Submitting more applications increases your chances of landing a job.

Here’s how busy the average job seeker was last month:

Opportunities viewed

Applications submitted

Keep exploring and applying to maximize your chances!

Looking for employers with a proven track record of hiring women?

Click here to explore opportunities now!
We Value Your Feedback

You are invited to participate in a survey designed to help researchers understand how best to match workers to the types of jobs they are searching for

Would You Be Likely to Participate?

If selected, we will contact you via email with further instructions and details about your participation.

You will receive a $7 payout for answering the survey.


User unblocked successfully
Wessam Allam, Enterprise Cybersecurity Architecture & Delivery Lead — Security Architecture, Delivery & Operations

Wessam Allam

Enterprise Cybersecurity Architecture & Delivery Lead — Security Architecture, Delivery & Operations·Confidential

United Arab Emirates

Bachelor's degree, Engineering

Work experience

Total years of experience: 17 years, 7 months

Enterprise Cybersecurity Architecture & Delivery Lead — Security Architecture, Delivery & Operations

February 2024 - Present

Confidential

Abu Dhabi, United Arab Emirates

February 2024 - Present

Serve as the lead delivery of the enterprise security function across 18 group companies, reporting to the Group VP of Cybersecurity, directing the architecture, SOC operations, execution, and delivery of security programs across three specialist operations teams: Vulnerability & Patch Management (VMAS), Infrastructure Security, and Cloud Security. Set security architecture, reference architectures, and control standards spanning network, cloud, infrastructure, identity, and OT, and govern end-to-end delivery across hybrid teams of internal engineers, 2 MSSPs, and specialist vendors, managing SLAs, KPIs, scope, and an $18M+ security portfolio.

 Operational Management: Lead VMAS, Infrastructure Security, and Cloud Security teams, driving service improvement and architecture evolution.
 Group Information Security Strategy: Defined and drove the Group information security strategy setting technical direction on security architecture, cloud, infrastructure, and network segmentation, making and owning decisions across all entities and environments.
 Zero Trust, Connectivity Transformation & Automation Programs: Led enterprise Zero Trust program establishing vendor capability coverage model, target architecture, and prioritized remediation roadmap, driving group-wide connectivity decentralization eliminating MPLS hub dependency and leveraging automation, orchestration, and AI-driven analytics via XSOAR to enhance detection and reduce manual handling.
 Infrastructure & Connectivity Transformation: Drive group-wide infrastructure transformation initiatives, leading architecture evolution and decentralization programs to eliminate single points of failure.
 Security Architecture & Governance: Defined and owned enterprise-wide security architecture, reference architectures, cloud guardrails, and control standards spanning infrastructure, cloud, and vulnerability management acting as primary IT counterpart to GRC ensuring technical controls addressed risks and audit findings.
 Enterprise Assessment Programs: Directed a structured enterprise-wide security assessments across cloud, endpoint, application, and infrastructure domains covering Cloud Security Posture, Zero Trust maturity, EASM, penetration testing, BCP/DR readiness reviews, firewall rule-base reviews, evaluating AI-native features across the security stack including AI platform readiness assessment (Azure OpenAI, Defender for AI) and regulatory compliance gap analyses. Integrated Tenable with manual gap analysis reconciling coverage delta against Azure EDR, & driving configuration hardening. Consolidated security management toward single-pane-of-glass model.
 CyberArk PAM Transformation: Transformed privileged access governance enterprise-wide by establishing automated violation response, Just-in-Time controls, and high-risk detection use cases covering credential misuse, privilege escalation, and anomalous behavior, reducing insider threat exposure.
 Business Continuity/Disaster Recovery (BCP/DR) & Cyber Resilience: Led major cyber resilience programs including BCP/DR framework, identifying geopolitical resilience gaps, overseeing DR testing and operational readiness, and authoring cross-border DC architecture proposal for Group VP review, serving as executive technical lead during major cyber incidents ensuring coordinated response, containment, and recovery.
 Threat-Informed Vulnerability Management (TIVM): Led development of a custom TIVM model combining Tenable CVE/CVSS with Anomali threat intelligence and asset criticality, integrating with Azure EDR, ServiceNow, BigFix, and Ivanti into a unified automated remediation workflow.
 Penetration Testing & Red Team: Oversaw enterprise penetration testing, red team programs and adversary simulation, directing MSSP execution combining findings with TIVM model outputs to risk-prioritize remediation.

