Download PDF

Summary

Over 12 years of experience in a wide range of IT, Quality, Information Security and Governance based offerings and skills such as Management, Project Management, Strategy, IT, Quality, Information Security and Governance Assurance and Auditing proved with educational, working background and certification.

Competent at:- Information Security - Quality - Governance - Compliance - Risk Management - Auditing

Summary

Over 12 years of experience in a wide range of IT, Quality, Information Security and Governance based offerings and skills such as Management, Project Management, Strategy, IT, Quality, Information Security and Governance Assurance and Auditing proved with educational, working background and certification.
Competent at:- Information Security - Quality - Governance - Compliance - Risk Management –Auditing.

Education

Certifications

Aug 2012Jan 2016

Certified Information Security Manager (CISM)

ISACA

License: 1220777

Apr 2013Present

Certified ISO 9001 Quality Management System Lead Auditor

IRCA
Oct 2015Present

Certified ISO/IEC 27001 Information Security Management System Lead Implementer

PECB

License # ISLI1006966-2015-10

Oct 2015Present

Certified ISO 22301 Business Continuity Management System Lead Implementer

PECB

License # BCLI1006966-2015-10

Oct 2015Present

Certified ISO 31000 Lead Risk Manager

PECB

License # RMLRM1006966-2015-10

Jan 2016Present

Certified Internal Auditor (CIA)

The Institute of Internal Auditors (IIA)

Candidate (Document verification)

Jan 2010Present

Certified Project Manager

IAPPM
Sep 2013Present

Project+

CompTIA

License # COMP001020541280

Jan 2013Present

Security+

CompTIA

License # COMP001020541280

Sep 2006Present

Certified Ethical Hacker (CEH)

EC-Council

License # ECC915740

Sep 2005Present

Microsoft Certified Systems Engineer (MCSE)with Security

Microsoft

Certificate # C476-3967

Work History

Feb 2005Present

Information Security Officer

Asharqia Chamber
  • Liaison with and offers strategic direction to related governance functions (such as Physical Security/Facilities, Risk Management, IT, HR, Legal and Compliance) plus senior and middle managers throughout the organization, on information security matters such as routine security activities plus emerging security risks and control technologies.
  • Forms a “center of excellence” for quality & information security management, for example offering internal management consultancy advice and practical assistance on quality & information security management risk and control matters throughout the organization and promoting the commercial advantages of managing information security risks more efficiently and effectively.
  • Leads, commissions or direction :
    • for the function, ranging from planning and budgeting to motivational and promotional activities expounding the value of information security
    • for a loose network of information security ambassadors distributed throughout the organization
    • the design, implementation, operation and maintenance of the Quality and Information Security Management System based on International standards, including certification against ISO/IEC 27001, ISO 9001, ISO/IEC 22301 and ISO 10004 where applicable.
    • the preparation and authorizes the implementation of necessary information quality & security policies, standards, procedures and guidelines, in conjunction with the Quality & Security Committee.
    • the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal quality & security policies etc. and applicable laws and regulations.
    • suitable quality & information security awareness, training and educational activities.
    • quality & information security risk assessments,controls selection activities, activities relating to contingency planning and business continuity management.
Jul 2008Dec 2011

Quality Assurance Manager

JFN ALRIYADH

(Part Time)
- Achieves quality assurance operational objectives by contributing information and analysis to strategic plans and reviews; preparing and completing action plans; implementing production, productivity, quality, and customer-service standards; identifying and resolving problems; completing audits; determining system improvements; implementing change.
- Develops quality assurance plans ; identifying critical control points and preventive measures; establishing critical limits, monitoring procedures, corrective actions, and verification procedures; monitoring inventories.
- Validates quality processes by establishing product quality attributes;  documenting evidence; determining operational and performance qualification; writing and updating quality assurance procedures.
- Maintains and improves product quality by completing product, company, system, compliance, and surveillance audits; investigating customer complaints; collaborating with other members of management to develop new product channels.
- Prepares quality documentation and reports by collecting, analyzing and summarizing information and trends including failed processes, corrective actions, and re-validations.

