Risk-Based Project & Assurance Management Advisor

• May 2014 - Present

We advise and assist clients in managing their major inherent risks evolving from business transformation programs as empowered by enabling technologies. We collaborate with our clients to achieve enhanced principled performance by applying the most appropriate Governance, Risk and Compliance (GRC) frameworks, principles and foundational controls.Recent large-scale Projects:USAID Women Economic Empowerment/MSEs Project (2017-2018) : Across 6 governorates in Jordan, Finding and assessment of Community-based financial institutions (CBFOs), Cooperatives’ (130 CoOps) MSE financial lending services (Women & Youth) and financial inclusion coverage. Conducted focused visits and sustainability risk assessments of 31 CoOps financial MSE lending services. Developed financial/risk management training materials. Explored the potential for adopting digital financial services (DFS) and mobile money in micro-financing including the CoOps potential opportunity to become DFS agents.SANAD Project: MFI's assessment of Risk Management environment (2017) -For an MFI in Jordan, as Risk Management Subject Matter Expert, managed the assessment of the Risk Management environment and concerned GRCPA functions based on RM Graduation Model (RMGM), OCEG GRC Capability Model. Utilized CBJ applicable regulations and related financial inclusion guidelines. USAID Project: Micro Finance Network of Jordan - Shared MFIs Database and network Performance Management: Technical/Operational Design and RFP (2015): As a Technical Director led the development of the Technical & Operational Design of MFIs shared Database. Developed technical, functional and operational requirements for issuing the System’s RFP for tendering. Utilized applicable MFIs & network guidelines: e.g. CBJ, CGAP, SEED, & Sanabel. Show less

Founder & Managing Director

• Jun 2012 - Present

7D GRC is a niche advisory services firm that is specialized in providing IT Governance, IT Risk Assessments, IT Assurance, and Quality Assurance services. We advise and assist clients in managing their major inherent risks evolving from business transformation programs as empowered by enabling technologies. We collaborate with our clients to achieve enhanced principled performance by applying the appropriate Governance, Risk and Compliance (GRC) principles & foundational controls. 7D GRC Advisory also partner with local and international consulting firms by offering them complementary services when performing their consulting engagements.7D GRC QA services are not merely PM nor are pure technical services. We provide specialized IT Assurance & Quality Assurance Services to Senior Management by:Conducting change and implementation readiness assessments to be the roadmap for ensuring that the right organizational and functional maturity levels are achieved prior to kicking-off transformation programs and Core Banking Systems (CBS) implementation projects; Identifying and reporting on major evolving and inherent Risks and Critical Success Factors (CSF) at the early stages of transformation programs and CBS implementation projects’ life cycle that would necessitate early senior management attention for resolution;Providing sufficient assurance on achieving CBS projects’ success factors as envisioned by Senior Management and as proposed by the software vendor/implementer;Ensuring that envisioned CBS implementation Project’s life cycle is consistent and synchronized with other ongoing/planned business initiatives and consistent with the plan and design for integrating CBS with other supporting/legacy systems; Ensuring that there are sufficient Systems Availability, Data Confidentiality, Information Security, and Data Integrity foundational controls, being designed, implemented, and integrated with the appropriate systems and internal controls. Show less

LinkedIn - IT Audit Management (MENA) Group Founder and Owner

• Aug 2014 - Present

The objective of this Group is to address IT Audit Management issues & challenges in MENA Region. We seek to professionally outline such challenges and aim to advise on needed critical success factors to have a more efficient, effective, and trusted IT Audit Function & IT Assurance Services that add value to our organization and stakeholders. This Group is not only for IT Auditors, but also for other senior management functions dealing with Internal/IT Audit such as IT, RM, Compliance, Operations, & Support Functions. We expect discussions to be on pre-defined topics. Major highlighted issues would be addressed in a sequence of Workshops' topics to be offered by 7D GRC Advisory. Groups Core Topics IT Audit Mission, Function Structure, Management, Leadership, Credibility & Trust building Internal/IT Audit Internal Processes, Quality Assurance (QA) Requirements/Certifications IT Audit Relationships with Stakeholders, & How to deal with IT Audits (within IA, Senior Management, BoD, BUS, OPS, RM, Compliance) Corporate/IT Governance Frameworks & Risk Culture Imperatives for Efficient & Effective Internal/IT Audits IT Audit Code of Conduct, Ethics, Standards & Guidelines Risk-Based IT Audit Planning, Business Processes' Risks & Controls , IT RM & IA Role in ERM IT Audit Life Cycle Issues & Management & Advantages of Integrated Audits IT Audit Advisory & Value Added Services, & Recent Trends (IA roles in Projects, Systems replacements, upgrades, investigations) IT Audit Tools, Audit Management Systems & Integration with GRC IT Audit Profession advancement Success Factors, Skills, recruitment process , staff retention, growth & empowerment challenges IT Audit Management - Specific Industry & regulatory requirements Audits (e.g Banking, Insurance, Public Sector) & specialized Audit Programs IT Audit Management - Specific Audit domains (e.g. InfoSec, BCM), Emerging Issues & specialized Audit Programs Show less

