Yasser Sallam, IT GRC - CISO

Yasser Sallam

IT GRC - CISO

MCIT

Location
Qatar - Doha
Education
Diploma, GIAC - GED
Experience
11 years, 3 Months

Share My Profile

Block User


Work Experience

Total years of experience :11 years, 3 Months

IT GRC - CISO at MCIT
  • Qatar - Doha
  • My current job since November 2021

*Provides independent oversight, review and challenge of the cyber risk profile and robustness of the cyber control environment.
*Constructive review and challenge of cyber risk management practices, governance and risk reporting.
*Ensure integrity of reporting and accurate articulation of inherent and residual risks and assessment of controls.
*Express the overall cyber risk profile and robustness of the cyber control environment.
*Ensure risk management practices are demonstrable and subsidize business requirement, Audit and Regulatory scrutiny.
*Oversight of Issue management, Key Risk Indicators (KRIs) and compliance to related policies and frameworks.
*Regular stakeholder management with Cyber Security and Technology organizations and building credible relationships throughout the Business.
*Engagement during cyber incident management, ensuring appropriateness of actions and escalation of issues.
*Robust, evidence based discussion on risk /reward trade off decisions (acceptance vs. remediation)
*Continuous monitoring of cyber ‘key’ controls providing breadth of coverage and the basis of triggering further types of engagement or assessments.
*Review of KRIs and other risk telemetry to identify thematic cyber risks and control deficiencies.
*Deep Dive, Thematic reviews and assessments providing depth / breadth of review of a specific key cyber control.
*Managing 3rd party and service providers for independent assessments of the cyber control environment and externally facing / digital footprint.
*Review of Cyber & Information cyber security Policies & guideline to ensure fit for purpose and posture relative to waiver requests.
*Publication of ‘Position’ / ‘Posture’ whitepapers on areas of interest e.g. Blockchain, evolving cloud capabilities and technologies.
*Evaluation of new cyber and risk management practices, disciplines and approaches.

MoTC SOC manager at Ministry of transportation and communications
  • Qatar - Doha
  • My current job since February 2016

• Steering enterprise eGOV business resiliency and ITDR projects, prioritizing 100% critical business services, conducting business impact analysis, risk and crisis management.
• Achieved ISO/IEC 27001:2013 and enforced compliance with accreditation standards.
• Reduce related MoTC cyber security incidents by ~80 % by adopting more efficient and effective alerting, hunting, and detecting techniques with SOC team.
• Ensure 90% compliance and assurance of National Cyber Security framework of Qatar - FIFA 2022.
• Develop security governance, Compiling more than 60 business processes, policies and procedures.
• Maintain production services availability to 99%.
• Administrate More than 10, 000 change requests via change management processes, ensuring consideration of confidentially, integrity, availability and ITIL operation cycles.
• Design security training and peer-mentoring programs for the incoming class of 30 officers; increasing awareness by 90 %.

IT GRC Section Head at Ministry of ictQATAR
  • Qatar - Doha
  • March 2013 to January 2016

• Oversaw 3 operations teams.
• Ensured resource allocation and utilisation.
• Developed business continuity plans.
• Directed 10 enterprise projects to provide, enhance and improved the business objectives for digital transformation.
• Applied good practices in planning, designing, developing, implementing, configuring, and securing enterprise cloud networks in diverse environments.
• Collaborated in formulation and articulation of business development strategies.
• Optimized 100% of security policies and procedures, successfully enabling business, production, and engineering functions including Compliance of ISO/IEC 27001:2013.
• Presented more than 100 manifestations to convey architectures, solutions and strategies to related internal and external stakeholders.

Education

Diploma, GIAC - GED
  • at SANS
  • October 2011
Diploma, PMP Certification
  • at PMI
  • November 2008
Bachelor's degree, Computer systems
  • at Ain Shams University - Facaulty of Engineering
  • July 1991

Computer Science, Bachelor of Science September 1986 – July 1991 Ain Shams University , Cairo , Egypt GPA 3.0/4.0 Project Grade : Distinct

Bachelor's degree, Computer Science And Electrical Engineering
  • at Ain Shams University
  • July 1991

Faculty of engineering General Grade : 73 %

Bayt Tests

Time Management Test
Score 65%

Specialties & Skills

Science
Testing
Cyber security field
Prpoject Managment
Risk Managment
IS Governance
Communications skills
Planning
DevSecOps
Network and security
Think through

Languages

Arabic
Expert
English
Expert
French
Beginner

Memberships

ISACA
  • Member
  • October 2017

Training and Certifications

CISM (Training)
Training Institute:
Global knowledge
Date Attended:
October 2017
Duration:
45 hours
TOGAF 9.1 (Training)
Training Institute:
Global knowledge
Date Attended:
May 2017
Duration:
15 hours
Leadership essential for managers. (Training)
Training Institute:
SANS
Date Attended:
March 2014
Duration:
40 hours
GIAC-SANS Certified Enterprise Defender (GCED) (Certificate)
Date Attended:
October 2015
Valid Until:
October 2019
Continues monitoring and security operations. (Training)
Training Institute:
SANS
Date Attended:
January 2014
Duration:
35 hours
Continues monitoring and security operations. (Training)
Training Institute:
SANS
Date Attended:
July 2014
Duration:
40 hours

Hobbies

  • Readings