Information Security Cyber
Resume:
ISHAQ SIDDIQUI MOHAMMED
Contact: +966-********* Email: ****************@*****.***
ANALYST, CONSULTANT, CYBER & INFORMATION SECURITY
Seeking challenging assignments with an organization of repute across the industry CISM, RSA Archer, CCSP, Cyber Ops, ITIL is highly experienced and qualified in the field of governance, risk, and compliance
(GRC), enterprise risk management (ERM), CISM, CISA, CCSP, cyber operations, ITIL. In the last 9 years, I have specialized in Patch Management, Vulnerability Assessments, Penetration Testing, Auditing, Governance, Risk, and Compliance (GRC). PROFESSIONAL EXPERIENCE:
Al Ittefaq Steel Products Co. (Al Tuwairqi Group, Dammam KSA) Cyber Security Analyst (SV) May 2023 - Till date
• Assures the security of the manufacturing plant's IIoT/IoT security, as well as the company's IT infrastructure.
• Plan, develop, and implement a cyber security policy, procedure, and ensure it is effective.
• Developed and implemented security controls for the overall IT infrastructure and industrial control system ICS/OT
(e.g., SCADA, PLC, DCS, HMI, etc.)
• Security controls implemented in accordance with NCA, NIST, and ISO 27001 guidelines.
• Establishing and implementing a Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP)
• Use vulnerability assessment tools (Tanble.io, Rapid 7, MS Sentinel) to assess the vulnerability of enterprise-wide systems, including PAAS, IAAS, and other cloud-based services.
• Manage all incidents in accordance with a well-documented procedure.
• Investigate suspicious/phishing emails thoroughly and take appropriate action.
• Prevent SPAM, phishing, and impersonation emails by implementing email security tools (Office 365, DarkTrace, and Mimecast).
• Regularly monitoring and reviewing logs, alerts, and incident events in order to prevent the spread of Ransomware, malicious software, and viruses within IT infrastructure assets.
• Responsible for the administration and operations of AWS Azure Identity and Access Management (PAM) and privileged user access (PAM)
• User rights and security associated with Management (IAM) and SAP (ERP)
• Assess the risk profile of the IT infrastructure and ICS/OT plant environment company wide.
• Migration to SAP HANA and development of a comprehensive assessment of cloud security risks
• Deliver periodic awareness sessions to all users regarding SPAM/Phishing, ransomware identification, complex password management, and a clean desk policy (CDP).
• Summary of critical risks and vulnerabilities that could lead to exploitation and damage to reputation is reported to the steering committee and board members.
International Maritime Industries (Aramco, Lamprell, Bahri, HHI) (Naizak Global Engineering System (Contractor)) Information Security Analyst July 2018 - April 2023
• ERM identifies: the internal environment, objective setting, event identification, risk assessment, risk response, control activities, information & communication, and monitoring.
• ERM Framework: Business Strategy and Risk Response, Risk Appetite, Governance, Policies/Procedures, Enterprise, Risk Management Infrastructure, Internal Controls, Evaluation of Risk Programs and Risk Response.
• Responsible for working in an information security operation center.
• Systems and software vulnerabilities are identified, evaluated, treated, and reported as part of vulnerability management.
• A patch management system enables the acquisition, testing, and installation of multiple patches (code changes) for existing applications and software tools on computer systems in order to keep them up to date.
• Mitigation and handling of security incidents.
• Manage all incidents in accordance with a well-documented procedure.
• Investigate suspicious/phishing emails thoroughly and take appropriate action.
• To ensure that appropriate policies, standards, and guidelines are in place in order to mandate the level of protection necessary for the organization & to meet security requirements.
• Develop Information Security strategies and roadmaps in order to improve maturity levels and align Information Security capabilities with the organization's business goals and objectives.
• Enhancing the security of IT infrastructure by improving, installing, upgrading, and managing intrusion detection systems, endpoint protection, and Internet protection, as well as performing vulnerability assessments and patch management.
• Monitor and handle incidents in a proactive manner, document, and report weekly to management the activities of the SOC executive.