Company industry:
Oil & Gas
Job role:
Oil and Gas

Enterprise Cybersecurity Architecture & Delivery Lead — Security Architecture, Delivery & Operations

January 2024 - Present

Confidential

Abu Dhabi, United Arab Emirates

January 2024 - Present

Serve as the lead delivery of the enterprise security function across 18 group companies, reporting to the Group VP of Cybersecurity, directing the architecture, Operations, execution, and delivery of
security programs across three specialist Operations teams: Vulnerability & Patch Management (VMAS), Infrastructure
Security, and Cloud Security. Set security architecture, reference architectures, and control standards spanning
network, cloud, infrastructure, identity, and OT, and govern end-to-end delivery across hybrid teams of internal
engineers, 2 MSSPs, and specialist vendors, managing SLAs, KPIs, scope, and an $18M+ security portfolio.
• Security Operations (SOC): Lead a 24/7 VMAS, Infrastructure Security, and Cloud Security teams, driving
service improvement and architecture evolution.
• ISMS & GRC: Own security architecture, control standards, and ISMS-aligned governance (ISO/IEC
27001), acting as primary technical counterpart to GRC for risks and audit findings.
• Network, OT/IoT & Infrastructure Security: Direct firewalls, segmentation, IDS/IPS, VPN, NAC, DDoS,
and secure-by-design/Zero-Trust across IT and OT/IoT environments; hardened baselines and consolidated
300+ firewalls.
• Connectivity & Architecture Transformation: Led group-wide connectivity decentralization eliminating
single-point-of-failure hub dependency, delivering a decentralized Zero Trust architecture with direct per
entity access and reduced latency.
• Identity & Privileged Access: Operate CyberArk PAM (automated violation response, Just-in-Time) and
govern identity controls and joiner-mover-leaver with IT.
• Vulnerability, Patch & Configuration: Own the end-to-end vulnerability lifecycle via the TIVM program
(Tenable, Anomali, ServiceNow, BigFix, Ivanti), coordinating patch and configuration management to SLAs.
• Incident Response & Resilience: Executive technical lead during major incidents, containment,
eradication, recovery, post-incident review integrated into BCP/DR.
• DevSecOps & Application Security: Embed SAST/DAST (Fortify), SCA (Black Duck), and CI/CD security
gates in Azure DevOps, achieving 100% security-validated deployments.
• Cloud Security: Led Azure Cloud Security Posture Assessment (73% non-compliance identified across 36
controls), delivering a Zero Trust target architecture and EASM.
• Penetration Testing & Red Team: Oversaw enterprise penetration testing, red team, and adversary
simulation programs, combining findings with TIVM outputs to risk-prioritize remediation.
• Compliance, Audit & Reporting: Account for operational effectiveness of technical controls during audits;
document incidents, exceptions, and risks and report through security KPIs/KRIs to executive leadership.
• People, Budget & Vendors: Lead and develop a high-performing team; accountable for the cyber budget
($18M+ portfolio), vendor SLAs, and ROI-driven tooling decisions.
• M&A Security Integration: Led M&A security integration, minimum standards, and onboarding into
enterprise governance.