Jan 2006Mar 2008

Infrastructure Specialist

Arabian Funding Company (ARAFCO)

(Part time)
- Evaluate and recommend necessary changes in performance tuning, infrastructure design and monitoring.
- Conduct extreme complex technical evaluation and suggest proposed physical architectures along with detailed designs.
- Head responsibility to install, configure and maintain applications with IT infrastructure.
- Analyze problems, evaluate technical issues, test, maintain, modify, integrate, monitor and ensure to automate software systems.
- Conduct long range strategic plans of IT infrastructure plus operational aspects of application execution within infrastructure.
- Handle organization-wide windows based application projects of complex to ensure applications optimal performance and related infrastructure.
- Support install applications for system production and test to ensure maximum support through applying best practices.
- Execute technology successfully by minimal downtime as well as disruption.
- Write infrastructure related scripts to automate all manual tasks plus streamline operational activities.
- Involve actively in teams of cross functional project to assist solve problems inclusive of different technologies straddling multiple work groups.
- Conduct complex technical evaluation, design review and recommend proposed physical and logical designs.

Major Projects

5 Year IT Strategic Plan Composition
September 2006 – February 2007
A team member for the development of a five year business aligned IT strategic plan containing initiatives, and projects. Executed in tandem with Ernst and Young advisory services. Tasks carried out:
- Gap assessment.
- Set goals and objectives.
- Exploring solution.

IT Policies, Procedures, and Organization Restructuring (ITIL,COBIT, ISO 27001)
August 2007 – February 2008
A team member for the development of IT policies and procedures and a redefined IT organization structure based on the three standards of ITIL, COBIT, and ISO 27001 respectively. Executed in tandem with Ernst and Young advisory services. Tasks I conducted:
- Gap assessment.
- Policies and procedures development.
- Review the policies and procedure with E&Y.
- Enforcement.
- Review application.

ISO/IEC 27001:2005 Information Security Management System (ISMS) Implementation
May 2009 – December 2009
A project manager to Implement, manage and sustain the ISO 27001:2005 security program and liaising closely with SMEs and project lead and hold monthly committee meetings to bring the organizations information security risks under explicit management control through the Information Security Management System.
Some of the Job Responsibilities:
-Lead the operation, support and maintenance of the Information Security Management System based on the ISO/IEC 27000 series standards, including maintaining our certification against ISO/IEC 27001.
-Leads the preparation and the implementation of necessary information security policies, standards, procedures and guidelines, in conjunction with the Quality Committee to get appropriate approvals and feedback.
-Manages and leads the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies etc. and applicable laws and regulations .
Support departments and help manage projects for implementation of information security management system
-Supports suitable information security awareness, training and educational activities
-Manages information security risk assessments and controls selection activities
-Liaison with and offers strategic direction to related governance functions (such as Risk Management, IT, HR, Legal and Compliance) plus senior and middle managers throughout the organization as necessary, on information security matters such as routine security activities plus emerging security risks and control technologies
-Provide the required assistance with any other applicable standards and regulations to ensure ASHARQIA CHAMBER meets the requirements.

BS 25999:2007 Business Continuity Management System (BCMS) Implementation
January 2010 – June 2010
Project manager for establishing, implementing, operating, monitoring, reviewing,
maintaining and improving an effective system for business continuity based on BS 25999:2007 standards to equip ASHARQIA CHAMBER with required strengths to meet the challenges faced when a disruption occurs. Main responsibilities:
- Gap assessment.
- Coordinate and assist in the development of and access to Business Continuity Plans and Procedures, including the IT Disaster Recovery Plan, the Crisis Communication Plan, the Pandemic Plan and the Security Emergency Response Plan. Provide regular status updates to the Business Continuity Management Project Board.
- Assess the business continuity implications of proposed technological or organizational changes, and coordinate any revisions to existing Business Continuity Plans and Procedures necessitated by such changes.
- Ensure that staff with specific Business Continuity responsibilities is adequately trained and ensure that all staff are kept informed of relevant provisions of the Business Continuity Plans.
- Review and testing.
- Auditing.

