Medhat Boulos

Sr. Director Cyber Security

CISA, CRISC

CONTACT

Email: ac8r8e@r.postjobfree.com

Cell: 647-***-****

PROFILE

Detail-oriented, knowledgeable, and competent Information Security architect, risk, compliance, IT audit and governance, qualified years of experience in a fast-growing business intelligence organization with wide-ranging expertise, operations, and project management with strong track record of matrix-managing cross-functional teams that collaborate as a focused unit to achieve aggressive business goals.

A solution driven security leader with more than 15 years of strong business and technical experience in architecture in direct support of strategic business objectives and IT Governance requirements.

Develop strategies to address evolving risk threats and vulnerability to systems and data, and define priorities for improvements to security posture.

Cloud security architect.

Experience in migrating and implementation of multiple applications from on premise to cloud using AWS services.

Training 2018

CISSP

AWS security architect

AWS fundamental

CORE SKILLS

Risk management & framework

PCIDSS, ISO2700x, NIST, COBIT

SIEM, FIM, IPS/IDS

Policies, and Procedures

End point protection, DLP

SDLC, Agile, APP. Controls

Cyber security framework

Access management.

Threat modeling, Vulnerability

Incident Management.

Key cryptography & tokenization

EMPLOYMENT HISTORY

Senior Director Cyber Security and Governance

EQUIFAX April 2018

Responsible for enterprise-wide governance and Information Risk Management

Defined and executed company strategy for attaining PCI DSS, ISO27000 and SOC2 certifications.

Developed Cyber security framework

Improve security architect network and infrastructure.

Work with internal teams to create the migration process of legacy systems to AWS cloud

Developed information security policy.

Define and maintain security architecture framework and processes implement and measure security capabilities aligned with business, technology and threat drivers.

Developed threat modeling and vulnerability management.

Assess applications based on SDLC and OWASP

INFORMATION SECURITY MANAGER

CARDTRONICS August 2014 – March 2018

Developed cyber security strategy, ensuring data integrity, confidentiality and availability of information as well as creating controls on how data is processed by the organization.

Adapted information risk management and developed risk framework.

Manages the identification of Information Security threats and implement remediation.

Ensure compliance with federal and records retention regulation including PCI DSS, ISO2700X, and Soc2.

Design AWS solution to meet company needs and comply with regulations.

Accountable for all enterprise data protection, including information security policy and strategy, vulnerability, incident response, cyber threat intelligence.

Influenced strong, company-wide security culture through awareness program.

Key management cryptography.

Ensuring Disaster Recovery policies and procedures are effective and well observed

Defined corporate information security strategy and guidelines for mergers, acquisitions, and divestitures.

Directed cost-effective process and technology improvements.

INFORMATION SECURITY CONSULTANT January 2014 - August 2014

FORD MOTOR

Assessed, integrated, and optimized security and control architecture.

Reviewed and assessed security compliance through Security controls review practice within the enterprise and with Ford business partners and suppliers.

Maintained an enterprise security, control knowledge base and information store; shared and cascaded security, control knowledge and information as necessary.

Promoted security and control awareness throughout the enterprise. This includes conducting presentations for both the IT department and broader Ford of Canada audience.

Performed risk assessments of infrastructure and applications.

Ensured accurate completion of SOX Application Control and Infrastructure Control documents.

Provided COBIT 5 guidance on security and control policies, processes, and procedures.

CHIEF MANAGER INFORMTION SECURITY July 2007 - June 2013

HSBC

Identified actual and potential risks to the business associated with computer systems.

Implemented COBIT 5 business framework for the governance and management of enterprise IT.

Reviewed existing IT security network and systems architecture and implemented new technology as needed.

Apply PCI DSS regulation in e-payment system “EMV project”.

Enhancement of vulnerability assessment strategy and development of penetration testing strategy.

Threat and Risk Assessments, Penetration Testing and Vulnerability Assessments

Reviewed new or modified programs, including documentation, diagrams, and flow charts, to determine if programs will perform according to user/business requests.

worked with Project Managers to assist in test planning, tracking, completion, developed test cases and test scripts; Integrate IT Audit strategy, policies, procedures and planned with finance and operation auditors.

Performed IT General Control assessment, and GRC.

Evaluated the effectiveness of IT security controls and information systems in supporting business.

Developed Security policies, procedures, and awareness.

AstraZeneca, IS/IT Manager

Deloitte. IT Security Consultant Manager

Nestlé. System Engineer

KPMG, Computer Security & Audit Consultant

Educational Qualification

Computer Science Diploma, American University in Cairo (A.U.C.)

Bachelor of Commerce/ Major in Accounting, Ain Shams University

Computer Information systems Auditor (CISA), ISACA

Certified in risk and Information System Control (RCISC), ISACA

Contact this candidate