Muhannad Issa
Information &Technology Risk Management Professional
Amman,AM
Summary
Ambitious and detail-oriented professional with a double major in IT and Finance, seeking to utilize my diverse academic background, professional experiences, and analytical skills in risk management. Passionate about identifying and mitigating risks while adhering to regulatory requirements and international standards. Keen to contribute to a dynamic team by leveraging my understanding of both IT and Finance to effectively manage the organization’s Risks that support it’s success.
Overview
19
19
years of professional experience
7
7
years of post-secondary education
10
10
Certifications
Work History
AVP, I&T Risk Unit Manager
Bank ABC (Jordan)
6 2018 - Current
- Build, design, implement, and maintain I&T Risk management framework
- Develop, implement, and maintain I&T Risk management related polices, standards, and procedures
- Review all polices, standards, and procedures related to IT, Information Security, Business continuity, and Data Privacy and provide the responsible of those functions with the professional feedback based on the regulations, standards, adopted best practices, and the approved relevant internal polices, standards, and procedures
- Monitor the I&T related functions by using several tools mainly Key Indicators (KPIs, KCIs, & KRI) and reports (either Audit, professional assessment (internal and/or external)
- Perform Risk Control Self-Assessment (RCSA) workshops for Information technology, Information security, business continuity, and Data Privacy
- Perform I&T related entities’ controls testing
- Review the incidents relevant to the processing environment of IT, Information Security, business continuity, and Data Privacy and validate all the relevant details and oversight the performing of the agreed relevant approved actions
- Perform risk identification, assessment, reporting and monitoring over I&T processing environment (People, Process, & technology) and recommend corrective actions
- Prepare & maintain the I&T Risk profile based on COBIT
- Report and communicate I&T risk status to the Board and senior management.
Sr. Information Security Officer
Jordan Kuwait Bank
12.2014 - 06.2018
- Develop, maintain, review, and implement information security related policies, standards, and procedures
- Review, monitor, analyze, identify requirements & gaps, and lead implement Information security regulatory (CBJ) requirements, frameworks, and standards (ex: PCI-DSS, Swift CSP, & COBIT)
- Business continuity management: Prepare, review, update, test, and lead the activities related to business continuity planning (incident responses and recovery procedures, DRS and alternative business locations readiness, etc.)
- Perform Risk assessment for I&T related processes and technology
- Perform information security business as usual operations
- Coordinate for Penetration tests, and monitor the performance of the applied information security controls
- Conduct information security awareness training for the staff.
Sr. Information Security officer
PAYFORT.com (Amazon payment services)
02.2014 - 12.2014
- Develop, maintain, review, and implement information security related policies, standards, and procedures
- Review, monitor, analysis, identify requirements & gaps, and lead the implementation of PCI-DSS
- Perform Risk assessment for I&T related processes and technology
- Perform information security business as usual operations
- Conduct information security awareness training for the staff
- Prepare, review, update, test and lead the incident response plan and Business continuity plan
- Manage, coordinate, and perform the system security activities (ex: FIM, SIEM, Vulnerability management, and penetration testing)
- Provide consultancy regarding the security measurements, controls and solutions for internal parties.
Security officer
SGBJ Bank
10.2009 - 02.2014
- Develop, maintain, review, and lead the implementing of information security relating policies, standards, and procedures
- Lead the projects relating to information security and physical security
- Assist in preparing, reviewing, modifying, and testing the business continuity management and disaster recovery plans
- Perform Risk assessment for I&T processes and technology
- Conduct information security awareness training for the staff
- Lead the incident handling technical team and coordinate with the management team responsible for incident handling.
Product consultant
CR2
07.2008 - 10.2009
- Implementing and upgrading banking e-channels (internet banking, IVR banking, SMS (mobile) banking, and ATM)
- Provide banks with advice to increase the quality of their services through banks e-channels
- Onsite project coordination
- Main Projects: Union bank (sparrow upgrade, enable direct deposit on ATM), Cairo Amman Bank (Bank world system upgrade, install new features for Internet banking, Iris Guard on ATM), and Al-Ahli Bank (Enable Direct Deposit ATM on Sparrow switch using Wincor ATM).
Programmer and Analyst
Arab Bank
09.2005 - 07.2008
- Software Development: developing programs and systems using RPGLE and CL on IBM/AS400 following up all phases of SDLC
- ATM System Administration: Responsible for Installation & Implementation of the new Release and enhancements of Open2 system
- Help in solving major problems
- Develop Tools for daily operations
- Main Projects are Shabab System (retail product), ECC Integration with core system, and ATM Aptra.
Education
Computerized Information Systems B.Sc. -
Jordan University of Science And Technology
Irbid, Jordan 10.2000 - 08.2004
Finance and Banking B.Sc. -
Amman Arab University
Amman, Jordan 10.2021 - 07.2024
Skills
Project management related to I&T Risk, Information Security, and business continuity
Physical security controls and techniques
Controls testing and assurance
International standards related to information security, business continuity, and risk management (ISO, NIST, COBIT)
Data protection
Security policy development
Compliance Management
Incident Response
Cybersecurity Management
Disaster Recovery Planning
Risk Assessment
Certification
GDPR-CEP
Personal Information
- Date of Birth: 02/01/83
- Nationality: Jordanian
- Marital Status: Married
Training
- CISMP (Certificate in Information Security Management Principles) - 2020
- COBIT 2019 Bridge Course - 2019
- ECSA V9 - 2016
- Mind Mapping - 2013
- CCNA attendance certified - 2011
- CISA attendance certified - 2011
- Banking training program (Socitie General Bank - Jordan) - 2009
- AIX UNIX Basics (JBS – Amman, Jordan) - 2007
- Series of Banking Basics Courses (ARAB BANK - Amman, Jordan) - 2006
- Series of Equation Banking Core system courses (ARAB BANK - Amman, Jordan) - 2006
- Series of IBM AS/400 Software courses (ARAB BANK - Amman, Jordan) - 2006
- Introduction to VB.NET & ADO.NET (Executrain - Amman, Jordan) - 2004
Languages
Arabic
Native language
English
Upper intermediate
B2
Timeline
Finance and Banking B.Sc. -
Amman Arab University
10.2021 - 07.2024
Sr. Information Security Officer
Jordan Kuwait Bank
12.2014 - 06.2018
Sr. Information Security officer
PAYFORT.com (Amazon payment services)
02.2014 - 12.2014
Security officer
SGBJ Bank
10.2009 - 02.2014
Product consultant
CR2
07.2008 - 10.2009
Programmer and Analyst
Arab Bank
09.2005 - 07.2008
Computerized Information Systems B.Sc. -
Jordan University of Science And Technology
10.2000 - 08.2004
AVP, I&T Risk Unit Manager
Bank ABC (Jordan)
6 2018 - Current
Similar Profiles
Susie DarkoSusie Darko
Credit Administrator at Bank ABCCredit Administrator at Bank ABC
NIRMAL KUMAR CHINNASAMINIRMAL KUMAR CHINNASAMI
Senior Business Analyst at Bank ABCSenior Business Analyst at Bank ABC
Mahmoud AlAyoubiMahmoud AlAyoubi
Senior Business Operations Support Officer at Jordan Kuwait BankSenior Business Operations Support Officer at Jordan Kuwait Bank