Hesham Alsuwilem

#Cyber Security Risk Management:

Acting as Risk Manager, assisting the Director of the GRC Department in establishing and executing Cybersecurity Risk Dept. in terms of both risk governance and technical development to achieve organizational objectives.

#Responsibility:

- Risk Management:

• Building a Risk Management Strategy.
• Building a Cyber Security Risk Management Framework.
• Building a Cyber Security Risk Management Methodology.
• Building a Risk Management Criteria.
• Building a Risk Management Appetite and Tolerance.
• Building an intelligent/dynamic Cybersecurity Gap Assessment tool to assess the organization's cybersecurity readiness and current risk posture, and which threat may be affected based on MITRE ATT&CK®.
• Building Cyber Risk Register.
• Building Change Management Processes.
• Building an automated tool for risk assessment in change management.
• Develop risk assessments for different scenarios and phases.
• Develop an automated mathematical formula to reclassify vulnerabilities according to several internal criteria, similar to the worldwide rating CVSS.
• Conduct +80 Cyber Risk Assessments.
• Conduct Cyber Gap Assessments.
• Managed risks and mitigated potential issues through proactive planning, monitoring, and timely decisionmaking.

- Oversee Technical Functions of Risk Management:

• Vulnerability Management.
• Penetration Testing.
• Security Source Code Review.
• Security Configurations Review.

#Responsibility:

- Red Teaming:

• Advanced Technologies such as Breach and attack simulation (BAS) to validate cyber defense controls.

- Penetration Testing and Source Code Review activities periodically:

• Static application security testing (SAST).
• Dynamic application security testing (DAST).

- Vulnerability Management:

• Lead the VM team.
• Redesigned the VM architecture to be more compatible with the facility environment to achieve better performance, feasibility, and vulnerability outcomes.

I had started the Cybersecurity operation unit, I’ve been assigned to take the lead for executing from scratch, operating, and administrating the below Cybersecurity control solutions:
- Vulnerability Management (VM).
- Privileged Access Management (PAM).
- Multi-Factor Authentication (MFA).
- Identity and Access Management (IAM).
Moreover, I was Managing a Penetration Testing and Configuration Review engagement.

I worked as an assistant to a software engineer on projects related to developing Absher system services that are provided to citizens and residents.