Sherif Al Ballat

Beside my role as Senior Analyst in Commercial International Bank-Egypt, I’m remotely Managing a multinational Information Security unit in CIB Kenya Limited Bank, reporting to Chief Risk Officer.  Lead and manage a team of security professionals responsible for implementation of Information Security Management System.  Provide guidance, mentoring and professional development opportunities to team members through Foster a collaborative and high-performance work environment through building & maintaining relationships with key stakeholders across the organization.  Management of budgets related to information security, including the purchase of security software and hardware through-out the entire Acquisition Lifecycle (RFP, SOW, LLD, Implementation, Rollout) and the hiring of security personnel.  Collaborate with team members and stakeholders to understand or identify project goals & obtain prioritized deliverables with reasonable timelines, while sharing the project progress with the Chief Risk Officer & Board of directors.  Implementing Information Security Management System (ISMS) in alliance ISO 27001 framework.  Develop a complete set of corporate Information Security policies and standards and continually monitoring the information security controls, KRIs/KPIs and technical landscape.  Implement effective and appropriate GRC controls and measures to protect systems and data.  Identify, communicate and manage current and emerging security threats with relevant stakeholders.  Work with business, internal IT and 3rd party vendor teams to promote and adopt security best practices.  Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable.  Identify different types of Information Security risks and detail a mitigation plan to ensure that projects stay on track.

 Support the development of information security policies, processes & procedures in-line with Commercial International Bank (CIB)’s standards & best practice while participating in the yearly review of policies and procedures to support information security, risk, and security compliance activities.  Performs or coordinates internal security assessments, penetration tests, vulnerability scans, and assess organization cybersecurity maturity Complying with frameworks and regulations such as NIST (800-53, cybersecurity), ISO, ITIL, PCI, GDPR and other data privacy and security standards and regulations.  Assist in management/tracking of physical and virtual assets and support vendor and supplier security compliance review processes. 1  Ensure that patches are applied and known control weaknesses are removed, as a means of strengthening systems in accordance with security policies and standards.  Maintain an information security risk register and assist with internal and external audits relating to information security and collate metrics to produce monthly exception and management reports.  Provide guidance in securing cloud (SaaS / PaaS / IaaS) and web application environments aligned with best practices  Collaborate with all relevant stakeholders for input and operational requirements to design and implement the CIB's overall cybersecurity strategy.  Participates in developing, testing, and implementation of disaster recovery procedures for the cybersecurity technology in place.  Act as a trusted liaison providing direction, guidance, and counsel to Business Teams and other stakeholders at various levels (including executives) around the globe in support of third-party information security risk assessment activities.  Advocate and be an ambassador of other critical third-party related security assessment activities such as ensuring contracts include the required Global Information Security Requirements (GISR) and completion of Payment Card Industry Data Security Standards (PCI-DSS) assessments.

 Perform security assessment for all Software products that will be hosted in CIB’s Data Center whether it was in-house developed or ready-made.  Driving CIB’s Security Strategy according to all emerging Cyber Security Risks, then enforcing this strategy upon all the relevant parties.  Delivering the Security requirements to all the relevant stakeholders based on the Security Strategy and the result of the Security assessment.  Assist in the development and the maintenance of the different security policies through defining the required controls in alignment with the ISO/PCI and other applicable standards, best practices and regulations to ensure the developed policies are always up-to-date and address the ever-changing threat landscape.  Follow the security risk assessment methodology to assess different business initiatives & projects.  Conduct security gap and threat assessments post globally/locally identified security incidents/threats and put an action plan in place with effective coordination with the relevant stakeholders bank wide till completion to identify and mitigate any similar potential risks.  Liaise with the IT Security to validate and review the business requirements and ensure the relevant security measures are catered throughout the different phases of the software development lifecycle (SDLC) and the demand management process.  Participate and coordinate for a bank-wide risk assessment and business impact analysis exercise to prioritize and Classify critical business processes and supporting infrastructure from availability, confidentiality and integrity point of view.  Follow all relevant department policies, processes, standard operating procedures and instructions so that work is carried out in a controlled and consistent manner.  Comply with all relevant Central Bank of Egypt (CBE) regulations, banking laws, AML regulations and internal CIB policies and code of conduct in order to maintain CIB’s sound legal position and mitigate any potential risks.

 Responsible for performing a daily monitoring activity using various security appliances on both the Network level (Palo Alto Next Generation Fire Wall\ TrendMicro SandBoxing Solution\ Cisco SourceFire IPS\ F5 Web Application Firewall \ IronPort Mail Gateway\ FireEye Anti-Malware Solution\ Trend Micro Anti-spam solution .. etc.) and Endpoint level through the following solution (McAfee endpoint antivirus\ Nexthink endpoint security analytics). 2  Guiding the IT operation teams through a series of steps during any cyber security attack (WannaCry\ Petya\ NotPetya .. etc) till the threat is mitigated.  Responsible for making security assessment (admin accessibility\ staff privileges vs their daily tasks\ type of data required from Alex Bank IT infrastructure systems) for any new system\ service to be lunched by the Alex Bank.  Responsible for Planning to mitigate Alex Bank different security gaps using different SW\HW appliances during all phases of the mitigation cycle (Vendors engagement\ PoCs\ Product Selection\ Implementation).

 Responsible for making VA/PT reports for the entire corporate network, remediate the findings and provide substitute invulnerable solutions to my colleagues.  Performing analysis of network security needs and contributes to design, integration, and installation of HW and SW.  Responsible for consulting any new software the bank will buy to make sure it won’t be vulnerable or cause any data breach.

 Responsible for delivering Information Security policies for Alex Bank subsidiary that comply with the parent company Intesa Sanpaolo guidelines  Responsible for making regular information security awareness sessions ( +150 hours) for the new hires Alex Bank staff with different areas of interest (Branches\ Call Center\ HQ departments).