Eman M. Siddek Contact 6th of October City GIZA, Egypt +201002270401 Professional Summary I’m a motivated, passionate information security consultant and information security Director with experience in outsourcing/offshoring, banking, and Fintech, and I have been working in the field since 2008. During this time, I have acquired extensive knowledge and skills in various aspects of Cyber Security, such as implementing Information Security Management System, ISO 27001 and PCI-DSS/PIN/MPOC standards, developing and enforcing Information security policies and procedures, conducting IT Risk Assessment, Cyber Security auditing and assessments, managing cyber security incidents, performing vulnerability assessments, and executing various Cyber Security controls and projects,, Managing business information security projects Education Work experience Cairo University 2002-2007 B.Sc. in Electrical &Electronics Engineering. Information Security Director-Fawry Banking and Payment Services 2022-Present General Secondary Certificate 2000-2005 Grade 95.6 % Certificates CISSP (2018) Certified Information Systems Security Professional (CISSP) – Certification NO 665664-ISC2. CISM (2019) Certified Information Systems Manager (CISM) Certification NO 1944549- ISACA CRISC (2021) Certified In Risk and information Systems Controls (CISSP) – Certification NO 2130147ISACA. CDPSE (2021) Certified Data Privacy Solution Engineer NO 2113379- ISACA Fintech and Financial Inclusion (2023) Issued Sep 2023 Credential ID WGFT250723 CISA (2024) Implementing and overseeing Fawry’s cybersecurity program Aligning cybersecurity and business objectives Reporting on cybersecurity to board of directors or senior executives Monitoring Incident Response Activities Managing business continuity and disaster recovery Promote a culture of strong information security. Managing vendor relationships Utilising cybersecurity budgets effectively Cybersecurity awareness and training Information Security GRC Senior Manager - Fawry Banking and Payment Services2019-2021 Lead the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified and monitored. Internally assess, evaluate, and make recommendations to management regarding the adequacy of the security controls for the Fintech's information and technology systems. Lead the system-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies and regulations. Develop routine reports in accordance with GRC metrics (KPIs, KRIs) Manage Fintech’s assets and data classification program. Information Security Compliance Manager -Banque Misr 2016-2018 Lead the system-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies and regulations. Work to collect, consolidate and analyse evidence of bank’s PCI DSS, ISO 27K, Swift standards compliance and meet the internal quality assurance requirements. Produce final reports on compliance to detail the controls observed during security assessments in accordance with various security standards and regulations (PCI DSS, ISO 27K.) In progress Skills: Leadership and negotiation skills. Excellent oral and communication abilities. Managing a wide variety of projects and team members. Projects-Technologies PCI DSS/DES Information Security Staff Architect -Banque Misr 2012-2015 Update and upgrade security systems as needed. Acquire a complete understanding of a company’s technology and information systems. Plan, research and design robust security architectures for any IT project. Perform vulnerability testing, risk analyses and security assessments. Update and upgrade security systems as needed. Acquire a complete understanding of a company’s technology and information systems. Plan, research, and design robust security architectures for any IT project. Perform vulnerability testing, risk analyses and security assessments. PCI-PIN/ CPOC/ MPOC SOC1-2 Audit Report FRA Regulations Baseline Benchmark GRC Platform FIM (Tripwire-Trend Micro) Symantec compliance suit Antimalware-EDR SIEM-SOAR-NDR Awareness Platform Application (Web-APIMobile)/Code Scan Application Security Program Vulnerability/configuration Scan Firewall-WAF-IPS-NAC PAM-IAM-MFA-SSO DLP-MDM HSM-KPI-Vaulting Threat Intelligence IT Security Engineer-Banque Misr 2008-2011 Configure and install firewalls and intrusion detection systems. Perform vulnerability testing, risk analyses and security assessment. Investigate intrusion incidents, conduct forensic investigations and mount incident responses. Collaborate with colleagues on authentication, authorization and encryption solutions. Training Accomplishments Member of ISC2. Member of ISACA. Qualified to the shortlist of <Women in Tech Awards, Middle East Dubai 2019> Certified lecturer at the Union of Arab Banks and many others International and Arab institutions. Shared speaking in CSIS Cyber security innovation series 5th Edition 6-7 March,2023.