ISRAR UL HAQUE

• Access Control Administration (including process doc, resolution of all access requests and periodic reviews of User profiles / access rights). • Manages user account update requests, including add/remove users and change permissions. • Provide first level technical security support to business unit employees • Contributing in DR Drills to ensure critical applications are accessible. • Review security audit reports and address potential gaps and risks. • Conduct DR Drill with maximum load on every year and create a report.

• Ensure that monthly, semi-annual and annual application inspections are conducted accurately and in a timely manner. • Ensure that all requests are properly authorized and approved by the application or business owner prior to committing the change. • Access management of Oracle ERP R12 financial module. • Overcome various internal and external Audit Observations of different domains as an audit. • Evaluation and implementation of role matrices. • Identifying Key Risk Indicators (KRI) of Information System in Risk Management Project. • Creation of Risk Control Self-Assessment (RCSA) Matrix - INFORMATION TECHNOLOGY • Manage access control to systems such as file shares or document repositories. • Identify and improve security processes and controls. Assist in implementing these improvements

• Review of Oracle & SQL Database access Control. • Review of Active Directory of different (SaaS) environment through AD Manager Plus. • Backups Audit for Oracle & SQL of different (SaaS) environments. • Review of Windows and Linux Patch Deployment on monthly basis. • Review access management and controls for business applications. • Review Information security policy, processes, procedures and governance document • Identify and communicate IT audit findings to management. • Supports information security awareness through assisting in development of training materials, facilitating orientations and drafting written communications. • Annual review of Service Organization Controls (SOC 2 Type 1/2). • Monitor, audit findings and the timely completion of action plans to ensure all concerns or deficiencies reported are solved.

• Information Security Risk Assessment of different applications and systems in scope of PCIDSS v3.2 and ISO 27001 • Policy reviews and updates • Establish security baseline documentation of different systems and products. • Establish Risk Register of banking applications through GRC system • Advise on numerous InfoSec solutions • Measuring Information Security department KRI’s through SAS KRI system • Measuring KPI in scope of ISMS by GRC System • Develop Information Security KRI and KPI framework • Provide Information security awareness training and developing framework with awareness messages • Run Qualys Scan on different servers to ensure the hardening and vulnerability identification • Work for continuous improvement in ISMS program. • Validate information security audit observations • Implement ISMS program on Riyad Online channel and primary data center. • Ensure corrective and preventive measure on timely basis of ISMS progra