Global Information Security Director
Aramex
Total years of experience :27 years, 2 Months
• Develop the Security Strategy.
• Maintain and update the information security policies and integrate within business processes.
• Cross functional collaboration with data owners and system owners to ensure that the security needs are met, and risks are identified with proper countermeasures in place to mitigate them.
• Develop and monitor Information Security Awareness training program.
• Develop and rollout ‘Enterprise BCM framework’ in line with ISO22301
• Information security Incident management
• Ensure Compliance with international business industry standards, legislations & regulations.
• Carry out security reviews on the different IT components to validate the authentication, authorization and auditing controls status.
• Monitoring Information Security Program compliance and effectiveness
• Setting standards for physical security systems (CCTV, access control, Intrusion alarm)
• Keep track of latest information security solutions
• Develop & build the Enterprise Project Management Office (PMO). This office responsibility:
• Develop the enterprise project management methodology.
• Select and implement a project management information system.
• Support and train project managers.
• Monitor projects performance.
• Align projects with strategy.
• Build project KPIs.
• Build and manager dedicated IT support center, available 24x7, responsible for:
• Incident Management: being the first line of support with global visibility and timely response to system faults, security incidents, and service availability.
• Problem Management: Analyze incidents to find root causes of problems and come up with proper countermeasures to prevent recurrence.
• Develop the change management framework based on ITIL best practices.
• Security administration: Control and review Access to both infrastructure (Communication links and datacenters Infrastructure system) and users’ access to applications.
• Monitoring service availability through systems log, and service health monitors.
• Responsible for datacenters backup operations, and media management.
• Release management of applications to production environments. As part of segregation of duties, we were the body eligible to change the live environment.
• Patch and systems upgrade management.
• Managing secure mail operations through proper configuration and filtering rules.
• Build standard networks Infrastructure in branches-globally
• Evaluate new systems/tools
• Train Local IT admins in remote branches on Tools, techniques and procedures
• Provide Network/Systems support
Masters Degree in Information security and Digital Criminology with thesis titled: The Impact of Cloud Computing Adoption by Jordan Higher Educational Institutions on Their IT Security Standing