Information Technology Management Detail-oriented, knowledgeable, and competent IT Information Security, Risk and Audit with qualified years of experience in a fast-growing business intelligence company with wide-ranging expertise, including business development, security architecture, operations, and project management with strong track record of matrix-managing cross-functional teams that collaborate as a focused unit to achieve aggressive business goals. • A solution driven security leader with more than 15 years of strong business and technical experience in architecture in direct support of strategic business objectives and regulatory requirements • Particularly effective in directing the evolution of technical and non-technical solutions from concept through implementation, constantly managing the needs of the customer, the team, and the project • Relied upon as an analytic problem solver, involved and knowledgeable in all facets of company development and committed to the advancement of company objectives • Demonstrated leadership ability with capacity to align groups in whole system change; cooperative team player with practical organizational-level experience • Skilled in improving profitability, enhancing operational performance, mitigating risks, identifying security gaps, and safeguarding corporate information security • Competent in providing advisory services and managing diverse projects • Design and implement comprehensive and conscientious corporate security programs and solutions that deliver consistent bottom-line results • Well-respected and active leader with documented, positive results from participation in various key regulatory compliance projects.

Manager Information Security @ From September 2014 to Present (1 year 4 months) Toronto, Canada AreaIT Security Consultant @ From January 2014 to August 2014 (8 months) Ontario, CanadaChief Manager IT @ • Develop strategic plans and implement the objectives of the information technology of the Bank to ensure the computer capabilities are responsive to the needs of the banks’ growth and objectives • Develop an annual business plan and operating budget for the department and monitor the implementation of these to ensure that the financial targets are met and lead 80 staff cross Oman, India and Pakistan. • Leading the projects of Upgrade Base24, Card management system, redesign infrastructure, Retail and Branch automation, and Data warehouse, • Direct, attend and participate in staff meetings and related activities; attend workshops to keep up to date with Information Technology issues. • Ensure the security of the information systems, communication lines, and equipment. • Identifies resources needed and assigns individual responsibilities. • Negotiate service level agreements with both internal and external customers and service providers and monitor service delivery to ensure the agreed targets and standards are met. • Responsible for ongoing vendor management to ensure contract fulfillment and service levels are adhered to. From January 2011 to June 2013 (2 years 6 months) IT Audit Manager @ •IT management, Security, Audit and compliance, vulnerability assessment, penetration test, forensics, fraud investigation, ACL, risk assessment, ISO 27000, and PCI-DSS compliance. •Security policies, procedures, and awareness. •Business continuity (business impact analysis, business continuity plan, and Disaster recovery plan, review and testing). •Secure system architecture, design and development, including PKI –based payment system, high value data asset management and key management systems •Identify actual and potential risks to the business associated with computer systems, networks, IT installations, applications, development projects, and so on. •Observe and review technical, physical, and procedural controls in operation; assess whether the level of risk is reasonable or whether control improvements are required; •Evaluate controls and test new IT projects (Card management, BASE24, EMV, BCP, ATM, and Treasury). •Business Process and Procedure Audits and Gap Analysis. •Security Product Technologies Evaluation and Testing. •Internal Risk and Vulnerability Audits and Remediation`s •Security Project Planning and Management •Data Protection Strategies Planning & Auditing •Application Security Strategies Planning and Auditing •Information Assets Security Vulnerability Assessments •Provided IT security infrastructure risk assessment and re-engineering consulting support • Reviewed existing IT security network and systems architecture and implemented new technology as needed. •Perform security policy and configuration audits, real penetrating testing audits against client online web application, Check point firewalls, network and systems devices and servers to identify possible vulnerabilities. •Performed and developed risk assessment and risk remediation road map for the bank. •Performed Quarterly IT security risk assessments, audits and developed remediation action work plan. From July 2007 to December 2010 (3 years 6 months) IS/IT Manager @ Manage validation and Compliance team for execution and review of all underlying qualification documents and also for handling of possible deviations during related qualification activities. Implementing security policy, procedures and awareness. Implement corporate policies and convert them into local security operating procedures to meet minimum QA and security standards; ensure compliance and follow-up Design, document and implement change management procedures and provide input into Sarbanes Oxley documentation. Responsible for SCALA implementation (Financial, Logistic and manufacturing) Designing and implementing infrastructure. From January 2006 to June 2007 (1 year 6 months) ERS Manager @ Developed and implemented a risk-based IS Audit strategy and objectives in compliance with generally accepted standards to ensure that the organization's information technology and business processes are adequately controlled. Planned specific audits to ensure that the IS audit strategy and objectives are achieved. Evaluated the design, implementation, monitoring of logical access control, network infrastructure security to ensure the integrity, confidentiality and availability of information assets. Evaluated the adequacy of disaster and recovery provision to ensure the resumption of normal information and organization's ability to ensure business continuity in the event of business disruption. From April 2004 to December 2005 (1 year 9 months) Gouna Beverage @ Responsible for preparing operating budget and capital budgets for the department. Reviewed, verified and approved supplies ensuring they were disbursed accurately and properly. Issued report to managing director showing actual and budget spending levels and variances with explanations. Implemented Enterprise resource planning application for Oracle Financial General Ledger, Account receivable, Account payable, Purchasing, order Management Provided all required hardware, software and human resources required for the successful execution of the project. Was accountable for each component of the project development life cycle to be performed within the planned time scales and resource availability. Coordinated all sub-projects with the Oracle project, and appointed project leaders. Monitored and reported project team progress to the setting committee and to the interested parties within the company. From March 1999 to March 2004 (5 years 1 month) System Engineer @ Developed and enforced LAN policies, procedures, standards and strategies. Implemented accounting and security features of LAN and WAN. Developed and tested disaster recovery plans. Monitored and controlled the network. Operate FMS1, NEZOOM and NECOOM. From November 1993 to April 1999 (5 years 6 months) Computer Audit @ Developed and implemented a risk-based IS audit strategy and objectives in compliance with generally accepted standards to ensure that the organization's information technology and business processes are adequately controlled. Planned specific audits to ensure that the IS audit strategy and objectives are achieved. Analyzed information gathered to identify reportable conditions and reach conclusions. Evaluated the design, implementation, monitoring of logical access control, network infrastructure security to ensure the integrity, confidentiality and availability of information assets. Evaluated the adequacy of backup and recovery provision to ensure the resumption of normal information and organization's ability to ensure business continuity in the event of business disruption. From June 1991 to October 1993 (2 years 5 months)

Bachelor, Major in Accounting @ Ain Shams University From 1985 to 1989 Diploma, Computer Science @ The American University in Cairo From 1989 to 1990 Medhat CRISC is skilled in: ISO 27001, PCI DSS, COBIT, SAS70, Disaster Recovery, IT Management, IT Audit, Security, Information Security, Vendor Management, CISA, Information Technology, Business Continuity, Risk Management, Requirements Analysis