Senior Information Security Consultant
Resume:
Muhammed Adeel
Riyadh - Kingdom of Saudi Arabia
Voice: +966.56.5162352
Email: *************@*****.***
Brief Description
Experienced, Progressive and Innovative Support Professional with more than 16 years of diversified experience in large scale network operations, network & systems security; IT Audit; Risk Assessment; GAP Analysis; Vulnerability Assessments; business impact analysis; regulatory adherence; data integrity/recovery; disaster recovery planning; contingency planning; and or working in collaboration with (external) 3rd party IS auditing companies.
PROFESSIONAL EXPERIENCE
National Water Company - Riyadh, Kingdom of Saudi Arabia
July 2015 – Present Senior Information Security Consultant.
Responsibilities:
Ability to align business continuity to IT Information Security & transform strategic initiatives into actionable set of processes & controls.
Undertaking of enterprise-wide information security & risk strategy & framework.
Perform security & risk assessment (qualitative & quantitative) & assess the effectiveness of existing policies & controls. & recommend remediation/measures.
Drive the life cycle of identification, prioritization, & remediation of risks & vulnerabilities.
Provide & execute effective incident-handling process i.e., preparation, detection, prioritize, analysis, response, recovery, etc…
Provide consulting services including SIEM system architecture, design, implementation, system integration & troubleshooting to ensure successful solution delivery.
Implementation & maintenance of best practices such as ISO 27001.
Provide Subject Matter Expertise (SME) to IT & business with regarding Risk Assessment, Identity & Access Management, Security Operations Center (SOC).
Work as a mentoring capacity to enhance the security skills of the employees & assist in developing security awareness program/campaign.
Conduct IT & Risk audit, Gap Analysis for security solutions & processes.
Developing adequate Policy, standards, & guidelines.
Research, develop, & use tools, techniques, & process improvements in support of security & risk analysis; in accordance with current & emerging threats.
Itqan Capital - Jeddah, Kingdom of Saudi Arabia
May 2008 – July 2015 Assistant Manager – Information Technology.
Position Objective: Responsible to build/implement a company-wide information security strategy and vision. Oversee the creation and maintenance of IT security policy, security risk assessment to identify and evaluate all critical systems. Design and implement security processes and procedures. Also advises and collaborates with group units on business continuity and disaster recovery plans, and audit practices. Collaborate with external auditors to conduct in-depth compliance audits and penetration testing, presenting all results to senior executive management.
Muhammed Adeel – Continued Page 2
Develop curricula and facilitate security awareness training for staff. Responsible for the overall direction, coordination, implementation, execution, control and completion of specific projects ensuring consistency with company strategy, commitments and goals. Safeguard data processing operations by identifying potential problem areas and single points of failure that may result in interruptions to critical data processing operations. Develop and implement Disaster Recovery, Data Sensitivity, Library Management, Back-up and Recovery, and Disaster Recovery Plans and Procedures.
Responsibilities:
A)Assistant Manager:
Successfully migrated corporate email server from legacy version to Exchange 2010 and configured high availability using DAG.
Responsible for migrating the corporate emails and active directory to the cloud using office 365.
Administration and support of ERP system to the satisfaction of users, through direct support and/or escalation of problems to vendor. This includes patches, upgrades and enhancements.
Examine, validate & prioritize new application requests, change requests from users in agreement with business & IT side.
Liaise and supervise the validation of user testing on new IT systems and enhancement with the business users.
Perform backup of corporate central data on daily, weekly, monthly and yearly basis as per policy.
Configure firewalls and tune its traffic to minimum required and by applying best practices of security.
Troubleshoot networks, systems and applications to identify and correct malfunctions and other operational difficulties.
Maximize & optimize the use of network resources.
B)Information Security Officer:
Manage the development and implementation of overall IT security and other policies, standards, guidelines and procedures to ensure ongoing maintenance of security.
Demonstrated capacity to implement innovative security programs that drive awareness, decrease exposure, and strengthen organization.