Company industry:
Oil & Gas
Job role:
Oil and Gas

Lead Cyber Security Architect

February 2023 - January 2024

Thales

Abu Dhabi, United Arab Emirates

February 2023 - January 2024

Served as Lead Cybersecurity Architect on strategic governmental and defense security architecture engagements across highly classified and regulated environment directing enterprise cybersecurity framework design and delivery across complex, highly regulated environments. Led solution selection, compliance assurance, and client advisory aligned with UAE IA NESA, OWASP ASVS, DESC, NIST, ISO, and CIS frameworks.
 Security Architecture Delivery - Governmental and Defense Engagements: Architected and delivered enterprise cybersecurity frameworks for governmental and defense clients covering security architecture, governance, and compliance alignment across critical infrastructure, including HLD and LLD design.
 Technical Design Authority and Engineering Guidance Acted as technical authority across security architecture engagements, reviewing and validating detailed technical designs, configurations, and implementation approaches across networks, applications, and infrastructure.
 SDLC Security Integration: Led security integration into client SDLC programs embedding controls at design, development, and deployment stages to strengthen application and system security posture.
 Solution Selection & Validation: Directed enterprise cybersecurity tooling selection and validation processes evaluating and recommending solutions aligned with requirements, budget parameters, and regulatory.
 Security Assessments & Pen Testing: Directed comprehensive security assessments and penetration testing programs across client networks, applications, and infrastructure delivering actionable remediation roadmaps.
 Client Advisory & Awareness: Advised stakeholders at executive and technical levels on security posture, compliance gaps. Designed & delivered cybersecurity awareness programs across governmental organizations.

Company industry:
Cyber & Network Security
Job role:
Consulting

Lead - Cyber Security Architecture and Delivery

January 2023 - January 2024

Thales

Abu Dhabi, United Arab Emirates

January 2023 - January 2024

Lead Cybersecurity Architect and delivery manager on governmental and defense engagements across highly
classified, regulated, critical-infrastructure environments, aligned with UAE IA/NESA, DESC, OWASP ASVS,
NIST, ISO, and CIS.
• Technical Design Authority: Architected and validated enterprise security frameworks, technical designs,
and configurations across networks, applications, and infrastructure (HLD/LLD).
• Assessments & Penetration Testing: Directed security assessments and penetration testing with
actionable remediation roadmaps; advised executive and technical stakeholders on posture and compliance
gaps.

Company industry:
Telecommunications

vCISO | Director Cyber Security Architecture & Advisory - Strategic Programs and Initiatives

April 2018 - January 2023

Orange Business Services

eu,0,0

April 2018 - January 2023

Led end-to-end strategic cybersecurity architecture and advisory programs across APAC, EMEA, & AMER. Scoping, designing, and delivering multi-million dollar security programs and enterprise-grade security solutions for large enterprise and government clients across telecommunications, energy, petrochemical, financial services, and government sectors. Directed teams of architects, consultants, and project managers delivering multi-million-dollar security programs to schedule and budget.
 Cloud Security Infrastructure: Led and built the first Orange next-generation cloud security datacenters for strategic customers delivering virtual firewalls, remote access services, global WAF, IDS/IPS, cloud SIEM, and reverse proxy services, driving cloud security transformation across the customer base.
 Datacenter Consolidation: Led consolidation of 100+ local datacenters into regional and Azure cloud datacenters reducing infrastructure costs by more than 50% within 12 months.
 Program & Team Leadership: Managed up to 10 concurrent project teams annually delivering security programs to schedule and budget, increasing efficiency by 15% and driving a 10% increase in CSAT.
 Security Architecture Delivery: Led, scoped, and delivered 20+ enterprise security architecture programs across critical infrastructure, cloud, and OT environments including Defense-in-Depth models, cloud security blueprints, architecture and topology reviews.
 Compliance & Governance Frameworks: Delivered security architecture assessments and compliance engagements aligned with NIST CSF, ISO 27001, and GDPR spanning HLD/LLD design, security configuration audits, and regulatory compliance reviews across multiple industries and regions.
 Strategic Partnerships: Collaborated with technology partners to architect cybersecurity solutions aligned with client business objectives spanning telco, energy, financial services, and government sectors.

Company industry:
Telecommunications
Job role:
Information Technology

Regional Practice Lead — Cyber Security Architecture & Advisory

January 2018 - January 2023

Orange Business Services

Abu Dhabi, United Arab Emirates

January 2018 - January 2023

Led strategic cybersecurity architecture and advisory programs across APAC, EMEA, and AMER for large
enterprise and government clients across telecom, energy, petrochemical, financial services, and government
— including critical-infrastructure and OT environments.
• Cloud Security Datacenters: Built Oranges next-generation cloud security datacenters delivering virtual
firewalls, VPN, global WAF, IDS/IPS, cloud SIEM, and reverse proxy services.
• OT & Critical Infrastructure: Delivered 20+ enterprise security architecture programs across critical
infrastructure, cloud, and OT, including Defense-in-Depth blueprints.
• Datacenter Consolidation: Consolidated 100+ datacenters into regional and Azure cloud, reducing
infrastructure cost 50%+ within 12 months.

