Manager Security
Resume:
Mr. IMAD NASR Resume
ab9m6b@r.postjobfree.com Address: 292F Dalehurst Dr
Tel: +1-613-***-**** Ottawa-ON K2G 4E4
Willing to Relocate: YES Canada
GENERAL EXPERIENCE
IT OPERATIONS MANAGER
M1 GROUP LIBAN POST (National Postal & Logistics Services Company)
JUNE 2012 – MARCH 2013 (BEIRUT LEBANON)
NETWORK & INFORMATION SECURITY MANAGER
SECUVERSE SECOR SARL (Information Security Professional Services Company)
JUNE 2011 – MAY 2012 (BEIRUT LEBANON)
HEAD OF IT – NETWORK & INFORMATION SECURITY DEPARTMENT
ABU DHABI FUTURE ENERGY COMPANY MASDAR
FEB 2009 – FEB 2011 (ABU DHABI UNITED ARAB EMIRATES)
INFORMATION SECURITY CONSULTANT
FREELANCER CONTRACTOR
MARCH 2004 – JAN 2009 (OTTAWA ON CA)
HEAD OF IT – NETWORK & INFORMATION SECURITY DEPARTMENT
ABU DHABI GAS INDUSTRIES GASCO
SEP 2001 – FEB 2004 (ABU DHABI UNITED ARAB EMIRATES)
SENIOR NETWORK ENGINEER
B.T.C NETWORKS (INFORMATION TECHNOLOGY INTEGRATOR COMPANY)
OCT 1997 – AUG 2001 (SAUDI ARABIA)
FUNCTIONAL EXPERIENCE
HIGH LEVEL MANAGEMENT FUNCTIONS:
Oversee the development and maintenance of the IT strategic plan and oversight of IT performance.
•
Attend the IT steering committee meeting and present the IT operational five years business plan, annual
•
procurement plan, Key initiatives and get proper support and approvals.
Manage department activities, staff assignments, computer operations and data network activities for the
•
purpose of providing services to other divisions, outside agencies, and organizations while meeting department
objectives.
Coordinates the preparation of bid specifications for required purchases (e.g. computers, routers, software
•
(email, firewall, and backup) and a variety of parts, supplies, etc.) for the purpose of maintaining availability of
required items and completing jobs efficiently.
Develop and maintain proper vendor management process including service level agreements, maintenance
•
agreements and support agreements and monitors their services and performance
Approve and monitor major projects, IT budgets, priorities, standards, procedures, and overall IT Operations
•
KPIs.
Maintain and effective and strict change management system and adhere to all ITIL processes.
•
Communicate with internal clients to identify needs and evaluate alternative business solutions
•
Held regular status meetings with team. Initiates and implements improvements in all areas of IT operations.
•
Identifies and provides standards for gathering information for use in trend analysis (Gartner, E&Y) and reports
•
Information to management.
Conducts quarterly and yearly performance evaluations for all IT Operations Staff.
•
Develop a Disaster recovery plan\Business continuity plans and conduct yearly drills to assure service availability
•
and recovery.
Develop Risk management plans based on ISO27001 standard and integrate it in the Statement of applicability
•
SOA structure.
Coordinate all the Security audit activities with the external Audit firms and with the internal audit department.
•
ESSENTIAL FUNCTIONS(NETWORK & INFORMATION SECURITY)
Complete Design and Hands on installation and configuration of computer networks, physical and logical
•
network infrastructures (e.g. Internet Perimeters, Intranet, LAN, WAN, VPN Network,DR Network,Domain
Tree along with installation and configuration of Core/Edge Routers,L2/L3 Access layer & Backbone core
Switches, VLANS, Wireless Access Points and controllers, VOIP Gateways and IP Phones,WAN links
configuration based on MPLS,IPVPN,Framerelay,ATM clouds,ISDN,T1/E1 & lease lines .
Design and Hands on installation of computer hardware, and/or software applications (e.g. File & Print servers,
•
application &WEB servers, SQL Database, proxy servers, Windows operating systems and Server OS, Active
Directory Domain Controllers, Tree and Child Domains etc.)
Manage and design the server farm architecture including load balancing, clustering, storage, RAID, Backups
•
(incremental/Differential/Full) & Archiving plan along with recovery sites (Hot/Warm/cold) preparations and
testing.
Study, recommend and advise on the implementation of Cloud computing (SAAS, PAAS, and IAAS) and
•
highlights all concerns compared to private clouds and all related security issues and compliance with laws and
regulations.
Prepares written materials (e.g. procedures, drawings, budget requests, reports, memos, letters, etc.) for the
•
purpose of documenting activities, providing written reference and/or conveying information.
Complete design and Hands on configuration and implementation of all security devices including
•
Cisco/Juniper/Watch guard and Fortinet Firewalls,Gateways,Intrusion detection prevention system, base lining
all security devices,configuring all access lists,zones,DMZ,NAT,PAT,signatures updates and all other technical
functions related to those products.
