Over 12 years of experience in a wide range of IT, Quality, Information Security and Governance based offerings and skills such as Management, Project Management, Strategy, IT, Quality, Information Security and Governance Assurance and Auditing proved with educational, working background and certification.
Competent at:- Information Security - Quality - Governance - Compliance - Risk Management - Auditing
Over 12 years of experience in a wide range of IT, Quality, Information Security and Governance based offerings and skills such as Management, Project Management, Strategy, IT, Quality, Information Security and Governance Assurance and Auditing proved with educational, working background and certification.
Competent at:- Information Security - Quality - Governance - Compliance - Risk Management –Auditing.
5 Year IT Strategic Plan Composition
September 2006 – February 2007
A team member for the development of a five year business aligned IT strategic plan containing initiatives, and projects. Executed in tandem with Ernst and Young advisory services. Tasks carried out:
- Gap assessment.
- Set goals and objectives.
- Exploring solution.
IT Policies, Procedures, and Organization Restructuring (ITIL,COBIT, ISO 27001)
August 2007 – February 2008
A team member for the development of IT policies and procedures and a redefined IT organization structure based on the three standards of ITIL, COBIT, and ISO 27001 respectively. Executed in tandem with Ernst and Young advisory services. Tasks I conducted:
- Gap assessment.
- Policies and procedures development.
- Review the policies and procedure with E&Y.
- Enforcement.
- Review application.
ISO/IEC 27001:2005 Information Security Management System (ISMS) Implementation
May 2009 – December 2009
A project manager to Implement, manage and sustain the ISO 27001:2005 security program and liaising closely with SMEs and project lead and hold monthly committee meetings to bring the organizations information security risks under explicit management control through the Information Security Management System.
Some of the Job Responsibilities:
-Lead the operation, support and maintenance of the Information Security Management System based on the ISO/IEC 27000 series standards, including maintaining our certification against ISO/IEC 27001.
-Leads the preparation and the implementation of necessary information security policies, standards, procedures and guidelines, in conjunction with the Quality Committee to get appropriate approvals and feedback.
-Manages and leads the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies etc. and applicable laws and regulations .
Support departments and help manage projects for implementation of information security management system
-Supports suitable information security awareness, training and educational activities
-Manages information security risk assessments and controls selection activities
-Liaison with and offers strategic direction to related governance functions (such as Risk Management, IT, HR, Legal and Compliance) plus senior and middle managers throughout the organization as necessary, on information security matters such as routine security activities plus emerging security risks and control technologies
-Provide the required assistance with any other applicable standards and regulations to ensure ASHARQIA CHAMBER meets the requirements.
BS 25999:2007 Business Continuity Management System (BCMS) Implementation
January 2010 – June 2010
Project manager for establishing, implementing, operating, monitoring, reviewing,
maintaining and improving an effective system for business continuity based on BS 25999:2007 standards to equip ASHARQIA CHAMBER with required strengths to meet the challenges faced when a disruption occurs. Main responsibilities:
- Gap assessment.
- Coordinate and assist in the development of and access to Business Continuity Plans and Procedures, including the IT Disaster Recovery Plan, the Crisis Communication Plan, the Pandemic Plan and the Security Emergency Response Plan. Provide regular status updates to the Business Continuity Management Project Board.
- Assess the business continuity implications of proposed technological or organizational changes, and coordinate any revisions to existing Business Continuity Plans and Procedures necessitated by such changes.
- Ensure that staff with specific Business Continuity responsibilities is adequately trained and ensure that all staff are kept informed of relevant provisions of the Business Continuity Plans.
- Review and testing.
- Auditing.
Business Continuity Management System (BCMS) Transition from BS 25999-2 to ISO 22301:2012
June 2012 – November 2012
A project manager for upgrading the business continuity management system (BCMS) form BS 25999-2:2007 to the latest version ISO 22301:2012 which introduces a requirement for metrics for business continuity management, as well as additional emphasis for BCMS operational planning and setting controls.
Information Security Management System (ISMS) Transition from ISO 27001:2005 to ISO 27001:2013
August 2013 – December 2013
A project manager for upgrading the information security management system (ISMS) form ISO 27001:2005 to the latest version ISO 27001:2013 that puts more emphasis on measuring and evaluating how well an organization's ISMS is performing, and to monitor the outsourcing process, which reflects the fact that many organizations rely on third parties to provide some aspects of IT.
Annual Internal Auditing
Starting September 2009
As result of Implementing International standards, ASHARQIA CHAMBER wants to assure that activities governed by the policies and procedures produced out of these standards. As Lead auditor for annual review of the operational records of ASHARQIA CHAMBER. The audit may check the accuracy of records, compliance with procedures, internal and external regulations, and the soundness of operational practices, including internal controls against ISO standards like ISO 9001, 10004, 22301 and 27001.
Main responsibilities:
- Plan and assign auditors to conduct audit activities.
- Prepare checklists to help internal auditors.
- Prepare orderly documentation and audit reports using ASHARQIA CHAMBERS forms.
- Provide reports of activities to management of Operations.
- Attend meetings as required by management.
- Review corrective action implementation.
Integrating Quality Management System ISO 9001:2015 with the ASHARQIA CHAMBER Risk Management System
Starting July 2015
The new ISO 9001:2015 standard explicitly expects organizations to identify and address risks affecting product and service compliance; resulting in improved customer satisfaction. I held responsible to integrate the new requirements of ISO 9001:2015 with ASHARQIA CHAMBER risk management system. Besides identifying the risks, I'm expected to address opportunities for improvement based on the risk analysis.
Governance, Risk and Compliance(GRC) Solution Implementation
Starting August 2015 - September 2016
As result for implementing international standards along side with the management intention to automate the governance, risk and compliance process, I've been assigned to explore the suitable GRC solutions available in the market. So, I started this task by developing the RFP contains ASHARQIA CHAMBER's expectation and the capabilities it's looking for in the solution. Further more, I was responsible for the project implementation, configuration and release.
- We are in training phase for the internal auditors.
IT Infrastructure and Security Technical Projects
Starting July 2005
I worked on multiple technical projects related to IT infrastructure ( e.g. AD and Exchange migration, virtual environment and storage solutions) and managed security projects (e.g. NAC, Firewall, ePO and recently SIEM).