Company industry:
Telecommunications

Country Information Security Manager

June 2016 - January 2023

Orange Business Services

Cairo, Egypt

June 2016 - January 2023

Served as in-country Information Security Manager — member of a dedicated security tiger team reporting to the CSO and CEO.
Accountable for protecting the organization’s internal security posture, 3, 000+ on-site employees, and local datacenter infrastructure against threats and vulnerabilities. This includes responsibility for effective cyber security resilience & management and driving relevant Security improvement programs, ensuring these are clearly understood and met company policy & strategy wide.
 Security Awareness & Social Engineering: Designed and delivered an enterprise-wide security awareness program for 3, 000+ employees including regular social engineering exercises to test and improve organizational resilience as part of the ISO 27001 audit cycle.
 Vulnerability Management: Owned the end-to-end vulnerability management process monitoring the threat landscape, updating controls as risks evolved, and reporting status to executive leadership.
 Security Committee Leadership: Chaired the in-country Security Committee for social engineering and security awareness coordinating cross-functional stakeholders and driving action on improvement priorities.
 Security Strategy & Risk Governance: Driving security improvement programs aligned with company policy and regulatory obligations.
 Compliance & Regulatory Adherence: Ensured all security controls complied and supporting ISO 27001 audit requirements and maintaining continuous compliance posture across the country operation.
 Executive Reporting: Delivered regular briefings to CSO and CEO on organizational threat posture, vulnerability status, and compliance position.

Company industry:
Telecommunications
Job role:
Security

Cyber Defense Operations Manager

October 2015 - March 2018

Orange Cyber Defense

eu,0,0

October 2015 - March 2018

Built, Launched and managed the DSOC. Dedicated Security Operation Center, a new Business next generation cyber security operation Unit of Orange Business Services dedicated specially for multi-million dollars diamond customers. Corporate direction - dedicated to Secure the multimillion dollars Orange diamond customers multi-geography infrastructures and their business and ensure adherence to the Information Security strategy and management of the total security threat landscape. .  Ensured team deliver successful implementation & support for security solutions which led to a great success of a 100M dollar contract renewal and increased scope of activities.  Established SOC KPIs, & provided weekly and monthly reports Team Key Performance Indicators (KPIs).  Defined a framework for risk, Change & Incident management for handling & implementing security solutions.  Oversee process to ensure the Service Level Agreements (SLAs) and (OLAs) are met by support teams.  Developed & Defined Security Processes, Procedures, Standards & guidelines and created a cyber SOC knowledge base along with playbooks.  Developed, led and planned BCP/DR (Business continuity plans) for 5 datacenters and 1000 Local sites.  Led complex security projects including requirements definition, task planning, & implementation

Company industry:
Management Consulting
Job role:
Consulting

Network Security & Engineering

October 2015 - January 2018

Orange Cyber Defense

Cairo, Egypt

October 2015 - January 2018

Built, launched, and managed a next-generation dedicated SOC protecting Oranges multi-geography enterprise
customers.
• SOC Build & BCP/DR: Established the SOC operating model, KPIs, playbooks, and incident-management
frameworks; led BCP/DR for 5 datacenters and 1, 000 sites, contributing to a $100M contract renewal.

Company industry:
IT Services

Senior Network Security & Security Analyst Engineer

January 2010 - September 2015

Orange Business Services - Egypt

Cairo, Egypt

January 2010 - September 2015

Supported and managed Security Solutions for multinational large enterprises across different countries. Support for around 20+ various security products on 24 x 7 basis, and analyzed and managed cyber threat events:

Company industry:
Business Consultancy Services
Job role:
Information Technology

Senior Network Security Analyst Engineer

January 2010 - January 2015

Orange Business Services - Other Locations

Cairo, Egypt

January 2010 - January 2015

Company industry:
Cyber & Network Security

Speaker

January 2013 - January 2013

Cairo Security Camp 2013

Cairo, Egypt

January 2013 - January 2013

Building Building Secure Cloud
Infrastructure. Hacking Techniques & Mitigation.

