Global Director, Governance, Risk and Compliance
Colliers International
Total years of experience :12 years, 5 Months
Key Responsibilities:
• Develop and enhance the organizations IT governance framework, ensuring alignment with corporate strategy.
• Collaborate with executive leadership to establish governance policies and procedures.
• Develop and update governance, risk, and compliance policies in alignment with industry standards.
• Lead the development and implementation of a comprehensive enterprise IT risk management (IT-ERM) program.
• Identify, assess, and prioritize risks across all business units and geographies.
• Collaborate with business units to develop risk mitigation strategies and action plans.
• Collaborate with legal teams to comply with regional and global data protection and privacy laws.
• Ensure the organizations compliance with relevant laws, regulations, and industry standards.
• Monitor changes in the regulatory landscape and assess their impact on the business.
• Develop and implement compliance training programs for employees.
• Implement effective monitoring mechanisms to track and report on key GRC metrics.
• Prepare and present regular reports to executive leadership and the board on GRC performance.
• Lead audit and compliance efforts with privacy and security international standards and regulations.
• Lead internal audit programs.
Key Achievements and Responsibilities:
• Global Information Security Program (ISMS):
• Established and maintained a robust global information security program, adhering to industry standards and frameworks such as NIST Risk Management Framework and ISO 27001-2.
• Proposed changes to existing policies and procedures to enhance operating efficiency and ensure regulatory compliance.
• Incident Response and Management:
• Established and maintained the global incident response and disaster recovery plans.
• Established and maintained the global business continuity plans.
• Managed production issues and incidents, actively participating in problem and change management forums, and responding promptly to security and privacy-related incidents.
• Legal and Regulatory Compliance:
• Provided support and guidance for legal and regulatory compliance efforts, including audit support.
• Security and Privacy Governance:
• Developed and implemented security and privacy governance processes, including policies, procedures, and guidelines, fostering a culture of compliance and accountability.
• Collaborated with legal teams to develop privacy protocols to comply with GDPR, PIPEDA, PIPA, etc.
• Privacy Impact Assessment (PIA):
• Conducted thorough Privacy Impact Assessments to evaluate potential impacts of new projects, systems, and processes on individual privacy, ensuring adherence to regulatory requirements.
• Risk Management:
• Built and maintained a global risk management framework, providing a comprehensive overview of risks and threats in the enterprise environment.
TAMER NAGY 3
• Vendor Relationship Management:
• Ensured vendor compliance with contracted service-level agreements and facilitated the sourcing of new vendors to address unique security challenges.
• Threat Landscape Analysis (Vulnerability Management):
• Led the process of gathering, analyzing, and assessing the current and future threat landscape, providing a realistic perspective on risks and threats.
• Reporting and Compliance:
• Prepared quarterly reports on Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs), monitored, and reported on compliance with security policies.
• Team Leadership:
• Managed a skilled team of information security professionals, overseeing recruitment, training, performance reviews, and providing leadership and coaching for technical and personal development.
• Security Communication and Training:
• Provided effective security communication, awareness, and training programs for diverse audiences, fostering a security-conscious organizational culture.
• Financial Planning:
• Developed budget projections based on short and long-term goals and objectives, optimizing resource allocation for maximum efficiency.
Key Achievements and Responsibilities:
• Global Security Management Strategy:
• Developed and implemented a comprehensive global security management strategy and framework, aligning security initiatives with business goals.
• Governance and Compliance:
• Established governance practices and global security directives to achieve regional compliance with local regulations and stakeholder requirements.
• Technology Process Support:
• Provided strategic support for technology processes, including network, infrastructure, and cloud security, ensuring a cohesive and resilient security posture.
• Security Threat Management:
• Led efforts to detect, prevent, and react to current and emerging security threats, ensuring a proactive stance in addressing cyber risks.
• Compliance Programs:
• Oversaw compliance programs for ISO 27001 and SOC 2, ensuring adherence to industry standards and regulatory requirements.
• ISO 27001 Implementation:
• Developed and managed the ISO 27001 implementation and compliance program, driving a culture of continuous improvement in security practices.
• Project Senior Role:
• Played a vital role as a project senior in various domains, including cyber security, privacy protection, internal audits, business continuity, and disaster recovery planning.
• Cyber Security Incident Response:
• Developed global Cyber Security Incident Response plans and playbooks for responding effectively to cyber-attacks.
• Internal Audits and Assessments:
• Designed and performed regular internal audits on security controls, ensuring ongoing effectiveness and alignment with industry standards.
• Security Risk Management:
• Developed the security risk program, security metrics, and key risk indicators, actively reviewing and assessing operational and strategic risks.
• Risk Assessments and Frameworks:
TAMER NAGY 4
• Conducted risk assessments using frameworks such as NIST 800-53, ISF, and Cloud Security Alliance STAR, ensuring a comprehensive understanding of potential threats.
• Legal Collaboration:
• Collaborated with the global legal team to develop privacy protocols compliant with GDPR, PIPEDA, PIPA, and HITECH, HIPAA.
• Security Awareness Training:
• Designed and implemented Security Awareness Training Programs and Phishing Campaigns to enhance organizational resilience.
• Continuity of Operations:
• Ensured the preparation and maintenance of plans and procedures for continuity of operations, minimizing disruptions in the face of unforeseen events.
• Security Monitoring and Reporting:
• Utilized security monitoring tools like Tanium, MCAS, Microsoft Sentinel, and Microsoft Azure for identity protection, conducting threat hunting and incident response.
• Vendor Management:
• Participated in the vendor selection process, reviewing security and privacy sections in contracts, and responding to clients requests and questionnaires.
• Team Leadership and Coaching:
• Successfully coached and managed a team of junior security analysts, fostering professional development and a collaborative work environment.
• Performance Reporting:
• Prepared quarterly reports on security performance, providing insights and metrics to support informed decision-making.
Key Achievements and Responsibilities:
• Technical Controls Management:
• Managed information security technical controls, overseeing Anti-Malware, SIEM, Network/Host IPS/IDS, Data Loss Prevention, Advanced Threat Solutions, and e-certificates.
• Policy and Procedure Development:
• Developed comprehensive procedures and policies for various information security and risk management domains, ensuring alignment with industry best practices.
• Vulnerability Testing and Risk Analysis:
• Conducted vulnerability testing, risk analysis, and security assessments, proactively identifying, and mitigating potential security threats.
• Audit Development:
• Developed IT, operational, fraud, and compliance audits, fostering a culture of continuous improvement in security processes.
• Security Best Practices Implementation:
• Implemented security best practices to ensure the availability of ICT services, minimizing vulnerabilities and enhancing overall security posture.
• Compliance Management:
• Handled compliance-related queries and ensured proper internal controls across the company, fostering a compliant and secure operational environment.
• Integration in IT Projects:
• Integrated information security in all IT projects, collaborating with cross-functional teams to embed security measures from project initiation.
• Risk Assessment and Mitigation:
• Conducted risk assessments and provided risk mitigation strategies to minimize losses due to ineffective process design, ensuring a proactive approach to risk management.
• Security Audits:
TAMER NAGY Page 5
• Determined security violations and inefficiencies by conducting periodic audits, implementing corrective actions to address identified issues.