Maged Youssef
****-* ****** ***** *****, Brampton, ON L6T 4N5 647-***-**** ac0eop@r.postjobfree.com
OBJECTIVE
To obtain a position in information technology
HIGHLIGHTS OF QUALIFICATIONS
Over 10 years’ experience in information technology with specialization in information security, GRC, IT audit, systems administration and technical support
Experienced in Business Process Re-engineering (BPR) as well as corporate administration development, operations, supply chain and warehousing
Conducted business impact analysis, risk assessment and gap analysis
Skilled in Computer Assisted Audit Technique (CAAT) software packages GAS and ACL
Computer skills in MS Word, Excel, PowerPoint, Visio, Outlook and business applications such as ERP and QuickBooks
Excellent analytical, organizational and problem solving skills
TECHNOLOGIES SUMMARY
Operating Systems : Microsoft Windows Server (2012, 2008R2, 2008, 2003R2, 2003, 2000, NT4)
Mail Servers : Microsoft Exchange (2003, 2007, 2010 and 2013)
Server Hardware : HP ProLiant (DL, ML and Blade Systems), Dell Servers and Dell Blade Systems
Networking : TCP/IP, LAN, WAN, NFS, FTP, DNS, DHCP, HTTP
Anti-Virus : Symantec, McAfee ePO, and ESET Smart Security
Network Products : Cisco switches, routers, firewalls and Dell sonic wall
ERP : JDEdwards
SIEM Management : ArcSight, QRadar
GRC : SOX, NIST, PCI-DSS, Basel II, COBIT5, ITIL, ISO
WORK EXPERIENCE
Operations Project Manager 06/2016 – current
TELoIP INC, Mississauga, ON, Canada (www.teloip.com)
Responsible for planning all operations projects, including budget, resources, managing risks,
Work with the CTO and operations director to verify the scope of each project and to set the schedule and milestone for each one
Responsible for documenting all operations processes and procedures
Ensure that all projects are delivered on-time and within the defined scope and budget and any major changes are followed the change management processes
Report weekly to the CTO the project status report
Create and maintain comprehensive project documentation
Develop innovative approaches to completing work, and effectively resolve problems and issues within the project’s mandate
Resolve project specific issues and challenges in a timely manner
Ensure organizational policies and procedures are adhered to
Information Security Manager 06/2015 – 03/2016
M&Z Technology, Dubai, UAE (www.mnztechnology.com)
Managed information security projects for government and private corporations
Project: PCI-DSS Compliance for Abu Dhabi Islamic Bank (www.adib.ae)
Ensured policies, procedures and documentation were PCI-DSS compliant to maintain PCI certification
Project: IT Audit for Health Care Institute (www.57357.com)
Reviewed management controls of IT Department including systems and applications, information processing facilities, systems development, and client/server, telecommunications, intranets, and extranets
Project: IT Risk & Vulnerability Assessment for Financial Service Institute (www.naeemholding.com)
Conducted IT risk assessment and managed cyber security team
Maged Youssef Page 2 of 3
Information Security Manager 09/2013 – 06/2015
ASDC, Hurghada, Egypt (www.somabay.com)
Ensured CIA of ASDC assets physically and logically
Evaluated design, implementation and monitoring of data classification processes and procedures for alignment with ASDC policies, standards, procedures and applicable external requirements
Conducted annual BIA and annual quantitative and qualitative risk assessment (or when needed)
Reviewed ASDC policies and procedures annually including those for architecture, VPN, security, disaster recovery, guidelines, procurements and service provision
Ensured access permission was assigned on need-to-know basis with least privilege
Developed business cases to support investments in information security
Conducted awareness session for all employees on risks and security in order implement risk culture
Met with all stakeholder assigned to new projects to assess project risks
Worked with CSIRT to perform vulnerability and penetration test of ASDC assets
Performed daily monitoring of network security including patch management, anti-virus, Windows security, password violation and VPN
Evaluated processes and procedures used to store, retrieve, transport and dispose of information assets such as backup media, offsite storage, hard copy, print data and softcopy media to determine whether information assets were adequately safeguarded
Analyzed and quantified various types of continuity risks
