Emad ALMuaybid

Cybersecurity Organization covering both Cybersecurity Operation & Cybersecurity Government .

Cybersecurity Organization Report to Minster assistant

• Developed and implemented Enterprise Security Program that includes more than 10 departments and 2,000 employees.
• Analyzed NCA and Center IT requirements to determine impacts and developed effective implementation strategies for compliance.
• Led Organization to achieve NCA compliance. Achieve 94% Audit score compare to 1% of previous audit
• Select and Hire Cybersecurity skill team . Increase Organization size from 3 to 27 employees first year
• Developed administrative procedure for Appropriate Use of Computing Devices and Other IT Resources to establish policy for appropriate and inappropriate use of computing devices (including employee owned devices) that connect to IT resources.
• Developed and implemented Cybersecurity Awareness Training Program for all employees.
• Led evaluation, selection and implementation of the following tools: governance, risk & compliance (GRC), security information and event management (SIEM), automated vulnerability management, automated penetration testing, data loss prevention (DLP), intrusion detection system/intrusion prevention system (IDS/IPS), , and mobile device management.
• Conducted IT security audits to ensure effective implementation of security controls.
• Ensured vulnerability and threat assessments were performed to evaluate effectiveness of existing security controls.
• Developed and implemented processes to enable detection, identification, and analysis of IT security threats and vulnerabilities.
• Developed and implemented Information Security Training and Awareness Program.
• Developed service level agreements, including appropriate performance metrics.

Cybersecurity Organization covering both Cybersecurity Operation & Cybersecurity Government

Cybersecurity Organization covering both IT & OT ( Operation technology)

Executive Director ( CISO) Report to Share Service EVP who report to CEO

• In Jun 2020 , I sponsor an initiative to separated SABIC Corporate Cybersecurity and make it independent from IT
• Partnering with Human Resources, Product Management, Engineering, Legal and senior management on processes and issues that relate to Information Security and protection of provide centralized end-to-end Cyber Security governance services across the globe (for over 50,000 employees in KSA and around the world) with an ultimate responsibility of keeping SABIC secure from Cyber-attacks.
• Oversee a team of 100+ talented security professionals to provide end-to-end Cyber Security operation & governance services across the globe with an ultimate responsibility of keeping SABIC secure from Cyber-attacks.
• Management of IT Security Program worth more than 100 million dollar , for SABIC globally
• Establishing and updating Corporate Cyber Security vision, strategy, and related programs to ensure business strategy alignment, information assets protection across SABIC's global portfolio.
• Ensure 24x7x365 delivery of centralized SoC services for al SABIC worldwide
• Established management control and communications processes to ensure Cybersecurity Program is implemented consistent with current policies.
• Providing leadership to incident response process; providing periodic Information Security Program status reports to senior management as appropriate; promoting Information Security awareness throughout the organization
• Enforcing , Monitoring and advising management of industry and regulatory changes affecting Information Security, working proactively to help organization understand and implement appropriate changes such as SABSA, ISO 27002, ISO 27001 , NIST CSF , ISF NERC , Internal Safety and legal policies etc.
• Overseeing a process to monitor Information Security controls within IT, OT and business units for exceptions to established policy standards, security violations, and significant system changes and Security risk mitigation initiatives; overseeing process to monitor vendor management oversight required by regulator guidance related to third-party Security risk
• Conducted IT security audits to ensure effective implementation of security controls.
• Ensured development and implementation of risk analysis processes and procedures for IT systems.
• Defined risk mitigation strategies and reported significant changes to senior management.
• Promoted accountability of Division Chiefs in managing information security risks.
• Ensured vulnerability and threat assessments were performed to evaluate the effectiveness of existing security controls.
• Developed and implemented processes to enable detection, identification, and analysis of IT security threats and vulnerabilities.
• Developed and implemented Information Security Training and Awareness Program.
• Developed service level agreements, including appropriate performance metrics.

• Developed program IT governance document that includes effective approach to internal and external integration and communication to accomplish IT objectives.
• Coordinated activities of Information Officers to define and establish unified program-wide approach to address IT issues and mitigate IT risks.
• Established a management control and communications process to ensure IT Program was implemented consistent with the SABIC framework & procedure
• Paid attention to detail while completing assignments.
• Worked flexible hours across night, weekend and holiday shifts.
• Managed time efficiently in order to complete all tasks within deadlines.
• Provided leadership to IT team and contractor community for resolution of IT issues and implementation of process improvements from lessons learned.

• Manage 90+ people
• Proven ability to develop and implement creative solutions to complex problems.
• Learned and adapted quickly to new technology and software applications.
• Worked well in team setting, providing support and guidance.
• Applied effective time management techniques to meet tight deadlines.
• Attain ISO 2009 certification