Information Security & Business Continuity Manager/Risk Division
Islamic International Arab Bank
Total years of experience :27 years, 9 Months
• Managing PCI-DSS project
• Perform information security risk assessments and serves for security issues
• Implements information security policies and standards
• Contributing in IT Governance (COBIT) project
• Monitors compliance with information security policies, referring problems to the appropriate department manager
• Member in all projects regarding information security
• Monitors the internal control systems to ensure that appropriate access levels are maintained
• Assess the various information technology risks that the Bank faces in its operations and implement action plans, policy and procedural changes for risk avoidance and mitigation
• Track action steps and ensure that findings are remediated appropriately and in a timely manner
• Identify current and potential legal and regulatory requirements affecting information security.
• Establish internal and external reporting and communication channels that support information security.
• Establish a process for information asset classification and ownership.
• Ensure that threat and vulnerability evaluations performed on an ongoing basis
• Identify and periodically evaluate information security controls and countermeasures to mitigate risk to acceptable levels.
• Establish online and face-to-face training programs to ensure that all employees awareness of their information security responsibilities.
Business Continuity
• Develop and implement the overall enterprise business continuity strategy
• Develop and maintain all enterprise business continuity policies, standards, procedures, and guidelines
• Designs and implements accurate and thorough BCM risk assessments and impact analyses; and integrates this work into enterprise-wide risk assessments
• Use extensive business and industry knowledge to identify latest best practices for maintaining operational resiliency during disruptive events
• Coordinate all business units on the creation and maintenance of their business continuity plans
• Oversee the planning, coordination and scheduling of business continuity exercises to validate plans, requirements and overall readiness
• Work in coordination with the IT DR team to define the requirements for business continuity requirements as they affect IT disaster recovery planning
• Establish an on-going training program to ensure employee awareness of their business continuity responsibilities. Ensure all personnel with specific business continuity responsibilities are adequately trained to fulfill those responsibilities
• Ensure all employees are familiar with the relevant provisions of the business continuity plans.
• Represents BCM program needs, responsibilities, challenges
• Designs and evolves BCM program to integrate into daily operations, and maintains that integration in swiftly evolving needs, using tools, procedures, relationships, and other techniques
• Conducting ISO 22301 standard
• Determining, negotiating and agreeing on in-house quality procedures, standards and specifications
• Interpret and implement quality assurance standards
• Detects and escalates policy violations
• Plan, conduct and monitor testing and inspection of materials and products to ensure finished product quality
• Review the implementation and efficiency of quality and inspection systems
• Monitor risk management activities
• Responsible for document management systems
• Assure ongoing compliance with quality and industry regulatory requirements
• Security and documentation related projects management
• Contracts management
• Manages the team of quality assurance and control
• IT audit requirements fulfillment management and follow up
• Evaluate audit findings and implement appropriate corrective actions
• Establishing and enhancing disaster recovery plan
• Creation of project proposals (RFPs, RFQs, RPIs), statements of work, service level agreements (SLAs), operational level agreements (OLAs)
• Contributing in building the Business Continuity and Disaster Recovery strategic plans
• Participation of implementing related projects management and implementation roles.
• Participation in IT strategic and yearly plans
• Contribution of IT budget estimation.
• Lecturer for computer science subjects
• Network infrastructure project management
• Computer labs management
• Tenders and contracts management
• Virtual university project supervisor
• Contributing in getting the quality assurance certification in IT
• UNIX training courses
• UNIX and database servers support
Grade: 3.4 out of 4
Grade: 79.2 very good