Part-Time Instructor - Risk Management/Auditing

• Nov 2014 - Jun 2016

Spring 2015/2016 Teaching Courses Creativity & Innovation Risk Management for Small Business Crisis Management & Communication Fall 2015/2016, Teaching Courses Computer Applications of Risk Management Risk Management for Small Business Crisis Management & Communication Spring 2015, Teaching Courses Crisis Management & Communication Auditing & Supervising Risk Management Graduation Projects, Fall 2014/2015 Key note speaker - Applications of Risk Management/Special lectures on Governance, Risk and Compliance (GRC) concepts and applications, and Vendor Risk Management Show less

Country Head of Internal Audit

• Jan 2014 - May 2014

VP, Head of IT Audit

• Apr 2004 - Mar 2012

Established a modern risk-based IT Audit function for the AB Group (2004) with tailored IT Audit Universe ; periodic outline of risky areas ; IT Audit Programs based on COBIT; ISO 2700x ; ISF ; BSI & other standards & best practices Headed and closely managed the IT Audit Function for the Arab Bank Group. Recruited ; trained ; coached & managed a team of IT Auditors to conduct specialized IT audits. Conducted/Managed IT Audit assignments on Arab Bank Branches in MENA, New York & Singapore. Applied COBIT as an IT Assurance framework for the Group. Promoted - based on COBIT Control Objectives - developing IT Policies and Procedures. Utilized ISO 2700X, Information Security Forum (ISF), ISACA ICQ’s, and other related standards and guidelines for specific Information Security Audits. Closely worked with IT ; RM ; compliance; OPS to sufficiently address and revise their policies & procedures to address emerging risks & IT Audit findings Developed and recommended a robust process to QA audit clouse process while effectively developing needed internal & application controls Since 2006, implemented TeamMate as an Audit Management System for the IT Audit Unit including defining related audit templates, standards, and classification of Audit findings. Conducted and managed periodic InfoSec/IT Security Audit and Gap analysis with Best practices including audits on IT compliance with regulatory requirements. Utilized special audit tools to audit IBM AS 400, AIX, & Oracle. Periodically presented to Senior Management & Gulf IT Board major IT audit findings outlining major root causes for Head Office resolution. Was involved with Deloitte team in defining IT prerequisites / imperatives as part of IT Governance project in the Bank. Evaluated IT Audit Firms proposals and finalized the scope of the IT Audit Co-Sourcing engagement for Arab Bank’s European Branches (2004 - 2006). Show less

Head of eServices – eGovernment Program

• Sep 2003 - Apr 2004

Managing a team of project managers/business analysts working on egovernment projects implementations: Income Tax and residency and borders projects. Planning and development of Request for proposal (RFP) to define and implement next wave of electronic services in Jordan. Concluded and published pending RFPs. Evaluated several Technical Proposals and developed Q&As for consulting firms. Managing a team of project managers/business analysts working on egovernment projects implementations: Income Tax and residency and borders projects. Planning and development of Request for proposal (RFP) to define and implement next wave of electronic services in Jordan. Concluded and published pending RFPs. Evaluated several Technical Proposals and developed Q&As for consulting firms.

IT Consulting Manager - Saudi Arabia

• Oct 1998 - Aug 2003

Managed Major Projects Won a 350K USD Project & Managed Jordan’s Fast Track E-government project (2002) covering the analysis and design of the eServices of Sales & Income Tax, Driving & Vehicle licensing, and Land & Survey Dept. Managed ERP Selection project, implementation planning, vendor negotiations for Large Agri and Dairy Group – Riyadh – KSA. Managed ERP Selection project for Large Petrochemical Group – Jubal – KSA. Managed ERP Systems Implementation QA for Nissan (Kerridge) and Toyota (Oracle) Dealers – Jeddah – KSA. Managed IT Assessment of SAP Implementations (2 Petrochemical Companies), Saudi Cement (BPCS) - Dammam. Managed IT Audits for Arab Bank (Bahrain), Arab National Bank (Riyadh), Arab Investment Co (Bahrain), and other Audit Clients. Conducted IT Assessment of an ICBS Banking System implementation project for a Jordanian Bank (Sep 98). Conducted IT Assessment and development of an information systems plan for Arabia Insurance Lebanon (Jun - Jul 98). Managed development of financial and admin policies project for a Food Distribution Group in Jeddah – KSA (Dec. 02 – Jun. 03). Prepared and conducted Information Systems Audit training course for clients: Ma’aden Mining and SHARQ petrochemical. Show less

Senior Consultant

• 1994 - 1996

For a World Bank funded/PECDAR project: Conducted detailed technical reviews of Palestinian Authorities - Nablus and Gaza Municipalities’ IT operations supporting financial and municipal services. Designed application and technical architecture for a standardized municipal management information system. For a World Bank funded/PECDAR Project: Participated in the development of proposal (was awarded) for the Palestinian Authorities - Ministry of Finance (work-plans and methodologies). Developed a Strategic Information Systems Plan for PADICO Holding Co. Show less

Senior Consultant

• 1992 - 1994