• By utilizing RSA Archer, performing risk assessments on applications, systems, and assets as and when necessary
• Contributing to the development of cyber awareness programs on behalf of the team.
• Contribute to the management of vendor risk in accordance with NIST/ISO 27001 standards and guidelines.
• The implementation of all KSA National Cybersecurity Controls and ensuring they are in place. AGFUND (Arab Gulf Programme for Development) (Riyadh) Senior Network Security December 17 - June 2018
• Member of the technology professional services team with responsibilities and duties that include, but are not limited to, Architects and maintains network security and network systems, including LAN/WAN, VPNs, IPSECs, and firewalls.
• Supported AGFUND branches with on-call support for their network systems and infrastructure.
• Security solutions and standards are developed by engineers based on requirements, best practices, and technical knowledge.
• Analysis and recommendations regarding the evolution and enhancement of enterprise network security are provided.
• Plans and executes network security and engineering activities.
• Supports the implementation and deployment of data and network security projects through comprehensive POC (Proof of Concept), change management, and ongoing maintenance activities.
• Assesses and resolves network problems by diagnosing, isolating, and resolving them. Determines the root cause of the problem and documents it.
• Ensures the implementation of network security strategies and procedures. Conducts an evaluation of current network security systems. Make sure that the change control processes are followed and that standards are adhered to.
• Guidance and training are provided to team members, including Network Engineers, and potential solutions are suggested.
• Ensure that Symantec End Point Security SEP is implemented on all AGFUND endpoints and servers (HQ and branches).
• Actively participate in and participate in network and security audits both externally and internally. Ministry of Interior (Eastern Province) IT and Network security January 17 - November 17
• Lead technical engineer on Cisco ASA and Palo Alto firewall environments.
• Creating policies for AD users on Bluecoat proxy servers.
• Ensure that Cisco Prime and Cisco ISE logs and users are maintained.
• Monitoring and configuration of the McAfee antivirus for anti-malware.
• Maintaining and managing the email security for Inter-scan messaging
• Policy and procedure development and implementation for ISO 27001 Softline Solutions IT and Network Security January 14 - June 16
• Assuring that Client FocuSafe's security and services are maintained in a complete network security environment.
• Providing VPN services to different departments.
• Responsible for the maintenance and upgrade of Cisco's network security
• Configuration of basic ASA security levels for both the inside and outside networks
• FortiGate 300D NAT and PAT policy configuration
PROFILE:
• Maintenance, Troubleshooting, Support of Information Security Systems and Security Management; currently spearheaded as Cyber Security Analyst with Al Ittefaq Steel Products Co. (Al Tuwairqi Group, Dammam KSA) Extensive knowledge of network security and cybersecurity technologies.
• Demonstrated a strong ability to solve problems, analyze problems, troubleshoot, and resolve problems quickly and completely. Capable of mapping client requirements, designing custom solutions, and troubleshooting problems relating to complex networking systems.
• Competencies in structuring customized hardware and networking solutions to meet a customer's specific needs. A leader capable of motivating and guiding technical and application support teams, as well as achieving deadlines.
• A visionary planner and key decision maker capable of collaborating successfully with cross-functional teams and deploying technology to achieve success.
• Capacity to hunt for and exploit security loopholes in IT infrastructure and ensure its protection.
• In addition to auditing, managing, monitoring, and assessing an organization's information technology systems, a Certified Information Security Manager also provides consulting services.
• Over the past 9 years, I have achieved an impressive level of success in the configuration and installation of IT systems, which includes defining and maintaining an enterprise vision, strategy, and program to ensure the security of information assets and technologies.
• Implemented, monitored, audited, and assessed the Information System and Information Security policies and processes in order to maintain PCI DSS, GDPR, ISO Standards, NIST Standards, the Computer Emergency Response Team (CERT), the Communications and Information Technology Commission (CITC), and the National Cybersecurity Authority (NCA).
• Experience in conducting security risk assessments, risk management, business impact analyses, business continuity and disaster recovery assessments, vulnerability assessments, information system and security audits, and the development and implementation of security policies.
