•Responsible for establishing and maintaining an agreed level of information security within the Bank, ensuring adequate control is exercised over information security processes and organization, providing support on all matters related to information security to all business units and third parties, analyzing and alerting senior management to newly identified threats and risks.•Provided leadership and management for the Bank enterprise security. Directly responsible for Security Strategy, Policies, Security Management, Access Control, IAM, Information Asset Security, and Technology Protection and Continuity.•Develop a Data Classification Scheme that provided guidelines used to determine the appropriate level of protection, and implemented a DLP solution.•Advocated and communicated the importance of Information Security policies within Bank of Palestine.•Provided strategic and tactical direction on the Bank’s security initiatives and issues.•Provided technical and policy guidance to business application teams onboarding applications into the cloud environment to ensure compliance with privacy, security, encryption, business resiliency, and compliance frameworks as defined in the Bank’s policies (AWS, Azure)•Conducting a security awareness program•SIEM SPLUNK: Responsible for supervising 24/7 monitoring and follow-up with a team of 10, automation of incident handling through SPLUNK Orchestration, Risk Aggregation, and established and trained SOC team, processes, and tools.•Achieved PCI DSS Compliance as ISA for the bank, certified ISO 27001 Lead Auditor, SWIFT compliance, SOX, SOC2.•Efficiently created incident handling procedures and actively managed security incident response teamwork.•Performed regular and ad-hoc security reviews and gap analyses.•Performed and submitted risk assessments for assigned areas, and enforced security controls and technologies.

In addition to my job duties as Information Security Officer

- Acted as the liaison between the Bank of Palestine’s Information Security Organization and other departments, such as Internal Audit, Accounts, Human Resources, Legal, Compliance, IT, and other Business Units. - Communications and Operations Security Management: To ensure the correct and secure operation of information processing facilities.Responsible for monitoring and assessing incidents and actively participates in security incident-response teamwork.- Perform regular and ad-hoc security reviews of assigned areas.- Perform and submit risk assessments for assigned areas.- Implemented a mechanism for patch/vulnerability management and protection against malicious attacks (Nessus, Rapid7, OWASP, miter att&ck, Crowdstrike)- Created, maintained, and actively tested a Disaster Recovery Plan and Business Continuity Management (RPO 60 sec, RTO 15 min, Business Impact Analysis, etc.) and formed a crisis management plan and team for assigned areas. - Managed Penetration Testing (Network Internal and External)- API, Web APP, iOS, Android Penetration Testing.- Managed and Implemented SAS enterprise risk control Information Security Risk Assessment RCSA SAS eGRC, Information Security Control Testing, Security Key Risk Indicators, and Risk Virtual Analytics

USAID Project for Local Government Infrastructure in West Bank and Gaza •Maintained, configured, and performed a reliable operation of computer systems, network servers, and virtualization (LAN WAN, Cisco, Firewalls, WAF, RedHat, Microsoft AD, Oracle DB, VMware, Windows 2008 R2).•Provided documentation and technical specifications to IT staff for planning and implementing new upgrades of IT infrastructure, implemented ITIL V3, IT policies and procedures, managed IT Procurement, & managed a team of 4.•Responsible for capacity, storage planning, and database performance, performed regular backup operations, and implemented appropriate processes for data protection, disaster recovery, and failover procedures.•managed a transformation project of the data warehouse and BI application, HR App, M&E App, GIS System to Google Cloud.

•Enforced a security baseline for systems security, adopted and implemented a secure configuration standard on Unix, Linux, RedHat, Oracle Database, Virtual Machines, Routers& Switches, Database Security & Encryption.•Responsible for Card Processing Security and ATMs Security, managing HSM security and implementing the Encryption key management procedures.•Conducted Vulnerability & Patching, managed the Pen Testing Exercises, and maintained the antimalware.•Delivered Web application security Penetration Testing and conducted Security Source Code review.•Coordinates the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a declared disaster.•Information Security Risk Assessment and Security Gap Analysis.

•Established and Implemented the ISMS Policies and Procedures to comply with ISO 27001, and SANS Controls. •Implemented and Managed Cisco Firewalls & IPS, Network Segmentation, VPN security, email security gateway, threat prevention, WAF implementation, Infrastructure security architecture, and design.•Implemented and maintained Data Classification, and email security systems.•Identifying security vulnerabilities and patch management for servers, systems, and databases.•Monitoring networks, firewalls, WAF, IPS, and Security Incident handling, Data breaches detection, and response.•Performing Penetration tests for the network, and Web applications.•Identity and Access Management.