Install and configure Host Anti Virus solutions,Anti Spywares,Host and network intrusion prevention systems,
•
NetIQ and Solar wind Security information incident & event management SIEM,Microsoft SCCM,MS
SCOM,WSUS,ISA/ITG,forefront security systems, NETIQ & Solar wind Patch Management system and Network
monitoring tools.
Configure, site to site and client to site VPN tunnels with authentication using RADIUS/Tacacs, RSA/PKI and
•
authorization using AD profile or SSL Gateways Built in profiles and NAC for security admission or built in SSL
appliance security baseline security checklist for admission control.
Perform an external Security Scanning pen test/ethical hacking test assessment and internal vulnerability tests
•
using various tools ( Nessus,NMAP, Acunetix Web scanner, Backtrack 5,GFI
languard,Netstumbler,inSSIDer,angry ip scanner, advance ip scanner,SQLrecon,Oracle security suite,wikto web
scanner,,etc)
Maintain, formalize and publish all information security standards, procedures, and guidelines, including
•
monitoring and reviewing compliance procedures.
Coordinates with IT team members, vendors, contractors and consultants to build and promote a security
•
program in compliance to industries security standards.
Conduct investigations and remediation of suspected information security incidents.
•
Report to senior management all actual and potential IT violation/risks and recommend appropriate solutions
•
to eliminate or minimize their potential effects.
Conduct awareness and welcome programs to all new comers in coordination with HR Department.
•
Establish information security policies and standards including SOPs (standard operating procedures), ISMS
•
specific policies and other ISO27K compliant security policies such as (Access control policy, Risk management
procedure, helpdesk & incident management procedure,ISMS Security Policy, InfoSec policy statement, InfoSec
end user manual etc).
Review information security policies and standards including SOPs (standard operating procedures), ISMS
•
specific policies and other ISO27K compliant security policies to keep it all updated as required by the ISMS.
Test some Key performance indicators KPIs for the security Departments and measure their compliance rate.
•
EDUCATION / TRAINING
Bachelor of Telecommunication and Electronic Engineering – Beirut Arab University – Beirut, Lebanon – 1997
Lebanese BACC2 Certificate Scientific Section Shouf National College – Lebanon – 1992
Cisco product line technical trainings
Juniper and RSA authenticators trainings
Two project management certified training
Four leadership and team work training
Mcafee Products Certified Trainings
Four Team Building certified trainings
Have Completed CISM(certified information Security Manager) training camp
Have Completed an Ethical hacking certification course
MEMBERSHIPS
Information Systems Audit and Control Association (ISACA) - Member since 2005
Lebanese Engineering Committee - Member since 1998
CERTIFICATES
Have completed Nortel Networks certified support specialist NNCSS
Have completed Nortel Network certified account specialist NNCAS
Have completed Nortel Networks certified Design specialist NNCDS
Have completed Cisco Certified Network Associate (CCNA)
Have completed Cisco Certified Network professional (CCNP)
Have completed Extreme Network certified specialist ENS
Have Completed ITIL Foundation certificate
IS STANDARDIZATION EXPERIENCE
Extensive experience in ISO 27001 Standard
Excellent experience in PCI DSS
TECHNOLOGIES EXPERIENCE
Microsoft windows products(WSUS,SCCM,SCOM, XP,AD,2K,2K3,2K8,ISA\ITG and Office Apps)
HP OV and HP change management suite Including HP Service Center, HP Change Control Management, and
HP Universal CMDB
Mcafee products (FoundStone Risk management, AV,Safeboot encryption,EPO,Foundstone)
Cisco systems product line(Firewalls PIX ASA,Routers, Switches,MARS Log Mgmt,ACS,CSM,NAC & wireless
aironet
Nortel Networks products( Passport series, Switches and Routers)
Utimaco Sofos Encryption suite & Movable media devices control applications.
RSA SID appliances and Authentications Tokens
VASCO IDK and Token series
Oracle ERP Security Suite & IDAM(Identity & Access management solution)
Web sense product (WSG,Triton and content filtering Solutions)
Solar winds & GFI products(SIEM Security information and event management systems)
Bluecoat SG proxy appliances: Deep experience in Bluecoat ProxySG appliance 6000,8000 and 800-x series
Fortinet product line(Fortigate UTMs & Appliances with IDPs including NIDS & HIDS)
Exinda Traffic Management solution, ALteon L4-L7 switches, Kaspersky Antivirus systems,,GFI LanGuard
solutions with Vulnerability management and remediation systems, AD Manager Plus, NetIQ security manager
and Policy manager.
Security Scanning & VA tools( Nessus,NMAP, Acunetix Web scanner, Backtrack 5,GFI languard,,,etc)
HOBBIES
Swimming, Following IT security updates,travelling, cars
LANGUAGES
English & Arabic – Fluent (R-W-S)
Contact this candidate