Medhat Boulos
Sr. Director Cyber Security
CISA, CRISC
CONTACT
Email: ac8r8e@r.postjobfree.com
Cell: 647-***-****
PROFILE
Detail-oriented, knowledgeable, and competent Information Security architect, risk, compliance, IT audit and governance, qualified years of experience in a fast-growing business intelligence organization with wide-ranging expertise, operations, and project management with strong track record of matrix-managing cross-functional teams that collaborate as a focused unit to achieve aggressive business goals.
A solution driven security leader with more than 15 years of strong business and technical experience in architecture in direct support of strategic business objectives and IT Governance requirements.
Develop strategies to address evolving risk threats and vulnerability to systems and data, and define priorities for improvements to security posture.
Cloud security architect.
Experience in migrating and implementation of multiple applications from on premise to cloud using AWS services.
Training 2018
CISSP
AWS security architect
AWS fundamental
CORE SKILLS
Risk management & framework
PCIDSS, ISO2700x, NIST, COBIT
SIEM, FIM, IPS/IDS
Policies, and Procedures
End point protection, DLP
SDLC, Agile, APP. Controls
Cyber security framework
Access management.
Threat modeling, Vulnerability
Incident Management.
Key cryptography & tokenization
EMPLOYMENT HISTORY
Senior Director Cyber Security and Governance
EQUIFAX April 2018
Responsible for enterprise-wide governance and Information Risk Management
Defined and executed company strategy for attaining PCI DSS, ISO27000 and SOC2 certifications.
Developed Cyber security framework
Improve security architect network and infrastructure.
Work with internal teams to create the migration process of legacy systems to AWS cloud
Developed information security policy.
Define and maintain security architecture framework and processes implement and measure security capabilities aligned with business, technology and threat drivers.
Developed threat modeling and vulnerability management.
Assess applications based on SDLC and OWASP
INFORMATION SECURITY MANAGER
CARDTRONICS August 2014 – March 2018
Developed cyber security strategy, ensuring data integrity, confidentiality and availability of information as well as creating controls on how data is processed by the organization.
Adapted information risk management and developed risk framework.
Manages the identification of Information Security threats and implement remediation.
Ensure compliance with federal and records retention regulation including PCI DSS, ISO2700X, and Soc2.
Design AWS solution to meet company needs and comply with regulations.
Accountable for all enterprise data protection, including information security policy and strategy, vulnerability, incident response, cyber threat intelligence.
Influenced strong, company-wide security culture through awareness program.
Key management cryptography.
Ensuring Disaster Recovery policies and procedures are effective and well observed
Defined corporate information security strategy and guidelines for mergers, acquisitions, and divestitures.
Directed cost-effective process and technology improvements.
INFORMATION SECURITY CONSULTANT January 2014 - August 2014
FORD MOTOR
Assessed, integrated, and optimized security and control architecture.
Reviewed and assessed security compliance through Security controls review practice within the enterprise and with Ford business partners and suppliers.
Maintained an enterprise security, control knowledge base and information store; shared and cascaded security, control knowledge and information as necessary.
Promoted security and control awareness throughout the enterprise. This includes conducting presentations for both the IT department and broader Ford of Canada audience.
Performed risk assessments of infrastructure and applications.
Ensured accurate completion of SOX Application Control and Infrastructure Control documents.
Provided COBIT 5 guidance on security and control policies, processes, and procedures.
CHIEF MANAGER INFORMTION SECURITY July 2007 - June 2013
HSBC
Identified actual and potential risks to the business associated with computer systems.
Implemented COBIT 5 business framework for the governance and management of enterprise IT.
Reviewed existing IT security network and systems architecture and implemented new technology as needed.
Apply PCI DSS regulation in e-payment system “EMV project”.
Enhancement of vulnerability assessment strategy and development of penetration testing strategy.
Threat and Risk Assessments, Penetration Testing and Vulnerability Assessments
Reviewed new or modified programs, including documentation, diagrams, and flow charts, to determine if programs will perform according to user/business requests.
worked with Project Managers to assist in test planning, tracking, completion, developed test cases and test scripts; Integrate IT Audit strategy, policies, procedures and planned with finance and operation auditors.
Performed IT General Control assessment, and GRC.
Evaluated the effectiveness of IT security controls and information systems in supporting business.
Developed Security policies, procedures, and awareness.
AstraZeneca, IS/IT Manager
Deloitte. IT Security Consultant Manager
Nestlé. System Engineer
KPMG, Computer Security & Audit Consultant
Educational Qualification
Computer Science Diploma, American University in Cairo (A.U.C.)
Bachelor of Commerce/ Major in Accounting, Ain Shams University
Computer Information systems Auditor (CISA), ISACA
Certified in risk and Information System Control (RCISC), ISACA