NAYEF TRAD

Experienced Information Security, Business Continuity & Risk Management Executive.

15+ years of experience and a Master Degree in Computer Sciences from INSA-Lyon, FRANCE.

SUMMARY

A highly dedicated expert to delivering best-of-breed and up-to-date solutions to nowadays challenges of Information Security, Business Continuity and Risk Management. Yet I am a Project Management-oriented person who plays the role of a mediator, to interpret the concerns of Business Stakeholders into customized Services, Technologies and Systems to mitigate their gaps within that area

WORK EXPERIENCE

2012 – present InfoSec Manager – Head of Corp. InfoSec Dept.

Alfardan Group Holding – Doha, QATAR

Alfardan Group Holding is one of the largest Private companies within the Gulf area, known for providing Luxurious Services and Products. On a Corporate level, we oversee our various Business Operations of Properties Development, Automotive Dealerships, Jewelry, Exchange, Hospitality, Marines Services and others. We have introduced the Information Security Department as a totally Separate function from all other Departments, to maintain the Integrity and Independency while achieving our goals. Our Goals and Objectives are simply to achieve a level of security across all our companies, that exceeds the level of security being adopted within Banking and Financial institutions...

Heading the Information Security Department at the Corporate Level for Alfardan Group Holding.

Providing Information Security, Business Continuity and Risk Management Services and Solutions to all Alfardan Business Units.

Direct Functional reporting to the President & CEO.

Chairman to the Information Security Steering Committee.

Secretary to the Executive Committee.

Permanent Member to the Risk Management Committee.

Management Representative of our ISO 27001:2013 & ISO 22301:2012 Systems.

Formulating set of Policies & Procedures to cover all Information Security aspects as well IT Security ones.

Maintaining Up to Date Risk Management, Business Continuity Management and Vulnerabilities Management Frameworks; in continuous collaboration with different Business Units Key Members and elected Champions.

In-Charge of preparing and delivering frequent and customized Awareness Sessions to various groups of staff, in cooperation with Training & Development Dept.

Liaising between IT and Audit & Compliance Departments to ensure healthy Security Assessments and successful Audit Outlook among multiple technologies within the IT Dept.

2008 – 2012 Sr. InfoSec Officer – Acting IT Security Manager

Arab-Gulf Tech/Arab Bank – Dubai, UAE

Heading the Information Security Department for the Bank’s area Hub; UAE, Qatar, Bahrain & Yemen; reporting to the IT Hub Manager, being directly in touch with the Risk Department at the Head Office. Principle member in the Information Security Steering Committee & Change Advisory Board.

Creating a yearly budget to include the technical improvement plan and IT security initiatives and ensure the implementation of appropriate risk mitigations.

Implementing and maintaining IT Security policies, procedures and guidelines according to our Corporate Head Office and setup an audit scheme to monitor the compliance.

Leading the planning, implementation & maintenance of PCI-DSS requirements within the Hub.

Facilitating Security Awareness sessions for the Bank staff along with the HR department and delivering security trainings to the IT dept.

Setting up the appropriate metrics and necessary Security controls as per COBIT standard to meet high level of security assurances and cope with regulations.

Building a comprehensive framework of ISMS according to ISO 27001 and map it to frequent gap analysis security assessments.

Managing multiple projects and initiatives like Control & Compliance System, Security Events & Information Management, File Integrity Monitoring, File & Disk Encryption, Fully automated & In-house customized Security Incident Management system over MS-SharePoint.

Acting as Change and Problem Manager.

2006 – 2008 Head of IT Security Solutions

OISSG/Salam Technology – Doha, QATAR

Heading the Delivery of IT Security Solutions; Serving multiple Type, Size and Businesses among Banks, Telcos & Oil & Gas firms.

Developing and maintaining IT Security policies, procedures and guidelines according to international standards; e.g ISO 27001 & ISC2 Body of Knowledge.

Conducting IT Security audits to ensure compliance with ISO standards. Performing vulnerability assessments and penetration testing and taking the required counter actions and measurements to ensure the security of the IT infrastructure systems.

Contributing to the design and implementation of the disaster recovery plans for security of the computer systems, databases, networks, servers, and software applications.

Providing Security Awareness Program to End-Users

2005 – 2006 Service Developer

Orange – Lyon, FRANCE

Programming Java Classes which serve the protocols running on the servers.

Validation of the Salted-MD5 technique in the Wi-Fi client access background.

Optimization of the Switching Triggers used over the GSM/GPRS/EDGE/UMTS

modes for a better QoS-delivery & an enhanced Secure transitions between ‘G’ modes.

Suggesting an application type which enhances the Orange-World service.

1999 – 2005 Sr. IT Security Specialist

DeltaNet – Jounieh, LEBANON

Delivering IT Security Solutions to large Enterprises; e.g. Banks, Insurance Companies,

GSM Operators and many Other Businesses.

Monitor the logs of servers, firewalls, intrusion detection systems, and network traffic for

unusual or suspicious activity, and put recommendations based on those findings to

configure and maintain systems appropriately.

Research, analyze, and recommend the implementation of software or hardware changes to

rectify any infrastructure security deficiencies or to enhance security performance.

Evaluating security solutions (Firewalls, SSL VPN, IPS, /IDS, Antivirus, Proxies,

Anti Spam, Vulnerability Assessment Scanners) and provide recommendations.

Analyses and documents network security requirements and define security policy

for firewalls and other network control point devices (eg. switches, VPN, routers,

Wireless Access points, etc) and for enterprise client and business critical servers.

EDUCATION

2005 – 2006 Master Degree in Applied Computer Sciences

Institut National des Sciences Appliquees – INSA-Lyon, FRANCE

2001 – 2005 Maitrise in Information Systems Management

Ecole Polytechnique Superieure d’Informatique – EPSIL, LEBANON

PROJECTS

ISO 27001:2013 Compliance & Certification

SOPHOS & Symantec PGP Email, Files & Disk Encryption Implementation

RSA Data Leakage Prevention Implementation

HP/ArcSight & Novell/NetIQ SIEM Implementation

Dell Turnkey Identity & Access Management Implementation

TripWire FIM - File Integrity Monitoring Implementation

PCI-DSS Compliance & Certification

ISO 22301:2012 Compliance & Certification

Turnkey eGRC Framework Solution Implementation

Contact this candidate