IT GRC
Resume:
MOUNIR REKIK
Route Sidi Mansour,
km *.* Rue Ile Chekly. 3061 Sfax –Tunisia
adao1q@r.postjobfree.com
linkedin.com/in/mounir-r-05425768/
Summary
As an Information Technology professional with a long years of experience in IT security, GRC and audit, I demonstrated expertise in implementing, maintaining and auditing IT security Governance frameworks, managing IT security risk and applying controls to protect the information assets.
Certifications
Certified Information System Auditor (CISA), ISACA, Mars 2019 – févr. 2023, Licence N 19155567
Certified ISO/IEC 27001 Lead Auditor, PECB, juin 2016 – juin 2019, Licence N ISLA1011527-2016-03
Certified ITIL Foundation v3, EXIN, AMP GROUP, Juin 2009 –Juin –Juin 2015, Licence N 262****-*****
Certified RedHat Engineer, RedHat Co-op, Juin 2007.
Qualification & Skills
IT MS (ITIL, ISO20000),
IT Governance (CoBIT)
IT security Governance (ISO27001, NIST-800-53)
Risk Management (ISO27005/ 31000, NIST 800-30, CIS-RAM, EBIOS),
SMSI implementation, maintaining and auditing,
Process monitoring (CMMi, CoBIT- PAM),
Incident management (ISO 27035,CoBit),
BCP/Disaster Recovery Planning (ISO22031),
Technical IT Vulnerability assessment (CIS-CAT, BurpSuite, Nmap, OpenVas, OWASP, …)
Pen testing - CEH v9,
CIS Controls /Benchmarks / metrics
Professional Experience
Secondment contract consultant, Tunisian Internet Agency (ATI) Jan/2003- Present
The Tunisian Internet Agency is a public IT service and internet access provider;
Work History
Trainer CISA, ISO27001, ISO27701, ISO27005 9/2018 -Present
High Commercial Study Institut, University of Sfax - Tunisia
IT GRC Consultant Manager, Board Adviser, 9/2017-Present
Regional public transport company - SORETRAS - Tunisia
Defined and Implemented IT processes (CoBIT, ITIL)
Managed ISO/IEC 27001 Implementation:
oIdentified the scope,
oDefined the objectives, established gap analysis, Business case and roadmap.
oDeveloped an information security policy and procedure documents.
oConducted risk management including IT security risks, according to ISO 27005 and EBIOS.
oDeveloped the SOA and the Risk Treatment Plan
oDeveloped an awareness program and materials
oImplemented IT security controls in accordance with the SOA and ISO27002.
oDeveloped an information security metrics (technical, effective),
oMonitored developed processes and implemented controls (CMMi, PAM-CobiT,27002),
oEnsured continual improvement,
oCoordinated with external auditor for certification,
Developed Business Impact Analysis for Disaster Recovery Planning, ISO-22031,
Managed IT security
IT audit, Anti-Fraud Consultant 1/2016- 8/2017
National Agency for Governance and Fight against Corruption- INLUCC - Tunis
INLUCC is the Tunisian national Office for governance and fight against corruption. His role is to prevent, detect and investigate, independently, cases of corruption in the public and private sectors and transmits them to the competent authorities, including justice.
oManaged the south Tunisia regional Bureau,
oProvided Data classification and analysis,
oConducted risk assessment, audit and forensic techniques for fraud, anti-bribery / anti-corruption and security breaches detection,
ISMS Manager, 1/2014- 12/2015
Global Group (GG), Oil and Gas Services. Tunisia - Morocco - Algeria
Global Group with its subsidiaries Global Industry, Global Iron Works and Globus is the Tunisian leader in engineering support services to Oil and Gas sector and petrochemical industries, with an interest in power generation and marine industries, implanted in Tunisia, Algeria and Morocco.
oIdentified the scope,
oDefined the objectives, established gap analysis, Business case and roadmap.
oDeveloped an information security policy and procedure documents.
oConducted risk management including IT security risks, according to ISO 27005 and EBIOS.
oDeveloped the SOA and the Risk Treatment Plan
oDeveloped an awareness program and materials
oImplemented IT security controls related to SOA and ISO27002.
oDeveloped an information security metrics (technical, effective),
oMonitored developed processes and implemented controls (CMMi, PAM-CobiT,27002),
oEnsured continual improvement,
oCoordinated with external auditor for certification
IT& Manager, 1/2011- 12/2013
Global Industry- Oil and Gas Services. Tunisia
oManaged ICT,
oParticipated in selecting, recruiting, and hiring of IT Stuff,
IT Manger, 1/2007- 12/2010
Sfax- City Tunisia
The city of Sfax is the second largest of Tunisian cities, housing around 400000 citizens.
Accompanied IT department to implement his IT transformation program by providing guidance during analysis, design, development, testing, implementation, post implementation phases, and changes.
Developed project’s feasibility studies and business cases,
Developed IT Operations and Security processes and procedures.
Established communication, awareness and training plan,
Designed and implemented and Microsoft Active Directory 2K8 services on clustered servers.
Designed and implemented the network/ security architecture, including WAN, LAN, WLAN infrastructure across 28 sites and approximately 4000 users (routers, switches, Firewalls, IDS, DNS servers and DMZ),
Implemented a multi-site replication between site domain controllers.
Created service desk and incident management team,
Upgraded end user desktop,.
Developed and tested disaster Recovery Plan.
IT Support and Service Delivery Consultant, 1/2003- 12/2006
University of Sfax- - Tunisia ;
The University of Sfax has approximately 45000 students distributed among 21 higher education institutions, five research faculties, three colleges, twelve institutes and research centers.
Coordinated the day-to-day operational activities of high-quality IT infrastructure and technology.
Monitored University’s servers, networks, and computer systems for irregularities and performance issues,
Assessed department needs and help desk inquiries,
Established service level agreements (SLAs) and negotiated contracts with IT services and products providers,
IT security Engineer 10/2001-12/2002
Tunisian Internet Agency
Supported the day-to-day IT security activities,
Audit missions
Municipality of Sfax Mars 2015
Threats and vulnerabilities assessment (OpenVas, CIS –Suite, Acutenix, nmap…)
Shimat Septembre- Novembre 2015
Conducted risk assessments and reviews for audit utilizing CI Security, in-house and external risk matrices.
Regional Urban Transport Enterprise of Sfax September 2016
Developed and administered risk assessments and reviews for the new integrated
ERP solution.Evaluated IT security policy and procedure documents, and the processes
for their development, approval and implementation October 2017
SitNet December 2016
ISO 27001 Certification pre- Assessment
GMPI Jun 2017
ISO 27001 Certification pre- Assessment
Reporting
University of Sfax - IIT Jun 2019
Reporter of the end study engineer project – Audit and IT risk assessment - deloitte Tunisia
University of Sfax - IIT Jun 2019
Reporter of the end study engineer project – SIEM & Cyber security – Cloud Temple Tunisia
Education
Master Degree, Academic Diplom in Computer Science
Carl Von Ossietzky University of Oldenburg- Germany
Affiliation
Information System Audit and Control Association, ISACA Member.
Tunisian National Association of Engineers, Member.
Knowledge Transfer Center, Municipality of Sfax, Founder.
Langages
Arabic : native, French : fluent, English :technical, German : fluent
Contact this candidate