Manager, Information Security
Gulf International Bank
Total years of experience :21 years, 4 Months
Coordinate the PCI DSS review and collect the evidence requirements for PCI DSS
Perform the risk assessment activity for PCI DSS card holder environment
Review and develop security configuration standard for windows 2012 and IIS 8.0
Configure and implement group policy for windows 2012 server (domain member and Domain controller)
Review access on several applications
Develop access matrix for new applications
perform security applications
• Perform security audits and PCI DSS reviews. This including create and implement compliance reviews:
o Firewall review
o IPS review
o Network components review
o Access control review
o System Configuration review
o Antivirus configuration and logs review
o SIEM review
o Internal vulnerability scan
o Card holder data scan
o Wireless scan
o Incident management review
o Patch management review
• Ensure completeness of risk assessment to the IT related changes and enhancements.
• Coordinate with vendors on information security related assessment.
• Develop and Maintain security standards, policies and reviews.
• Monitor and investigate SIEM logs and alters of system logins, Active directory, CMS, Firewall, IPS and etc.
• Serve as an internal information security consultant.
• Coordination between the security vendors and IT team.
• Cooperation with IT in devising and implementing new solutions and related roadmaps.
• Backup in absence of Head of Department.
• Assist in forming Information Security Strategic plan and arrange for reviews and updates.
• Develops, implement and manage security standards, baselines, procedures, policies and guidelines for multiple platforms and systems environments.
• Ensures ongoing integration of Information Security and business strategies.
• Perform continues risk assessment and audits to ensure that sites, infrastructure or system are adequately secured.
• Monitor and analyze security events and logs to identify threats or weaknesses.
• Perform security administration tasks on user accounts, data and systems.
• Acquire profound knowledge of current and future Information Security controls, technology, threats and trends. Identify areas of improvement or weakness and assess their impact on LMRA IT environment in form of research and reports.
Main duties:
• IT General Controls review
• Data Analysis and Integrity review
• Penetration Test
• Infrastructure security review
• Assist in courses provided by KPMG
Sample of clients performed security and audit activates with:
• APICORP, Saudi Arabia (IT General Control Review)
• BATELCO(Assist in ACL Training, Database review, IT General Control Review, Specific System Review)
• National bank of Bahrain (Raffle draw review using ACL Application)
• Standard Chartered (IT General Controls)
• Bahrain Islamic Bank (IT General Controls)
• Korea Exchange Bank (IT General Controls)
• GFH (System Implementation Review)
• Al Salam Bank (Penetration Test)
• Saudi National Commercial Bank (IT General Control Review)
• Khaleeji Finance House (IT General Control and Network Review)
• Bahrain Stock Exchange (IT General Control and Network Review)
• SICO (It General Control Review)
• ARIG (IT General Control Review)
• Trust Reinsurance (IT General Control Review)
• Solidarity (IT General Controls)
Manage all IT activities including
• Domain Management
• Help Desk
• Backup
• Database Management
• Access Control
• Network
• Internet connection
perform the admin side after policy signed