IT GRC - CISO
MCIT
Total des années d'expérience :11 years, 2 Mois
*Provides independent oversight, review and challenge of the cyber risk profile and robustness of the cyber control environment.
*Constructive review and challenge of cyber risk management practices, governance and risk reporting.
*Ensure integrity of reporting and accurate articulation of inherent and residual risks and assessment of controls.
*Express the overall cyber risk profile and robustness of the cyber control environment.
*Ensure risk management practices are demonstrable and subsidize business requirement, Audit and Regulatory scrutiny.
*Oversight of Issue management, Key Risk Indicators (KRIs) and compliance to related policies and frameworks.
*Regular stakeholder management with Cyber Security and Technology organizations and building credible relationships throughout the Business.
*Engagement during cyber incident management, ensuring appropriateness of actions and escalation of issues.
*Robust, evidence based discussion on risk /reward trade off decisions (acceptance vs. remediation)
*Continuous monitoring of cyber ‘key’ controls providing breadth of coverage and the basis of triggering further types of engagement or assessments.
*Review of KRIs and other risk telemetry to identify thematic cyber risks and control deficiencies.
*Deep Dive, Thematic reviews and assessments providing depth / breadth of review of a specific key cyber control.
*Managing 3rd party and service providers for independent assessments of the cyber control environment and externally facing / digital footprint.
*Review of Cyber & Information cyber security Policies & guideline to ensure fit for purpose and posture relative to waiver requests.
*Publication of ‘Position’ / ‘Posture’ whitepapers on areas of interest e.g. Blockchain, evolving cloud capabilities and technologies.
*Evaluation of new cyber and risk management practices, disciplines and approaches.
• Steering enterprise eGOV business resiliency and ITDR projects, prioritizing 100% critical business services, conducting business impact analysis, risk and crisis management.
• Achieved ISO/IEC 27001:2013 and enforced compliance with accreditation standards.
• Reduce related MoTC cyber security incidents by ~80 % by adopting more efficient and effective alerting, hunting, and detecting techniques with SOC team.
• Ensure 90% compliance and assurance of National Cyber Security framework of Qatar - FIFA 2022.
• Develop security governance, Compiling more than 60 business processes, policies and procedures.
• Maintain production services availability to 99%.
• Administrate More than 10, 000 change requests via change management processes, ensuring consideration of confidentially, integrity, availability and ITIL operation cycles.
• Design security training and peer-mentoring programs for the incoming class of 30 officers; increasing awareness by 90 %.
• Oversaw 3 operations teams.
• Ensured resource allocation and utilisation.
• Developed business continuity plans.
• Directed 10 enterprise projects to provide, enhance and improved the business objectives for digital transformation.
• Applied good practices in planning, designing, developing, implementing, configuring, and securing enterprise cloud networks in diverse environments.
• Collaborated in formulation and articulation of business development strategies.
• Optimized 100% of security policies and procedures, successfully enabling business, production, and engineering functions including Compliance of ISO/IEC 27001:2013.
• Presented more than 100 manifestations to convey architectures, solutions and strategies to related internal and external stakeholders.
Computer Science, Bachelor of Science September 1986 – July 1991 Ain Shams University , Cairo , Egypt GPA 3.0/4.0 Project Grade : Distinct
Faculty of engineering General Grade : 73 %