• Demonstrated excellence in the design and development of infrastructure as well as ensuring that IT systems and applications within the organization are managed and maintained in accordance with documented processes, procedures, guidelines, and instructions.
• Expertise in analyzing information system needs, evaluating end-user requirements, customizing solutions, and troubleshooting complex information systems management issues.
• The demonstrated excellence in information technology and security, security operations, strategic planning, customer service, and project management has contributed significantly to the achievement of key corporate objectives through immediate and long-term technology solutions.
• Drive non-critical applications to the cloud wherever possible in order to reduce costs and improve performance & uptime.
• Performed detailed technical analysis of all systems, including Governance Framework, Architecture, Disaster Recovery and Business Continuity, Gap Analysis and Recommendations, and attained 99% uptime.
• Assisted in the management of complex analytical functions by conducting security assessments and ethical hacks of sensitive applications that are at high risk.
• A policy compliance scan is conducted to verify policy compliance and to review the report.
• Software Applications, Databases, Networks, Data Security, and IT Frameworks are all included in an Information Systems audit, and remediation is facilitated with compliance with PCI DSS Standards, NIST Standards, the Computer Emergency Response Team (CERT), the Communications and Information Technology Commission (CITC), and the National Cybersecurity Authority (NCA).
• A thorough evaluation and examination of offences reported by Event Management Systems, Intrusion Detection Systems, or users was conducted in order to determine their severity, criticality, and impact, as well as formulate remediation actions in order to mitigate the issues.
• Supported and administered the Hardware and Software Systems in order to ensure that business operations continued uninterrupted.
• The management, maintenance, and support of physical and virtual IT environments and the enhancement of those environments with new and enhanced services
• Documentation of technical documents such as Policies and Procedures, Troubleshooting Modules, Application Standards, Threat Prevention Manuals, Audit Reports, Penetration Testing Reports, Incident Response Reports, Business Continuity and Disaster Recovery Plans.
• .
Core Competencies:
IT Governance Governance, Risk & Compliance Management IT Management IT Security Management & IT Audits Information Assets Protection Security Management IT Systems Operation IT Systems & Software Development Penetration Testing Team Management Cross-functional Coordination Security Operation Center Vulnerability Assessment & Management Project Management & Execution IT Advisory / Consulting Stakeholder Management & Engagement Patch Management Enterprise risk management (ERM) Risk assessments Gap assessments. EDUCATIONAL CREDENTIALS:
Master of Technology (Computer Science and Engineering) Jawaharlal Nehru Technological University. India Bachelor of Technology (Information Technology) Jawaharlal Nehru Technological University. India CERTIFICATION:
Certified Information Security Manager (CISM): 1948387 Certified Information Systems Auditor (CISA)
Cisco ID Certifications: CSCO12906618
ITIL Foundation Certificate in IT Service Management Archer Certified Administrator – Specialist
• CCNA Certified (200-120) - Cisco Certified Network Associate Exam
• CCNA Security (210-260) - Implementing Cisco Network Security
• CCNP Security (300-206) - Implementing Cisco Edge Network Security Solutions
• CCNP Security (300-207) - Implementing Cisco Threat Control Solutions
• CCNP Security (300-208) - Implementing Cisco Secure Access Solutions
• CCNP Security (300-209) - Implementing Cisco Secure Mobility Solutions
• CCNA Cyber Ops (210-250 SECFND) - Understanding Cisco Cybersecurity Fundamentals
• CCNA Cyber Ops (210-255 SECOPS) - Implementing Cisco Cybersecurity Operations
• CCIE Security (350-018) - CCIE Security written
• Blue Coat (BCCAS-1.3-45217) - Content Analysis System v1.3
• Splunk Core Certified Power User
• Palo Alto Networks Certified Network Security Engineer
• Enterprise risk management (ERM)
Status: Married (3 dependents)
Driving License: Yes (KSA, India)
Languages Known: English, Hindi, Urdu, and Arabic
References: Available on request
Iqama: Transferable
Contact this candidate