Business Continuity Management System (BCMS) Transition from BS 25999-2 to ISO 22301:2012
June 2012 – November 2012
A project manager for upgrading the business continuity management system (BCMS) form BS 25999-2:2007 to the latest version ISO 22301:2012 which introduces a requirement for metrics for business continuity management, as well as additional emphasis for BCMS operational planning and setting controls.

Information Security Management System (ISMS) Transition from ISO 27001:2005 to ISO 27001:2013
August 2013 – December 2013
A project manager for upgrading the information security management system (ISMS) form ISO 27001:2005 to the latest version ISO 27001:2013 that puts more emphasis on measuring and evaluating how well an organization's ISMS is performing, and to monitor the outsourcing process, which reflects the fact that many organizations rely on third parties to provide some aspects of IT.

Annual Internal Auditing
Starting September 2009
As result of Implementing International standards, ASHARQIA CHAMBER wants to assure that activities governed by the policies and procedures produced out of these standards. As Lead auditor for annual review of the operational records of ASHARQIA CHAMBER. The audit may check the accuracy of records, compliance with procedures, internal and external regulations, and the soundness of operational practices, including internal controls against ISO standards like ISO 9001, 10004, 22301 and 27001.
Main responsibilities:
- Plan and assign auditors to conduct audit activities.
- Prepare checklists to help internal auditors.
- Prepare orderly documentation and audit reports using ASHARQIA CHAMBERS forms.
- Provide reports of activities to management of Operations.
- Attend meetings as required by management.
- Review corrective action implementation.

Integrating Quality Management System ISO 9001:2015 with the ASHARQIA CHAMBER Risk Management System
Starting July 2015
The new ISO 9001:2015 standard explicitly expects organizations to identify and address risks affecting product and service compliance; resulting in improved customer satisfaction. I held responsible to integrate the new requirements of ISO 9001:2015 with ASHARQIA CHAMBER risk management system. Besides identifying the risks, I'm expected to address opportunities for improvement based on the risk analysis.

Governance, Risk and Compliance(GRC) Solution Implementation
Starting August 2015  - September 2016
As result for implementing international standards along side with the management intention to automate the governance, risk and compliance process, I've been assigned to explore the suitable GRC solutions available in the market. So, I started this task by developing the RFP contains ASHARQIA CHAMBER's expectation and the capabilities it's looking for in the solution. Further more, I was responsible for the project implementation, configuration and release.

- We are in training phase for the internal auditors.

IT Infrastructure and Security Technical Projects
Starting July 2005
I worked on multiple technical projects related to IT infrastructure ( e.g. AD and Exchange migration, virtual environment and storage solutions) and managed security projects (e.g. NAC, Firewall, ePO and recently SIEM). 

Training and Courses

  • ISO/IEC 27001:2005 Awareness by TUV NORD/Fahss Saudi Arabia 
  • ISO/IEC 27001:2005 Internal Auditing by TUV NORD/Fahss Saudi Arabia 
  • ISO/IEC 9001:2000 Internal Quality Auditing by TUV NORD/Fahss Saudi Arabia 
  • ISO/IEC 9001:2008 Internal Quality Auditing by TUV NORD/Fahss Saudi Arabia 
  • ISO/IEC 9001:2008 Advanced Internal Quality Auditing by TUV NORD/Fahss Saudi Arabia 
  • Project Management Body of Knowledge the 4th Edition by SimpleIlearn 
  • Penetration Testing by TUV NORD/Fahss Saudi Arabia 
  • Risk Management by TUV NORD/Fahss Saudi Arabia 
  • Time Management 
  • Problem Solving 
  • Presentation Skills 
  • Positive Thinking 
  • Change Handling

Professional Associations

  • March 2005 - Present, ITDigest, Member: ITDigest is an on-line community for the IT professional in Saudi Arabia. I was the group administrator for two years.
  • Jan 2012 – present, ISACA, Member.
  • Jan 2016 – present, IIA, Member.