GRC Manager

• Jun 2023 - Present

Information Security Senior Manager

• Nov 2018 - Jun 2023

Managing ISO27001 ISMS certification project in terms of understanding the requirements, assessing current gaps, put together a remediation plan, establish buy-in and raising awareness of all stakeholders, remediating existing gaps, building required documentation repository, undergo a successful mock-audit to establish readiness then going through the actual audit and certification process. This certification enabled the company to spread into new markets having all regulatory requirements check as well as enhancing the company’s image as it reflects due diligence when it comes to information security.Managing SOC2 - Type 2 report issuance starting with a process of listing all company activities & detailing each service we provide as well as an overview of the company’s IT infrastructure along with the controls in place then providing relevant evidence as proof of control existence and effectiveness and then going through the report build & review process. This report will offload a lot of the customer reviews we have to handle annually thus allowing the company to utilize its manpower more efficiently.Third project was implementing PAM solution starting from POC, managing infrastructure allocation & server build according to spec. as well as establishing FW rule matrix for the solution &supervise its implementation, onboarding of assets and privilege user accounts and finally testing & UAT phase.Certification of new PIN printing facility starting with design review, implementation of required controls to meet certification requirement, going through the certification process the decertifying the old facility and decommissioning of all in scope assets.Maintaining information security polices & procedures, developing security awareness training material & conducting security awareness sessions to new joiners, security assessment of new projects, periodic user access & user privilege reviews Show less

Information Security Manager

• Apr 2008 - Nov 2018

Managing & maintaining PCI DSS, PCI PIN security & PCI card production certification in terms of providing required evidence, managing the on-site audit and remediation of findings and conclude the certification process.Maintaining information security polices & procedures, developing security awareness training material & conducting security awareness sessions to all employees along with periodic FW reviews, conducting vulnerability scans, user access reviews as well as change sign-off activities as part of the change control process. Show less

IT Implementation Manager

• Dec 2006 - Mar 2008

Planning the introduction of new products & services along with the testing & implementing of new products/services as well as managing products/services parameters in addition to testing & implementing periodic payment scheme mandates.

AS400 System Administrator

• Oct 2005 - Nov 2006

Responsible for maintaining core mainframe in terms of resources and conducting periodic backups & restore activities as well as user management activities as well as implementing semi-annual payment scheme mandates.

IT Operator/Senior Operator

• Apr 2003 - Sep 2005

Operating End of Day process and generating associated resultant files and placing them into their designated folders on FTP server, I was also responsible for training junior team members and manage their activities as well as documenting our daily tasks in user friendly manuals.