Fadi Khouri
CISA, CISM, CRISC, CRA, CTFL
 fadi@fadikhouri.com
 6 4 7 - 9 4 7 - 6 9 6 9 , 6 4 7 - 4 6 2 -0 2 0 2
 www.fadikhouri.com
CORE KNOWLEDGE AREAS
TARGET: IT AUDITING CONSULTANT

IT Audit process (Planning, Studying, Testing, and
Evaluating Controls)
Skilled and meticulous IT Auditor offers 14+ years of

Information Security
experience in the IT sector, with 12+ years in an IT

Banking Systems & Applications
auditing role in the banking field. Expertise spans risk-

Information Processing Facilities
based assessments, application assessments and access

System Development Life Cycle SDLC
controls. Sharp and detail-oriented critical thinker with

Enterprise Architecture

Business continuity planning (BCP) and Disaster Recovery
Arrangements.

Risk-Based Assessments
working in some of Kuwait’s largest banks with a Master’s

Risk Identification, Assessment and Evaluation.
degree in Communications and Computer Engineering,

Software Testing
offering proficiency in cutting-edge practices to protect

Project Management

Logical Access Controls
data integrity and network security. Strong leader, skilled

Implementation Reviews

Staff Development & Training
the problem-solving skills necessary to identify and
mitigate potential risks. Blends experience gained
at inspiring teams to achieve critical objectives.
P RO F ES S IO NAL E XP ER I EN C E
Independent Consultant (IT Audit and Security)
July-2012 – present
Toronto, Canada
IT Audits, IT security consulting services, IT policy and procedure, business continuity and disaster recovery planning, IT Risk
Assessments, Application testing, Vulnerability Assessments and Penetration Testing, profit and not-for-profit clients.
KEY TASKS

Perform information systems audit of application Software and Network Infrastructure.

Evaluate the design and effectiveness of an organization's computer systems, which includes data systems, computer
networks, and security solutions.

Training, supervision and mentoring and provide information security awareness trainings.

Review of project implementation related documents such as RFP, Contracts, and SLAs.

Perform Software testing to ensure that it meets the requirements that guided its design and development, responds
correctly to all kinds of inputs, performs its functions within an acceptable time, free of any defects, free from security
bugs, and achieves the general result its stakeholders desire.

Perform Vulnerability Assessment to help identifying and quantifying vulnerabilities in the organization environment as
well as providing the appropriate mitigation procedures required to either eliminate those weaknesses or reduce them to
an acceptable level of risk.

Perform Penetration Testing (white box and/or black box) by simulating the actions of an external/internal attacker with
the aim to breach the security of the organization to exploit critical systems and gain access to sensitive data using tools
and techniques. In some cases and with the approval of the Organization management, the scope might include social
engineering attacks or physical security tests.
Page 2
Senior IT Auditor (Heading the IT Audit Team)
July-2010 – July 2012
Industrial Bank of Kuwait – Kuwait, Kuwait
Recruited by the Industrial Bank of Kuwait to lead the Internal IT Audit team of the bank, focusing on revamping the IT
auditing processes to bring them in line with industry standards and/or best practices, as well as to train and mentor a staff
of junior and senior auditors.
KEY CONTRIBUTIONS

Transformed the IT auditing process, drafting a comprehensive and standardized audit plan spanning risk-based and
application assessments, as well as provisioning for the conversion of a manual printout process to an electronic one,
resulting in an increased focus on the security of the application.

Brought about an annual audit across all applications, implementing a risk rating for each of the 20 applications to
gain better insight into the individual components of IT operations.

Liaises with IT Management and Business Users to identify and implement resolutions to recognized risks, effectively
ensuring that all processes align with the approved audit plan.

Conceptualized and created the tools and templates needed to clearly audit web applications and client server
applications, allowing for consistency and transparency in all processes.

Conducts post-implementation and application control reviews, as well as fraud investigations, coordinating with the
external audit teams to mitigate risks.

Performs in-depth research on the security and functionality of validation controls on the server and browser side,
referring emerging issues to the vendors.
Senior IT Auditor
Auditor
Assistant Auditor
2007-2010
2004-2006
2002-2003
National Bank of Kuwait (NBK) – Kuwait, Kuwait
Initially brought on board as the Assistant Auditor at this leading Kuwaiti bank, earning a promotion to Senior IT Auditor
tasked with carrying out extensive IT audits across post-implementation and application controls reviews, employing ISACA
and IIA standards to successfully improve the online banking security.

Penetrated and bypassed the core banking system platform, discovering security
gaps on the vendor side through a detailed assessment of the security
infrastructure and its associated risk exposures, resulting in increased validation
enforcement controls.
ACCOMPLISHMENT
Recipient of the NBK Best
Employee of the Quarter
Award, 2004.

Expertly navigated the evaluation of the bank’s business continuity and disaster
recovery plans, performing in-depth testing and tracking of disaster recovery
processes to identify gaps, culminating in several recommendations including the
migration of the disaster recovery area to a more secure location.

Drafted functional and user requirements, data mapping and conversion methodologies, and User Acceptance Tests
(UAT) documentation, incorporating industry research into provide staff with a thorough understanding of industry
best practices.

Assisted in auditing NBK overseas branches covering application level security and controls, with special emphasis on
web applications and critical applications.

Played a key role in the preparation of a risk-based IT audit plan identifying significant risks across the business and
IT, while incorporating the requirements and expectations of key stakeholders.
Additional professional experience includes a year as IT Programmer for the Commercial Bank of Kuwait (2001); a year as
an Electrical Engineer with the Lebanese Army (2000); and 3 years at the Computer Lab Supervisor at the University of
Balamand (1996-1999).
Page 2
ED U CA TI ON & C E RT I FI C AT IO NS
Certified Information Security Manager (CISM)
ISACA, USA
2014
Certification in Risk Management Assurance (CRA)
IIA, USA
2013
ISTQB-ISEB Certified Tester Foundation (CTFL)
The International Software Testing Qualifications Board (ISTQB)
2012
Certified in Risk and Information Systems Control (CRISC)
ISACA, USA
2011
Certified Information Systems Auditor (CISA)
ISACA, USA
2011
Advanced IT Audit using ACL
Institute Banking Studies, Kuwait
2009
Network Security
Institute Banking Studies, Kuwait
2006
Oracle Development
Institute Banking Studies, Kuwait
2002
Master of Communications and Computer Engineering
University Of Balamand, Lebanon
2000
Bachelor of Science in Electrical Engineering
University Of Balamand, Lebanon
1998
TE C HN I CAL S KIL L S P RO F IL E
Ethical Hacking | Web Application | Programming (e.g. Visual Studio.NET, Java, Java Script, PHP,
Oracle, SQL, DB2, VOS, HTML, XML) | Electrical Related Programs (e.g. Matlab and PSPICE)