An information protection responsibility includes network security architecture, monitoring network access, rights/privileges in financial applications reviewing logs and access rules etc.
Oversee incident response planning as well as the investigation of security breaches, and assist with regulatory (CMA) matters associated with such breaches as necessary.
Conduct penetration testing and vulnerability assessments periodically.
Conduct regular internal security audits of systems and software to ensure compliance with all security controls defined in company policies and Tadawul /CMA security and E-trading requirements and report results to executive management.
Work with outside consultants as appropriate for independent security audits.
Responsibility of designing and implementing corrective actions to resolve any security threats.
Muhammed Adeel – Continued Page 3
Conduct & manage comprehensive IT risk assessment including identifying and documenting controls, creating detailed process flows, identifying potential gaps and/or inconsistencies and making sound recommendations for improvement and/or mitigation.
Ensuring by continuous auditing that controls are sufficiently protecting business risk, through Risk & Control framework.
Ensure that baselines for servers and workstations are effective and applied to avoid any security threats.
Managing the day to day IT risk activities and advising IT on the possible technology risks areas
Review third party technology vendors and contracts to ensure appropriate controls are in place and functioning effectively
Conduct risk assessment for IT projects and application selection.
Logs review including Antivirus definition updates, IPS/IDS alters, users activity logging, servers & services logs, internet bandwidth usage, proxy server reports, monitoring network connectivity, password changes activity, backup logs, physical access logs, user creation / deletion logs, patching status, active directory reports, open ports and other vulnerability assessment reports, system accounts, Firewall rules & Business continuity planning and disaster recovery exercise outcome etc.
C)Project Management:
Assisting in all stages of system selection project including detailed requirements definition, evaluation system architecture, proof of concept exercise, testing and co-ordination between business units and vendors etc.
Working with Project Managers in all aspects of project management / project documentation / liaising with the vendor and keeping track of all outstanding issues and their resolution.
Manage to gather business requirements for Finance, Assets Management, Custody and other business operations.
Manages day-to-day operational aspects of a project and scope.
Maintain and ensure project documentations are complete, current, and stored appropriately.
Facilitates project team and vendor meetings effectively.
Coordinating the various components which contribute to the project as a whole to ensure they are being delivered on time; ensuring that deadlines are met; and updating staff and keeping all interested parties in the project informed of progress and any issues which may arise.
Gathering user requirements and help preparing the workflows.
Follow-up on outstanding issues.
Maintaining control and ownership of system integration and user testing.
Providing ongoing system support to all the users in all aspect of the system.
D)Business Continuity Planning:
Developed and maintained company-wide business continuity program that addresses disaster recovery, business recovery and emergency response management.
Produce and update BCP/DR materials and documentation for e.g. plans, emergency response procedures, call lists, test results etc.
Plan and coordinate all business continuity technical and user testing.
Work closely with IT to develop / maintain disaster recovery plans for critical systems and applications and to ensure that internal recovery sites are updated and functioning properly.
Muhammed Adeel – Continued Page 4
Perform risk analyses for functional area to identify points of vulnerability, single points of failure and identify risk avoidance and mitigation strategies.
Analyze and report on implications of regulatory requirements on BCP/DR programs.
Johnson Controls, Al-Salem YORK JV - Jeddah, Kingdom of Saudi Arabia
March 2008 – April 2008 Systems Administrator
Position Objective: Responsible for installing, supporting, and maintaining servers or other computer systems, and planning for and responding to service outages and other problems. Other duties may include project management for systems-related projects, supervising or training computer operators, and being the consultant for computer problems beyond the knowledge of technical support staff.
Responsibilities:
Design and implemented information security, internet and email usage policies.
Installation and administration of WSUS, Antivirus (server based), Web, SharePoint and VPN servers etc.
Installation and administration of Exchange front end and back end servers.
Installation and administration of ISA Server and creating its filter and access rules etc.
Applying operating system updates, patches, and configuration changes.
Administration of Active Directory to add, remove or update user account information and resetting passwords, etc.
Answering technical queries and troubleshoot any reported problems.
