Asaad Marzooq Al Harrasi
Muscat
Summary
Knowledgeable IT security and GRC professional with 11 years of experience designing and implementing security solutions in high-availability environments. Skilled in Cyber Security and GRC and adept at delivering strong risk management practices.
Overview
10
10
years of professional experience
1
1
Certification
Work History
ICT Senior Governance and Compliance
Oman Airports
Muscat
08.2023 - Current
- Developed and implemented policies and procedures for the organization's information security system.
- Reviewed existing applications for security vulnerabilities or weaknesses before deployment into production environments.
- Collaborated with IT teams on projects involving upgrades or new deployments of hardware and software components.
- Evaluated vendor services for compliance with organizational requirements regarding data protection.
- Performed periodic vulnerability scans to identify potential points of entry into the network.
- Maintained up-to-date knowledge of current threats, attack methods, and countermeasures.
- Documented all processes related to systems administration tasks performed by IT personnel.
- Maintained compliance frameworks, policies and documentation to support audits.
- Planned and executed compliance audits to check company policies, procedures and controls.
- Organized training programs to educate company staff on benefits and consequences of complying or defying regulations.
- Monitored compliance risk controls to identify deviations and offer recommendations.
- Conducted regular audits to ensure compliance with internal controls, applicable laws, and regulations.
- Provide security awareness sessions for Oman Airport Staff.
Information Security Specialist
Nama Shared Services (Nama Group)
Muscat
03.2022 - 08.2023
- Developed and maintained security policies, procedures, and standards to ensure corporate information systems are secure.
- Conducted vulnerability scans using automated tools to identify areas of risk within the network infrastructure.
- Monitored computer virus reports to determine when to update virus protection systems.
- Coordinate for executing penetration testing to identify security weaknesses and track the remediation plans with the departments.
- Ensure SOC Operations Deliverables as per Contract.
- Working with other teams to enforce security of applications and systems.
- Managed information system regulatory compliance to meet updated guidelines.
- Monitored system logs for suspicious activity and investigated any potential threats.
- Assisted in responding to internal and external security incidents by gathering evidence and initiating corrective action plans.
- Perform a daily InfoSec applications health. check (Updates and Server status).
- Ensure ISO 27001 & 22301 Certifications maintenance and closure of Audit findings for NSS.
- Risk Register Update and maintenance.
- Prepare and conduct for security awareness sessions and campaigns.
- Facilitate DR Drill execution (Service Availability) and develop a disaster recovery plan.
Networks Security Specialist
Ministry of Health
Muscat
12.2013 - 02.2022
- Conducted security assessments of computer networks and systems to identify potential vulnerabilities.
- Performed system hardening activities such as patching, user access control, firewall configuration, and anti-virus installation.
- Developed security policies and procedures for the organization in accordance with industry standards.
- Created awareness programs within the organization regarding cybercrime prevention techniques.
- Prepare auditing plans and risk assessment for the networks, systems and user activities.
- Analyze and establish security requirements for the systems and networks.
- Information Security Trainer in MOH.
Education
Bachelor of Science - Information Security
University of Technology And Applied Sciences
Sohar08-2011
Skills
- Cyber Security
- Network Security
- Governance and Compliance
- Vulnerability Assessment and Management
- SIEM Solution
- Incident Management
- Audit management
- Risk Management
- Change Management
- Compliance Monitoring and Review
- IT Policy Design and Review
Technical Profile
- Anti-Virus Management ( F-Secuer, Trend Micro Appex One and Trend Micro Deep Security ).
- Web Application Firewall Management ( Barracuda).
- Security Control Management and enhancement ( Trend Micro Web Proxy, Trend Micro Applications Control, Trend Micro XDR, Trend Micro IPS ).
- SIEM Solution Management ( Loghrythm ).
- Vulnerabilities Scanning ( Tenable ).
- GRC solution ( Standard Fusion).
Certification
- CISA - Certified Information Systems Auditor
- CNSS - Certified Network Security Specialist
- CompTIA Security+
- Cyber Security Foundation
- F-Secure Virtual Security
- Trend Micro Deep Security
Languages
Arabic
First Language
English
Advanced (C1)
C1
Timeline
ICT Senior Governance and Compliance
Oman Airports
08.2023 - Current
Information Security Specialist
Nama Shared Services (Nama Group)
03.2022 - 08.2023
Networks Security Specialist
Ministry of Health
12.2013 - 02.2022
Bachelor of Science - Information Security
University of Technology And Applied Sciences
- CISA - Certified Information Systems Auditor
- CNSS - Certified Network Security Specialist
- CompTIA Security+
- Cyber Security Foundation
- F-Secure Virtual Security
- Trend Micro Deep Security
Similar Profiles
Khalid Al MahruqiKhalid Al Mahruqi
Intern - Project Management at Oman AirportsIntern - Project Management at Oman Airports
RIYAM ALRIYAMIRIYAM ALRIYAMI
Maintenance Officer at Oman AirportsMaintenance Officer at Oman Airports
Yousuf Amer Salim TabookYousuf Amer Salim Tabook
Airport System Engineer at Oman AirportsAirport System Engineer at Oman Airports