Consultant GRC, IT & OT Security - Risk Management - Audit & Assurance
IST CONSULTING
Total years of experience :25 years, 5 Months
- Senior GRC / OT Consultant Schneider Electric - Khobar - Saudi Arabia (Two Weeks)
- ExxonMobil Information Technology (EMIT) Consultant for EEPCI - Chad.
- Implementation of Integrated GRC processes and practices to attain principled performance through the evaluation of enterprise context, pain points and triggers and the development of business case to leverage frameworks such as COBIT 2019 and OCEG GRC for enhanced enterprise governance and management, creating value while optimizing risk and resources in alignment with business objectives employing goals cascade and enterprise enablers.
- Help clients integrate IT and information security in their governance and management frameworks and comply with regulatory requirements and international standards in their industry. Frameworks and industry standards include: COBIT 2019, ISO 27000 family, ISO 22301, NIST SP 800 & 1800 series, PCI-DSS, NERC CIP, ISA/IEC 62443,
- Evaluation of business processes and design of effective information security practices and internal controls through the development and implementation of an integrated systems risk management process tailored to the organization risk appetite and risk tolerance for an effective management of IT and business risks for information systems, services and applications employing a holistic approach to risk.
- Deployment of Periodic governance and management dashboards practices and reviews of performance metrics within business scorecard dimensions (BSC) as well as capability and maturity levels assessments based on COBIT 2019 CPM aligned to CMMI v2 and implementation of periodic key controls verifications, gaps identifications and stewardship of action items within a continuous improvement lifecycle process.
- Performance of in-depth network vulnerability assessments using tools such as Nessus and Kali Linux & Metasploit framework (MSF)
- Deployment of Cisco powered Network security solutions using the defense in-depth approach. Perimeter security, Next generation firewalls with deep packet inspection, next generation intrusion prevention systems (IPS), network advanced malware protection (AMP), content filtering, control plane protection (CoPP & CPP), management plane protection, data plane protection, site to site VPN solutions, multisite (DMVPN) solutions, remote access VPN solutions using SSL / IPSEC on ASA and Cisco router, integration of data loss prevention (DLP) solutions.
- Architecture and design of effective Business LAN / WAN campus and data center solutions for high performance, scalable and high availability, employing converged network technologies for LAN and SAN such as FCOE, virtual port channels (vPC), virtual switching system (VSS), FABRICPATH, UNUFIED FABRIC using Cisco Nexus and UCS product lines.
- Design and deployment of Endpoint security solutions within the defense in-depth approach for workstations, servers, mobile devices, MFD network printers, telecommunications systems including IP Telephony and associated security practices of patch management, systems backup and restore practices in line with BCP/DRP.
- Design of security baseline for various infrastructure components via security technical implementation guides (STIG) using latest and proven industry best practices (device hardening, operating system hardening and applications hardening for workstations and mobile devices).
- Deployment of Cyber Security solutions for industrial controls systems (ICS) security for SCADA and DCS in different industrial sectors and in alignment with standards such as NERC CIP, ISA/IEC 62443.
- Business continuity / Disaster Recovery (BCP/DRP), incident management and change management best practices.
- Asset planning and asset management controls and practices for fixed assets, tracked assets, consumables and periodic reconciliations.
- Design and deployment of Facilities and IT Infrastructure physical security and environmental controls practices.
Security and Controls role: Demonstrated ability to build and implement an effective strategy to align local affiliate to corporate information security policies and earned recognition from senior executives from EAME (Europe, Africa and Middle East) operations that led to my election into the regional IT unit internal assessment team.
•Africa & Middle East IT regional Unit Internal Assessments (Internal Audits) for ExxonMobil Information Technology: Managed IT Internal Audit segments during Unit Internal Assessments of (EMIT) Affiliates in Qatar, Equatorial Guinea, Egypt, Nigeria, Chad and Cameroon.
•Corporate policies and procedures: Development and update of information security policies in alignment with Corporate Core policy manual (Red Book) and delivery of annual IT security / cyber security awareness trainings to staff.
•IT Risk Management and internal controls: Managed and lead the stewardship of Risk Assessments for IT systems including the analysis of risks by evaluating vulnerabilities and threats and their likelihood of occurrence and implementing mitigation controls reducing residual risk to acceptable levels according to the risk appetite and risk tolerance of the business.
•Controls dashboard revie Managed the controls stewardship through the elaboration of a Controls Calendar and monitoring Controls compliance through key control verification (KCV) check sheets for each subsystem or application. Monthly reporting showing Key Performance Indicators (KPI) for controls.
Effectively managed a team of engineers and technicians, for the provisioning of network and telecommunications systems for the Chad-Cameroon pipeline project including administrative responsibilities for HSE.
• Telecom and Network Infrastructure design, implementation and commissioning of:
Effectively managed a team of engineers and technicians, for the provisioning of network and telecommunications systems for the Chad-Cameroon pipeline project including administrative responsibilities for HSE.
• Telecom and Network Infrastructure design, implementation and commissioning of:
Technical management of facilities access control system for refinery.
•Remote site satellite telecommunications solutions provisioning for voice and data. (VSAT,
URL removed due to policy violation. Please contact support for further information.