Manager - Enterprise Risk Management
VIVA Bahrain
Total years of experience :23 years, 7 Months
Developed ERM Framework in coordination with Deliotte’s ERS and in alignment with ISO 31000 and COSO Framework;
Periodically review and update ERM Framework and liaise with the Audit Committee for approval;
Ensure continual alignment between ERM and other relevant frameworks, such as Information Security Management, Revenue Assurance and Fraud Management, etc.
Provide SME advisory to the Risk Management Committee to define the risk appetite in alignment with the changes in the company’s strategic objectives;
Ensure that ERM process is embedded in key organizational processes, such as the annual Corporate Strategy and Business Planning process;
Liaise with all the departments on risk identification and assessment and the development of risk registers, risk mitigation plans, and Key Risk Indicators;
Lead Risk Management activities for the key corporate projects;
Monitor the progress of mitigation plans and changes in risk exposure of key risks with the mitigation coordinators from all departments;
Maintain the ERM Dashboard to provide ERM information and recommendations to the Risk Management Committee;
Align with IA through exchanging risk registers as an input for the annual IA plan as well as risk assessment;
Develop and deliver ongoing risk management training to ensure embedding ERM process into the operations of all the departments;
Developed and maintain Fraud Whistleblowing Framework;
Developed and maintain the BCM Framework in alignment with ISO22301;
Executed and maintain Business Impact Analysis exercise;
Developed and maintain BCM Strategy;
Facilitate the development and testing of Business Continuity & Disaster Recovery Plans;
Developed and maintain Crisis Management Framework;
Audit Business Continuity capabilities of the key 3rd Parties; and
Plan and execute company-wide initiatives for raising and maintaining awareness of BCM
Managed a team of 5 to
Develop and maintain Risk Management Framework and Charter;
Maintain Corporate Risk Register and Risk Map;
Monitor the progress of mitigating key risks across the company;
Ensure logging all RM-related information into Orange’s global GRC tool (Bwise);
Perform regular technical Risk Assessments;
Develop and maintain Corporate Information Security Policy;
Manage and monitor the development and the execution of ISMS in alignment with the Orange’s Group Information Security Policy and ISO 27001;
Develop and maintain BCM and Crisis Management Frameworks;
Develop and maintain BCM strategy;
Develop, test, and maintain Recovery and Crisis Management Plans;
Audit Business Continuity capabilities of critical 3rd Parties;
Manage the operations of Crisis Management Center;
Coordinate the actions required for the recovery from major incidents;
Conduct Call-Out Tests and Crisis Simulations;
Develop and deliver BCM4U awareness program; and
Develop and deliver Corporate Information Security Awareness.
Managed business development initiatives in the areas of IT Strategy and Information Security Risks, Business Continuity, and Disaster Recovery
Managed cross-functional teams in
o Application advisory engagements
o IT audit engagements
Delivered country training on the new global GRC tool
Managed a team of 6 to
Manage corporate IP Data and Voice Networks and Information Security operations;
Design and supervise infrastructure projects in Egypt, Africa, and Asia; and
Upgrade corporate data center (Data, Information security and IP telephony) infrastructure.
Manage a team of technicians to operate and maintain
Internet international lines and leased lines for governmental authorities
Access and core equipment (modems, routers, and switches)
Operations Management
Computer Science