Cyber Assurance Manager / Deputy Head of IT Security
BAE Systems Saudi Arabia
Total years of experience :15 years, 7 Months
Provide Security Assurance to the business overseeing all elements of cyber security including the Security Operations Team (SOC), lead internal and external investigations, Supplier & Service Provider management, Security Architecture and project delivery. Deputise for the Head of Information Security ensuring continuous improvement to the business and alignment to contractual, regulatory and compliance requirements. Conduct assurance reviews across the business and Key Partnering Companies (KPC) ensuring relevant Information Security standards and requirements are met. Oversee, manage and lead the Insider Threat programme across the business.
Key Achievements:
Successful implementation an Insider Threat Programme for the business which was later adopted to be the gold standard across BAE Systems
Chairman’s Award for the successful implementation of a robust data recovery and Ransomware Protection solution
Companywide rollout of NIST Cyber Security standards 800-53
Responsible for developing and implementing the Information Security Strategy aligned with the business strategy. Present departmental successes and challenges to seniors and board members regularly. Providing the business with a trusted advisor support in all matters pertaining to Business Information Security and incident management. Developed and managed the security-operating centre (SOC) including delivery of the SOC and overseeing recruitment and management of the team members. Managed suppliers and service providers through regular engagement and active coordination. Assured the business of compliance with industry, regulatory and corporate standards.
Key Achievements:
Developed a companywide Insider Threat Programme.
Increased cyber security functionality in KSA by establishing a local security operation centre.
Established and developed an integrated incident management and investigation solution across the business and key functions
Responsible for developing and implementing the Information Security Strategy aligned with the business strategy. Present departmental successes and challenges to seniors and board members regularly. Providing the business with a trusted advisor support in all matters pertaining to Business Information Security and incident management. Developed and managed the security-operating centre (SOC) including delivery of the SOC and overseeing recruitment and management of the team members. Managed suppliers and service providers through regular engagement and active coordination. Assured the business of compliance with industry, regulatory and corporate standards.
Key Achievements:
Developed a companywide Insider Threat Programme.
Increased cyber security functionality in KSA by establishing a local security operation centre.
Established and developed an integrated incident management and investigation solution across the business and key functions
Oversaw information security technical architecture to ensure correct formation of security specifications and guidelines. Ensured compliance with ISO27001 to safeguard data from threats. Created and managed certificates through PKI instructions and technical architecture designs. Thoroughly evaluated initiatives together with implementing an identity and access management solution to create a roadmap for customers. Examined and conducted information security risk management to address threats to the business and implemented a suitable risk treatment plan. Provided expert advice to customers regarding PKI implementation and information security requirements. Collaborated with third party vendors to monitor penetration and vulnerability tests for customers and company environment.
Key Achievements:
Improved business process and efficiency by developing a baseline risk management tool.
Attained ISO27001 Certification for the company and aided Royal Mail in achieving the same, including risk management and developed the Statement of Applicability (SOA).
• Act as the Information security governance authority across projects and initiatives
• Oversee IT health checks, penetration and vulnerability tests across multiple environments
• Carried out Qualitative and Quantitative risk assessments across the business utilising multiple methods including HMG IS1 & IS2 Risk Management tool and implement risk treatment plans
• Represent BAE Systems - Maritime at customer & stakeholder meetings
• Review and standardise IT Security Policies, Processes and Standards across the business
• Successful implementation and maintenance of ISO27001 certification across multiple sites
• Assist the Head of Security in IT security breach investigations
• IT Security Governance across multiple projects and initiatives
• Establish and maintain policies, processes and security operating procedures across projects
• Produce and deliver IT Security plans to support business requirements
• Implement and deliver IT Security guidance to onsite Technicians
• Responsible for Risk Management and Accreditation
• Responsible in mitigating IT security risks to the business
• Responsible for the overall domain Infrastructure
• Managed system accreditation to HMG Security Policy Framework
• Represent the IT Department in the Business Continuity and Disaster Recovery Team
• Present regular status reports to senior stakeholders
Ongoing studying for the MSc Information Security
Information Technology