Company industry:
Management Consulting

Security Infrastructure Engineer

January 2007 - January 2008

Advanced integrated systems

Cairo, Egypt

January 2007 - January 2008

Company industry:
Cyber & Network Security

Education

Helwan University

January 2006

January 2006

Bachelor's degree, Engineering

Egypt

GPA (percentage): 70%

GPA (percentage): 70%

Bachelor of Engineering

Faculty of Engineering, Helwan University

January 2006

January 2006

Bachelor's degree, Engineering

Egypt

Skills

Managed Security Services
Expert
Managed Security Services
Expert
Mobility Solutions
Expert
Mobility Solutions
Expert
Penetration Testing
Expert
Penetration Testing
Expert
Security Infrastructure
Expert
Security Infrastructure
Expert
Network Security
Expert
Network Security
Expert
FIREWALLS
Expert
FIREWALLS
Expert
INFORMATION SECURITY
Expert
INFORMATION SECURITY
Expert
MANAGEMENT
Expert
MANAGEMENT
Expert
NETSCAPE ENTERPRISE SERVER
Expert
NETSCAPE ENTERPRISE SERVER
Expert
NEXT
Expert
NEXT
Expert
PROXY SERVER
Expert
PROXY SERVER
Expert
STRATEGIC
Expert
STRATEGIC
Expert
ACTIVE DIRECTORY
Expert
ACTIVE DIRECTORY
Expert
AUTOMATE
Expert
AUTOMATE
Expert
DATABASE ADMINISTRATION
Expert
DATABASE ADMINISTRATION
Expert
Cybersecurity programs
Expert
Cybersecurity programs
Expert
Transfornation
Expert
Transfornation
Expert
Architecture
Expert
Architecture
Expert
Governance
Expert
Governance
Expert
NIST
Expert
NIST
Expert
Vendor managment
Expert
Vendor managment
Expert
Intiatives
Expert
Intiatives
Expert
Emerging technologies
Expert
Emerging technologies
Expert
Disaster recovery
Expert
Disaster recovery
Expert
Business continuity
Expert
Business continuity
Expert
Managed Security Services
Expert
Managed Security Services
Expert
Mobility Solutions
Expert
Mobility Solutions
Expert
Penetration Testing
Expert
Penetration Testing
Expert
Security Infrastructure
Expert
Security Infrastructure
Expert
Network Security
Expert
Network Security
Expert
ARTIFICIAL INTELLIGENCE
Intermediate
ARTIFICIAL INTELLIGENCE
Intermediate
CLOUD COMPUTING
Intermediate
CLOUD COMPUTING
Intermediate
COMPUTER PROGRAMMING
Intermediate
COMPUTER PROGRAMMING
Intermediate
COMPUTERIZED ACCOUNTING
Intermediate
COMPUTERIZED ACCOUNTING
Intermediate
CYBER SECURITY
Intermediate
CYBER SECURITY
Intermediate
IT SECURITY ARCHITECTURE
Intermediate
IT SECURITY ARCHITECTURE
Intermediate
NETWORK MANAGEMENT
Intermediate
NETWORK MANAGEMENT
Intermediate
NETWORK SECURITY SPECIALIST
Intermediate
NETWORK SECURITY SPECIALIST
Intermediate
OPERATIONS
Intermediate
OPERATIONS
Intermediate
SOLUTION ARCHITECTURE
Intermediate
SOLUTION ARCHITECTURE
Intermediate

Social profiles

Personal Website
Personal Website

Languages

Arabic

Expert

English

Expert

French

Expert

Training and Certifications

Certifications
CompTIA Security+
Certified Malware Reverse Engineer
Licensed Penetration Tester (LPT)
Certified Security Analyst (ECSA)
ITIL Foundation v3 Offensive & Technical: Certified Ethical Hacker (CEH)
ISO/IEC 27001 Senior Lead Implementer
CISM
Leadership & Governance: CISSP
CISM
ISACA
CISM
Mar 2021