Engaged business units in business impact analysis workshops to identify critical business resources and dependencies, determined recovery objectives and established specific requirements for BCP planning
Led business areas through identification and evaluation of strategy options to be pursued in facilitating recovery of critical business functions
Developed, scheduled and conducted business continuity program tests in accordance with preparedness targets in collaboration with business areas
Established, monitored, evaluated and reported KGI, KPI, KRI metrics to provide management with accurate information regarding effectiveness of information security strategy
Implemented process to guide business areas in updating business continuity plans and procedures on basis of change events that impact critical business functions, as well as lessons learned from business continuity testing to meet required RTO and RPO
Monitored ArcSight for anomalous behaviour
IT Audit Manager 01/2011 – 08/2013
ASDC, Hurghada, Egypt (www.somabay.com)
Planned and executed audits in accordance with established standards and within prescribed time, budget and scope parameters
Conducted assessments of IT risks and controls, including general IT controls and automated controls embedded within information systems
Prepared summaries and reports of tests performed, identifying and ranking risk issues
Maintained control calendar of IPS, anti-virus, Microsoft licenses and digital certificates
Reviewed all contracts and SLA to ensure all vendors and ISPs complied with ASDC policies
Ensured SoD for all critical processes
Designed and developed audit plans based on ASDC audit risk based approach
Reviewed audit work completed and prepare audit finding grids and audit reports
Information Security Analyst 01/2007 – 12/2010
ASDC, Hurghada, Egypt (www.somabay.com)
Conducted BIA to determine critical processes and resources
Monitored Cisco routers, switches, firewall, ISA server, IPS and remote VPN
Evaluated processes and procedures used to store, retrieve, transport and dispose of information assets to determine whether information assets were adequately safeguarded
Managed and monitored all computer security
Supported ASDC intranet and DMZ
Established effective relationships with technology partners and program/project managers in multiple businesses
Provided backup support for disaster recovery
Developed business cases to support investments in information security
Reviewed policies and procedures regularly and recommended changes aligned with mission and goals
Maged Youssef Page 3 of 3
System Administrator and Technical Support 01/2001 – 12/2006
ASDC, Hurghada, Egypt (www.somabay.com)
Maintained Active Directory (AD) and Exchange server, inventory of hardware and software products
Monitored and maintained server backups
Maintained Windows Servers (NT/2000/2003), inventory of hardware and software products, as well as more than 200 PCs and 10 Servers (DNS,WSUS, DHCP, Send Mail and FTP, exchange servers)
Designed and implemented company VPN to connect head office and branches
Administrated Microsoft SQL Server 2000
Assisted with on-site and remote technical support; supported users with daily issues
Installed, configured and maintained scanners, tape backups, printers and switches
Repaired desktop PCs including IBM, HP, Compaq, Dell, Copiers, Faxes, Monitors
CERTIFICATIONS
Certified information System Auditor (CISA) 2016
Certified Information Security Manager (CISM) 2015
Control Objectives for Information and Related Technology (COBIT5) 2014
Certified in Risk and Information Systems Control (CRISC) 2014
Certified Sonic Wall Security Administrator (CSSA) 2014
Information Technology Infrastructure Library (ITIL V3) 2014
Certified Ethical Hacking (CEH) 2013
Certified Cisco Firewall Specialist 2009
Certified Cisco Network Association 2008
Micro Soft Certified Professional (MCP) 2003
TRAINING
Business Continuity Management (BLC2000) 2015
ISO 27001 Information Security Lead Auditor 2014
Project Management Professional (PMP) 2012
Certified Information Systems Security Professional (CISSP) 2011
MS Exchange Server 2007 2009
COMPTIA Security+ & Network+ 2008
Microsoft Certified System Engineer (MCSE) Windows 2003 2004
Microsoft Certified System Engineer (MCSE) Windows NT 2001
EDUCATION
Bachelor of Science in Engineering, Benha University 1996
MEMBERSHIP
ISACA Toronto Chapter Ongoing
ISC Toronto Chapter Ongoing
PMI Toronto Chapter Ongoing