Uploaded by Mohamed AbouZeid

Eng.Eman Siddek-CV 2024

advertisement
Eman M. Siddek
Contact
6th of October City
GIZA, Egypt
+201002270401
Professional Summary
I’m a motivated, passionate information security consultant and information security Director with experience
in outsourcing/offshoring, banking, and Fintech, and I have been working in the field since 2008. During this
time, I have acquired extensive knowledge and skills in various aspects of Cyber Security, such as implementing
Information Security Management System, ISO 27001 and PCI-DSS/PIN/MPOC standards, developing and
enforcing Information security policies and procedures, conducting IT Risk Assessment, Cyber Security auditing
and assessments, managing cyber security incidents, performing vulnerability assessments, and executing
various Cyber Security controls and projects,, Managing business information security projects
Education
Work experience
Cairo University
2002-2007
B.Sc. in Electrical &Electronics
Engineering.
Information Security Director-Fawry Banking and Payment Services 2022-Present
General Secondary Certificate
2000-2005
Grade 95.6 %
Certificates
CISSP (2018)
Certified Information Systems
Security Professional (CISSP) –
Certification NO 665664-ISC2.
CISM (2019)
Certified Information Systems
Manager (CISM) Certification NO
1944549- ISACA
CRISC (2021)
Certified In Risk and information
Systems Controls (CISSP) –
Certification NO 2130147ISACA.
CDPSE (2021)
Certified Data Privacy Solution
Engineer NO 2113379- ISACA
Fintech and Financial
Inclusion (2023)
Issued Sep 2023
Credential ID WGFT250723
CISA (2024)









Implementing and overseeing Fawry’s cybersecurity program
Aligning cybersecurity and business objectives
Reporting on cybersecurity to board of directors or senior executives
Monitoring Incident Response Activities
Managing business continuity and disaster recovery
Promote a culture of strong information security.
Managing vendor relationships
Utilising cybersecurity budgets effectively
Cybersecurity awareness and training
Information Security GRC Senior Manager - Fawry Banking and Payment Services2019-2021





Lead the development and implementation of the system-wide risk
management function of the information security program to ensure information
security risks are identified and monitored.
Internally assess, evaluate, and make recommendations to management
regarding the adequacy of the security controls for the Fintech's information and
technology systems.
Lead the system-wide information security compliance program, ensuring IT
activities, processes, and procedures meet defined requirements, policies and
regulations.
Develop routine reports in accordance with GRC metrics (KPIs, KRIs)
Manage Fintech’s assets and data classification program.
Information Security Compliance Manager -Banque Misr
2016-2018
 Lead the system-wide information security compliance program, ensuring IT
activities, processes, and procedures meet defined requirements, policies and
regulations.
 Work to collect, consolidate and analyse evidence of bank’s PCI DSS, ISO 27K,
Swift standards compliance and meet the internal quality assurance
requirements.
 Produce final reports on compliance to detail the controls observed during
security assessments in accordance with various security standards and
regulations (PCI DSS, ISO 27K.)
In progress
Skills:



Leadership and negotiation
skills.
Excellent oral and
communication abilities.
Managing a wide variety of
projects and team members.
Projects-Technologies

PCI DSS/DES
Information Security Staff Architect -Banque Misr
2012-2015
 Update and upgrade security systems as needed.
 Acquire a complete understanding of a company’s technology and information
systems.
 Plan, research and design robust security architectures for any IT project.
 Perform vulnerability testing, risk analyses and security assessments.
 Update and upgrade security systems as needed.
 Acquire a complete understanding of a company’s technology and information
systems.
 Plan, research, and design robust security architectures for any IT project.
 Perform vulnerability testing, risk analyses and security assessments.


















PCI-PIN/ CPOC/ MPOC
SOC1-2 Audit Report
FRA Regulations
Baseline Benchmark
GRC Platform
FIM (Tripwire-Trend
Micro)
Symantec compliance
suit
Antimalware-EDR
SIEM-SOAR-NDR
Awareness Platform
Application (Web-APIMobile)/Code Scan
Application Security
Program
Vulnerability/configuration
Scan
Firewall-WAF-IPS-NAC
PAM-IAM-MFA-SSO
DLP-MDM
HSM-KPI-Vaulting
Threat Intelligence
IT Security Engineer-Banque Misr
2008-2011
 Configure and install firewalls and intrusion detection systems.
 Perform vulnerability testing, risk analyses and security assessment.
 Investigate intrusion incidents, conduct forensic investigations and mount
incident responses.
 Collaborate with colleagues on authentication, authorization and encryption
solutions.
Training Accomplishments





Member of ISC2.
Member of ISACA.
Qualified to the shortlist of <Women in Tech Awards, Middle East Dubai 2019>
Certified lecturer at the Union of Arab Banks and many others International and
Arab institutions.
Shared speaking in CSIS Cyber security innovation series 5th Edition 6-7
March,2023.
Download