different security subjects relate to security policies, frameworks and threat scenarios, and provide training to corporate staff
- Managed a team to perform different engagements in different countries in Middle East region
- Developed and maintained relationships with different clients by providing extra support during the engagements
- Developed technical and financial proposals for clients along with the resource planning
- Maintained balance within the team and support them by providing on-site trainings
- Delivered quality work, prepare concrete reports and present them to clients
- Developed policies, procedures and guideline for different clients considering their regulatory requirements such as NESA, SAMA, PTA etc
- Developed risk management frameworks for different clients and prepared Risk Assessment and treatment plans
- Performed security gap assessment by ensuring the practices based on different security frameworks
- Prepared RCM for different technologies based on Research & Development, and delivered quality reports to the client
- Performed detailed assessment for SCADA systems at Daleel Petroleum Company, Oman
- Preformed network infrastructure reviews for multiple client
- The key clients where services were provided are including Qatar Petroleum, GDC, Supreme Committee, Saudi Aramco (SAOC, TRADCO and SATORP), Bank Muscat, Oman Gas Company, Daleel Petroleum, Emirates Lebanon Bank, Oman LNG, ONEIC, DEWA, Abu Dhabi Terminal etc
- Development of IT Security Policies according to Government policies ‘National Telecommunication and Information Technology Security Board (NTISB)’ parallel to ISO 27001
- Developed of Risk Assessment Templates in accordance with ISO 27005
- Risk Assessment and Treatment for all information assets and 36 different sites
- Preparation of Statement of Applicability (SOA)
- Preparation of Risk Register
- Implementation of Domain Group Policy Objects (GPOs) and Object Users (OUs) according to EY international best practices
- Understanding and Review of Current Network Architecture (Comprising of Design, Perimeter Security, Routers, Firewalls, Servers and Applications)
- Understanding and consulting SAP, Oracle and HP-UX Server Security
- Development & Implementation of Procedures including Change Management, Logical Access and Incident Management
- Involvement in preparation of Disaster recovery plans
- Vulnerability assessments and Penetration testing performed Corporate and Industrial Control Systems’ networks.
- Engaged with multiple advisory engagement simultaneously
- Preformed security gaps assessments as a part of team for multiple clients based on ISO 27001
- Performed detailed technical security assessments including VAPT, Compliance Reviews, Web Applications Security Assessment, and Social Engineering Tests and Awareness.
- Performed ERP review such as MiSYS, Oracle Financials, SAP etc, application control reviews, source code review and network infrastructure reviews
- Assist in the development of proposals for RFP’s
- Develop presentations and material for business development purposes
- As a part of team, performed Forensic Investigations for three major clients in Pakistan
• Setting up workstations
• Hardware and Network Installation and Management.
• Installation, configuration, support and troubleshooting for operating systems applications including Windows XP, 2000, Office XP
• Troubleshooting, Installation & configuration, network laser printers
• Antivirus Installations and Firewall & proxy configurations.
• MS Exchange management (TCP/IP, SMTP, POP3) along with Lotus Notes on some systems..
• Network support (cabling, patching).
• Setting up new users and creating email groups.
• User support service for students and staff.
• Range of standards-based technical support for computer hardware & software.
• Support for installation and fault-diagnosis in respect of standard hardware and software.
• Providing students and staff with classroom and one to one based training on UEL packages from induction through to an advanced level
• Assistant of Network Administrator to assist network problems.
• Sort out Macintosh Hardware/Software Problems.
• Student Database support system.
• Backup and Recovery Assistant
• Maintaining and regular update the system.
• Network Security • Multimedia Design • Distributed Object Engineering • E-Commerce • Dissertation Research on wireless networks (WiFi, Bluetooth and IR)and their policies and procedures along with flaws and solution of flaws
• Strategic Information Planning • Object Technology • Database Management System • Business Process Reengineering • Design of Corporate Computer Networks • Human Computer Interaction • Programming for Internet • Professional Issues • Final Year Project To develop a Real Estate Agency System that can track property in the given location map that is developed in Oracle and Developer. It based on one server (i.e., Administrator) and two clients (i.e., Data Entry Operator and Client support)
