Israa Osman

• Establish and maintain the Technology Risk Management Framework, including the technology risk management policy, process, risk register, and risk communication plan in coordination with the Corporate Enterprise Risk Management Team. Then design the Risk lead indicators dashboard to support the Technology management in effectively monitoring and realizing their risk exposure levels.
• Handle the Technology department's potential strategic, program, project, and operational risks with relevant Stakeholders.
• Identify potential risk exposure to develop corrective action plans.
• Report findings on risk exposures to senior executives and board of directors.
• Lead the creation of communication Channels for Technology Management and Staff to readily raise/communicate any foreseen risks for further analysis and comprehension (e.g., unified email groups, WhatsApp groups).
• Launch the Technology BC Policy, set the BC objectives, and facilitate conducting the BCP-BIA Processes in coordination with Technology Management and Business Functions for the agreed-on BC Scope and Key Processes.
• Draft and audit Information Security related policies, processes in alignment with Enterprise Risk Management and Industry Standards/Best Practices to better understand the level of compliance.
• Work closely with fellow security personnel to remedy and alleviate technology issues.
• Promote security awareness among employees in coordination with Enterprise Risk Management Team.
• Spearhead planning of yearly audits and review controls for Technology departments to assess areas in need of improvement.
• Facilitate successful internal and external audits through sound and thorough documentation to maintain compliance with corporate, local, and international standards requirements.
• Present and discuss audit findings to management teams, delivering information in non-technical terms for easy understanding.
• Design internal control policies to improve audit scores.

Achievements:

• Achieved the Technology department Risk Management Framework, which managed the potential Strategic, Program, Project, and Operation risks with relevant stakeholders, which led the Technology Department of ZAIN to achieve zero high-risk findings in 2022 based on the ZAIN Group report. Additionally, the medium-risk findings decreased by 45%
• Initiated the communication channels for the Technology management and staff which accelerated the risk response time that improved the business continuity by more than 75%.
• Participated in testing and updating the Technology department risk-based BIAs and BCPs
• Coordinated with the Information Security team in Revamping InfoSec-related policies, processes, and procedures in alignment with the Enterprise Risk Management Departmental and Industry Standards/Best Practices.
• As well as, coached and facilitated demonstration training and awareness sessions for 700+ staff members which advanced the audience security posture and knowledge.

• Maintained risk identification programs to reduce potential business losses.
• Performed ongoing evaluation and assessment of risk factors in change plan integration to apprise steering committee of findings and remedial recommendations.
• Collaborated with key stakeholders to plan and implement an effective risk mitigation program, which included risk management plan, policies and procedures.
• Made recommendations to improve security procedures and systems.
• Developed process documentation that includes scope, RASCI, and KPIs. Further ensure effective implementation of business processes.
• Applied information security standards, policies, processes, and procedures in alignment with other corporate security functions (e.g., IT security monitoring procedures, ISO 27001).
• Developed ZAIN security practices in collaboration with the ZAIN ERM team and SOC team to ensure cybersecurity monitoring and protection of ZAIN infrastructure and assets.
• Coordinated and supported on-suite audits conducted by external providers.

Achievements:

• Coordinated with the Enterprise Risk Management team to ensure the Technology Department risk management practices, information security standards/ best practices such as IT security monitoring procedures, and ISO 27001 are applied. For example, ensure ZAIN systems and applications comply with the security controls by Pen-testing two in-house applications and the internal cloud environment.
• Managed the Technology Physical Access Management process re-engineering project to improve the end-to-end service process.
• Restructured and automated communication flows between 5 departments and more than 10 Subcontractors, which improved the access management estimated efficiency by 60%.
• Administrated around 5 Technology Department Internal (ZAIN Group) and external audits (Deloitte) annually to ensure risk framework is applied correctly and comprehensively.

• Participated in systems security designs, architecture, and implementation in the security area.
• Audited EBS systems, devices, and networks then reviewed compliance against with EBS IS policies and report any deviations.
• Continually updated computer security policies, procedures, and guidelines for application connections, API, and other interfaces.
• Respond to information security incidents and conduct investigations.
• Led small to medium-scope information security projects.
• Supervised and mentored junior employees in departmental activities and procedures.
• Utilized various tools to deliver security awareness sessions to technical and nontechnical staff to improve operations.

Achievements:

• Achieved the implementation and delivery of security compliance projects with six cross-functional teams, requiring close coordination and communication among the members, the top management, and the vendor to meet the vendor standard.
• Assessed 4+ corporate systems with their firewalls and routers and oversaw the implementation of the recommendations to ensure adherence with EBS Information Security policies, such as redesigning network and systems configuration with a security perspective.
• Demonstrated the ability to understand client-based business requirements and translate them to technical solutions and services with a security perspective.
• Mentored and coached three junior team members and shared knowledge and experiences.
• In collaboration with The Information security team, introduced a company-wide security awareness program and competition for more than 170 employees, thereby increasing security awareness and knowledge as part of the corporate strategy.

• Performed Penetration testing for client applications and provided a security report at the end of the process.
• Provided support for clients' applications and internal departments in security issues, such as SSL installation, encryption, and access control.
• Audited the corporate systems, networks, and firewalls based on best practices and vendor recommendations.
• Implemented security systems such as application firewalls and WAFs to minimize defined security risks.
• Investigated information security breaches to identify vulnerabilities and evaluate damage.
• Continually improved Computer security policies, procedures, and guidelines

Achievements:

• Delivered support for Clients who intended to connect with the banking system in security issues, such as SSL certificate creation, installation, encryption, and access control.
• In addition, executed more than five VA/ PT for the client applications quarterly and provided a security report at the end of the process.
• Improved the information security of the ECC system, Electronic Check Clearing by auditing the whole ECC network and implementing the SSL certificate to the Central Bank interface connected to all 38 banks for the first time.
• Utilized security systems such as application firewalls to minimize defined security risks, introduced and implemented the OSSEC to check the central bank-verified APPs after release, and detected any modifications.
• Revamped information security policies, procedures, and guidelines.