Marwan Ashraf Email and Phone Number

GRC Specialist with a great passion and enthusiasm for information Security and cybersecurity in general, my goal is to assist in enhancing the level of security within an organization by implementing effective governance, risk management, and compliance strategies. I am committed to ensuring organizational compliance with the right standards while optimizing operational efficiency and mitigating risks that may damage the organization's reputation and cost a hefty sum of money.• Asset Management: including Assets Discovery, Assets Defining, Assets Criticality Assessment Based on the Business Impact Analysis and Building a proper Assets Register, Defining, development and implementation of Asset management policy and process.• Data Classification: including Data Types and Levels of Sensitivity, Identifying Data Types, Data classifier “boldon james” with Data Loss Prevention “DLP”.• Identity Access Management (IAM): including control physical and logical access to assets, Manage the identity and access provisioning lifecycle and Manage authentication of people, devices, and services, Role Based Access Control (RBAC), Privileged Account Management (PAM).• Software Secure Development Life Cycle (SSDLC): including SSDLC Phases, Key Principles of SSDLC, SDLC vs. SSDLC, and Common SSDLC Models.• Security Controls Categories & Definitions: including NGFW, DRM, Vulnerability Management, DNS, Web Proxy.• Risk Management: including Identifying Risk terms and definitions, Risk management Framework & risk register creation using Excel. NIST SP 800-30, NIST SP 800-53, ISO 27005-2022• Compliance with industry standards: including PCI-DSS, Payment Services Using Prepaid Cards Regulations, Internet Banking Regulation, ISO 27001, ISO 27002• Business Continuity: including Business Continuity Plan, Business Impact analysis “BIA”, Auditing ISO 22301