Total Years of Experience: 12 Years, 10 Months
August 2023
To Present
Cybersecurity and Defense Center Manager
at Jeddah Airports Company ( JEDCO)
Location :
Saudi Arabia - Jeddah
• Manage the SOC team and function for all L1 Monitoring, L2 Analysis, and L3 Incident Response and Digital Forensics 24/7/365 for all IT infrastructure and related third party
• Manage the cybersecurity operations team of the daily tasks and requests
• Alignment between SOC and cybersecurity operations teams for any security incidents to meet KPI, SLA and ensure business continuity and disaster recovery plans
• Report any security incident to all concerned teams and stakeholders for all needed actions and impact remediations
• Daily/ Monthly/ Annual SOC reports to top management and related concerned departments
• Threat Intelligence alignment with SOC function and cybersecurity operations
• Developing SOPs and playbooks for all security incidents and operations
• Implementing, testing, and validation all SEIM and security controls use cases in a daily basis
• Manage all security controls for the daily operations, projects, maintenance and support
• Propose, build, and develop RFP for any required IT security systems
• Comply with Saudi National Cybersecurity Authority (NCA) controls and all related government and aviation regulations
• Manage the cybersecurity operations team of the daily tasks and requests
• Alignment between SOC and cybersecurity operations teams for any security incidents to meet KPI, SLA and ensure business continuity and disaster recovery plans
• Report any security incident to all concerned teams and stakeholders for all needed actions and impact remediations
• Daily/ Monthly/ Annual SOC reports to top management and related concerned departments
• Threat Intelligence alignment with SOC function and cybersecurity operations
• Developing SOPs and playbooks for all security incidents and operations
• Implementing, testing, and validation all SEIM and security controls use cases in a daily basis
• Manage all security controls for the daily operations, projects, maintenance and support
• Propose, build, and develop RFP for any required IT security systems
• Comply with Saudi National Cybersecurity Authority (NCA) controls and all related government and aviation regulations
November 2020
To September 2023
SOC/Information Security Team Leader
at Yanbu Aramco Sinopec Refining (Yasref)
Location :
Saudi Arabia - Yanbu
• Manage the Information Security Ops team
• Manage the Information Security Ops Projects
• Manage the Security Operations Center “SOC” team
• Conduct Daily/Weekly and Monthly meetings with the SOC team
• Report the Information Security Posture and Improvement to the Management
• Review SEIM use cases, Correlations Rules, Playbooks, and security alerts/incidents constantly with the SOC team
• SOC Alignments with IT Security Ops, System, Network, Applications teams, and related parties
• SEIM Integration with Cybersecurity Threat Intelligence Tools /Feeds
• Monitor Saudi CERT, NCA Alerts /Notifications and take actions accordingly
• Integrate all log sources with SEIM system
• Propose Security Orchestration, Automation, and Response “SAOR” system in the SOC Department
• Develop Information Security Maturity Level
• Propose Information Security Technologies and Controls
• Hardening and fine tuning for all security systems
• Documentation of all Information Security Systems
• Conduct Information Security Awareness
• Adherence with Information Security Policies and Procedures
• Manage the Information Security Ops Projects
• Manage the Security Operations Center “SOC” team
• Conduct Daily/Weekly and Monthly meetings with the SOC team
• Report the Information Security Posture and Improvement to the Management
• Review SEIM use cases, Correlations Rules, Playbooks, and security alerts/incidents constantly with the SOC team
• SOC Alignments with IT Security Ops, System, Network, Applications teams, and related parties
• SEIM Integration with Cybersecurity Threat Intelligence Tools /Feeds
• Monitor Saudi CERT, NCA Alerts /Notifications and take actions accordingly
• Integrate all log sources with SEIM system
• Propose Security Orchestration, Automation, and Response “SAOR” system in the SOC Department
• Develop Information Security Maturity Level
• Propose Information Security Technologies and Controls
• Hardening and fine tuning for all security systems
• Documentation of all Information Security Systems
• Conduct Information Security Awareness
• Adherence with Information Security Policies and Procedures
January 2020
To December 2020
OT/ICS Cybersecurity Specialist
at Saudi Air Navigation Services
Location :
Saudi Arabia - Jeddah
• IT/OT Technical Assessment Stream Lead
• Information Security Strategy and Governance
• SOC Development
• Conduct Asset Inventory and Management for all OT Infrastructure
• IT/OT Network Architecture review
• IT/OT Configurations Review
• IT/OT Compromise Assessment
• Information Security Projects (Deploying FortiGate NGFWs, FortiNAC)
• Administration of NGFWs (Paloalto, Fortinet)
• Administration of Endpoint Security (Kaspersky )
• Information Security Strategy and Governance
• SOC Development
• Conduct Asset Inventory and Management for all OT Infrastructure
• IT/OT Network Architecture review
• IT/OT Configurations Review
• IT/OT Compromise Assessment
• Information Security Projects (Deploying FortiGate NGFWs, FortiNAC)
• Administration of NGFWs (Paloalto, Fortinet)
• Administration of Endpoint Security (Kaspersky )
February 2015
To January 2020
Director of the Information Security and Governance Department
at King Abdullah Medical City (KAMC), Information Security and Governance Dept.