Managed documentation the configuration of the network and systems.
Ensure network infrastructure availability.
Faysal Bank Limited, Head Office - Karachi, Pakistan
July 2004 – November 2007 Information Technology Officer
Responsibilities:
Managed a 15-members technical support department as a whole.
Administration of Exchange Server 2003 & ISA Server 2004.
Implemented Security using Security Configuration and Analysis tool.
Checking security holes on daily basis using network security scanner.
Installed and configured SUS Server to automate the process of updating client computers on network for updates and security patches.
Implemented IPSec policies and IP Filter Rules to provide additional security on network.
Configured VPN Servers for remote connections.
Providing desktop and network support to 90 branches of Bank including Head Office.
Managing inventory of Head Office and all branches of Bank.
Managing and procurement of new PCs and other IT equipment requirements from all over branches.
Installation of Servers and PCs.
Muhammed Adeel – Continued Page 5
Scancom Technologies - Karachi, Pakistan
May 2003 – June 2004 Systems Engineer
Responsibilities:
Installation, Configuration and Administration of Windows NT 4.0 and Server 2000.
Troubleshooting TCP/IP related configuration problems
Managed Exchange Server 2000.
Define Backup procedures for network environment in general.
Troubleshoot in-house network and customer premise based problems.
Manage Hardware/Software/OS installation and Support.
Configure DD Link (Router) (WAN Connectivity 128 K).
Complete Setup and Configuration of Internet and E-Mail for LAN Environment through router.
Provide Internet Sharing to all LAN users using Microsoft Proxy Server, ISA Server and Win Route.
Performing Windows NT/Server 2000 domain administration for users administration.
Anum Computers International - Karachi, Pakistan
May 2000 – April 2003 Hardware/Network Engineer
Responsibilities:
Provided complete Computer Hardware solution to Clients.
Assembled PCs, Installing Operating System and required software’s.
Troubleshooting of Software/Hardware/IRQ/Driver-conflict related problems.
Troubleshoot and/or Configure local LAN for Internet Sharing.
Noor College of Professional Education - Karachi, Pakistan
Nov 1999 – April 2000 Network Lab Assistant (Part Time)
Job description included to:
Maintain MCSE/MCSD/MCDBA Computer Lab.
Conduct practical/hands-on classes in lab.
Helped network students in their practical/hands-on projects.
EDUCATION
ACADEMIC:
Pursuing for Masters in Information Systems Management from University of Salford, Manchester – UK.
Bachelor in Commerce from Karachi University in 2001.
Intermediate from Karachi Board in 1998.
Matriculation from Karachi Board in 1996.
Muhammed Adeel – Continued Page 6
CERTIFICATIONS
ISACA:
CISA (Certified Information Systems Auditor)
CRISC (Certified in Risk and Information Systems Control)
ISO:
ISO 27001 LA (ISO 27001 Lead Auditor)
IIA:
CICA (Certified Internal Controls Auditor)
MICROSOFT:
MCP (Microsoft Certified Professional)
MCP+I (Microsoft Certified Professional + Internet)
MCSE (Microsoft Certified Systems Engineer)
MCSE+I (Microsoft Certified Systems Engineer + Internet)
MCDBA (Microsoft Certified Database Administrator)
MCTS (Microsoft Certified Technology Specialist in Windows Server 2008 Active Directory Configuration)
CISCO:
CCNA (Cisco Certified Network Associate)
Security Certified Program (SCP):
SCNS (Security Certified Network Specialist)
IBM:
IBM Certified Associate System Administrator Lotus Notes and Domino 6/6.5
EC-COUNCIL:
CEH (Certified Ethical Hacker v4)
Personal Information
Father Name : Shakil Ahmed
Date of Birth : May 30th 1981
Nationality : Pakistani
Religion : Islam
Marital Status : Married
Address : Salahuddin Ayubi Road, Riyadh, KSA
Cell : +966-**-*******
Email : *************@*****.***
Iqama Status : Transferable
Contact this candidate