ياسر سلام, IT GRC - CISO

ياسر سلام

IT GRC - CISO

MCIT

البلد
قطر - الدوحة
التعليم
دبلوم, GIAC - GED
الخبرات
11 years, 3 أشهر

مشاركة سيرتي الذاتية

حظر المستخدم


الخبرة العملية

مجموع سنوات الخبرة :11 years, 3 أشهر

IT GRC - CISO في MCIT
  • قطر - الدوحة
  • أشغل هذه الوظيفة منذ نوفمبر 2021

*Provides independent oversight, review and challenge of the cyber risk profile and robustness of the cyber control environment.
*Constructive review and challenge of cyber risk management practices, governance and risk reporting.
*Ensure integrity of reporting and accurate articulation of inherent and residual risks and assessment of controls.
*Express the overall cyber risk profile and robustness of the cyber control environment.
*Ensure risk management practices are demonstrable and subsidize business requirement, Audit and Regulatory scrutiny.
*Oversight of Issue management, Key Risk Indicators (KRIs) and compliance to related policies and frameworks.
*Regular stakeholder management with Cyber Security and Technology organizations and building credible relationships throughout the Business.
*Engagement during cyber incident management, ensuring appropriateness of actions and escalation of issues.
*Robust, evidence based discussion on risk /reward trade off decisions (acceptance vs. remediation)
*Continuous monitoring of cyber ‘key’ controls providing breadth of coverage and the basis of triggering further types of engagement or assessments.
*Review of KRIs and other risk telemetry to identify thematic cyber risks and control deficiencies.
*Deep Dive, Thematic reviews and assessments providing depth / breadth of review of a specific key cyber control.
*Managing 3rd party and service providers for independent assessments of the cyber control environment and externally facing / digital footprint.
*Review of Cyber & Information cyber security Policies & guideline to ensure fit for purpose and posture relative to waiver requests.
*Publication of ‘Position’ / ‘Posture’ whitepapers on areas of interest e.g. Blockchain, evolving cloud capabilities and technologies.
*Evaluation of new cyber and risk management practices, disciplines and approaches.

MoTC SOC manager في Ministry of transportation and communications
  • قطر - الدوحة
  • أشغل هذه الوظيفة منذ فبراير 2016

• Steering enterprise eGOV business resiliency and ITDR projects, prioritizing 100% critical business services, conducting business impact analysis, risk and crisis management.
• Achieved ISO/IEC 27001:2013 and enforced compliance with accreditation standards.
• Reduce related MoTC cyber security incidents by ~80 % by adopting more efficient and effective alerting, hunting, and detecting techniques with SOC team.
• Ensure 90% compliance and assurance of National Cyber Security framework of Qatar - FIFA 2022.
• Develop security governance, Compiling more than 60 business processes, policies and procedures.
• Maintain production services availability to 99%.
• Administrate More than 10, 000 change requests via change management processes, ensuring consideration of confidentially, integrity, availability and ITIL operation cycles.
• Design security training and peer-mentoring programs for the incoming class of 30 officers; increasing awareness by 90 %.

IT GRC Section Head في Ministry of ictQATAR
  • قطر - الدوحة
  • مارس 2013 إلى يناير 2016

• Oversaw 3 operations teams.
• Ensured resource allocation and utilisation.
• Developed business continuity plans.
• Directed 10 enterprise projects to provide, enhance and improved the business objectives for digital transformation.
• Applied good practices in planning, designing, developing, implementing, configuring, and securing enterprise cloud networks in diverse environments.
• Collaborated in formulation and articulation of business development strategies.
• Optimized 100% of security policies and procedures, successfully enabling business, production, and engineering functions including Compliance of ISO/IEC 27001:2013.
• Presented more than 100 manifestations to convey architectures, solutions and strategies to related internal and external stakeholders.

الخلفية التعليمية

دبلوم, GIAC - GED
  • في SANS
  • أكتوبر 2011
دبلوم, PMP Certification
  • في PMI
  • نوفمبر 2008
بكالوريوس, Computer systems
  • في Ain Shams University - Facaulty of Engineering
  • يوليو 1991

Computer Science, Bachelor of Science September 1986 – July 1991 Ain Shams University , Cairo , Egypt GPA 3.0/4.0 Project Grade : Distinct

بكالوريوس, Computer Science And Electrical Engineering
  • في Ain Shams University
  • يوليو 1991

Faculty of engineering General Grade : 73 %

اختبارات بيت.كوم

Time Management Test
Score 65%

Specialties & Skills

Science
Testing
Cyber security field
Prpoject Managment
Risk Managment
IS Governance
Communications skills
Planning
DevSecOps
Network and security
Think through

اللغات

العربية
متمرّس
الانجليزية
متمرّس
الفرنسية
مبتدئ

العضويات

ISACA
  • Member
  • October 2017

التدريب و الشهادات

CISM (تدريب)
معهد التدريب:
Global knowledge
تاريخ الدورة:
October 2017
المدة:
45 ساعة
TOGAF 9.1 (تدريب)
معهد التدريب:
Global knowledge
تاريخ الدورة:
May 2017
المدة:
15 ساعة
Leadership essential for managers. (تدريب)
معهد التدريب:
SANS
تاريخ الدورة:
March 2014
المدة:
40 ساعة
GIAC-SANS Certified Enterprise Defender (GCED) (الشهادة)
تاريخ الدورة:
October 2015
صالحة لغاية:
October 2019
Continues monitoring and security operations. (تدريب)
معهد التدريب:
SANS
تاريخ الدورة:
January 2014
المدة:
35 ساعة
Continues monitoring and security operations. (تدريب)
معهد التدريب:
SANS
تاريخ الدورة:
July 2014
المدة:
40 ساعة

الهوايات

  • Readings