Location :
Saudi Arabia - Mecca
• Develop and implement new Systems Security Administration solutions to meet business requirements
• Implement and support the rollout of critical Systems Security Administration systems to support all impacted services, on both a long term and tactical (immediate term) level
• Ensure that Security Administration systems are fully documented and performing as required for internal and customer SLA guarantees and expectations by means of specific metrics and measurements
• Provide technical Systems Security Administration expertise to Product Development and its support to develop new Systems Security Administration product support and enhance existing Systems Security Administration product sets
• Provide 2nd level troubleshooting tasks and support all End user requests under their departmental mandate
• Responsible to support all assigned Systems Security Administration projects within departmental ICT services
• Responsible documenting and reporting status to line manager
• Fulfill Systems Security Administration departmental Service Level Agreement (SLA) ICT services
• Responsible for fulfilling the assigned Systems Security Administration departmental ICT Services or projects to meet KAMC users requirements
• Responsible and team lead new Systems Security Administration technology implementations to improve ICT services
• Monitor Saudi, U.S. CERT and National Cyber Security Center NCSC in MOI announcements/Alerts and apply all Security recommendations immediately.
• Prepare a security awareness program for employees constantly
• Attend and adhere to ICT meeting decisions and attend appointed meetings and committees
• Adhere to any task deemed necessary, which falls within the scope of job
• Comply with all ICT departmental policies and procedures
• Implement and support the rollout of critical Systems Security Administration systems to support all impacted services, on both a long term and tactical (immediate term) level
• Ensure that Security Administration systems are fully documented and performing as required for internal and customer SLA guarantees and expectations by means of specific metrics and measurements
• Provide technical Systems Security Administration expertise to Product Development and its support to develop new Systems Security Administration product support and enhance existing Systems Security Administration product sets
• Provide 2nd level troubleshooting tasks and support all End user requests under their departmental mandate
• Responsible to support all assigned Systems Security Administration projects within departmental ICT services
• Responsible documenting and reporting status to line manager
• Fulfill Systems Security Administration departmental Service Level Agreement (SLA) ICT services
• Responsible for fulfilling the assigned Systems Security Administration departmental ICT Services or projects to meet KAMC users requirements
• Responsible and team lead new Systems Security Administration technology implementations to improve ICT services
• Monitor Saudi, U.S. CERT and National Cyber Security Center NCSC in MOI announcements/Alerts and apply all Security recommendations immediately.
• Prepare a security awareness program for employees constantly
• Attend and adhere to ICT meeting decisions and attend appointed meetings and committees
• Adhere to any task deemed necessary, which falls within the scope of job
• Comply with all ICT departmental policies and procedures
February 2014
To February 2015
IT Internal Auditor
at Saudi Electricity Company
Location :
Saudi Arabia - Jeddah
• Evaluates and provides reasonable assurance that risk management, control, and governance systems are functioning as intended and will enable the organizations objectives and goals to be met
• Reports risk management issues and internal controls deficiencies identified directly to the audit committee and provides recommendations for improving the organizations operations, in terms of both efficient and effective performance
• Evaluates information security and associated risk exposures
• Evaluates regulatory compliance program with consultation from legal counsel
• Evaluates the organizations readiness in case of business interruption
• Maintains open communication with management and the audit committee
• Teams with other internal and external resources as appropriate
• Engages in continuous education and staff development
• Provides support to the companys anti-fraud program
• Reports risk management issues and internal controls deficiencies identified directly to the audit committee and provides recommendations for improving the organizations operations, in terms of both efficient and effective performance
• Evaluates information security and associated risk exposures
• Evaluates regulatory compliance program with consultation from legal counsel
• Evaluates the organizations readiness in case of business interruption
• Maintains open communication with management and the audit committee
• Teams with other internal and external resources as appropriate
• Engages in continuous education and staff development
• Provides support to the companys anti-fraud program
January 2012
To December 2013
Information Security Risk Analyst
at Lewis University
Location :
United States - Illinois
• Conduction Information Security Risk Assessment and Management
• Conducting Asset Inventory and Management
• Conducting Gap Analysis for different Information Security Frameworks such as, ISO 27001, NSIT CSF, and COBIT
• Propose the Countermeasures plan for Risks
• Propose Business Continuity and Disaster Recover Plans
• Vulnerability assessment and Management
• Conducting Information Security Gap Analysis for Security Controls
• Propose Information Security Technologies for different layers (Network, Applications, Systems, End users ...etc.)
Yaser Aljohani Resume
• Conducting Asset Inventory and Management
• Conducting Gap Analysis for different Information Security Frameworks such as, ISO 27001, NSIT CSF, and COBIT
• Propose the Countermeasures plan for Risks
• Propose Business Continuity and Disaster Recover Plans
• Vulnerability assessment and Management
• Conducting Information Security Gap Analysis for Security Controls
• Propose Information Security Technologies for different layers (Network, Applications, Systems, End users ...etc.)
Yaser Aljohani Resume
August 2009
To April 2010
Information Technology Engineer
at National Power Construction Company (NPCC), Information Technology Departmen
Location :
Saudi Arabia - Medina
• Provide advice, assistance and training relevant to the installation, functioning and ongoing maintenance of equipment or software
• Conducting risk assessment and management for different critical operations and departments within the company.
• Suggesting risk countermeasures for the risks that have been detected which threaten the company business and operations.
• Provide contingency plan that prepare company to be able to respond for unexpected incidents/events.
• Assist coworkers with completing work assignments and provided coverage for absent personnel
• Maintain company computers on a weekly basis
• Install Operating System and Software applications as needed
• Provide Technical Support throughout the company
• Prepare technology for meetings.
• Order computer parts to ensure computers stayed online.
• Conducting risk assessment and management for different critical operations and departments within the company.
• Suggesting risk countermeasures for the risks that have been detected which threaten the company business and operations.
• Provide contingency plan that prepare company to be able to respond for unexpected incidents/events.
• Assist coworkers with completing work assignments and provided coverage for absent personnel
• Maintain company computers on a weekly basis
• Install Operating System and Software applications as needed
• Provide Technical Support throughout the company
• Prepare technology for meetings.
• Order computer parts to ensure computers stayed online.
Share on Facebook
Share on Twitter
Share Via Email