Gehad Shams El-Din Mohamed Abd Alaal

As the leader of ENPPI's Cybersecurity, I am responsible for the strategic oversight of security protocols and the implementation of robust risk management practices. My expertise, allows me to effectively navigate the complexities of cybersecurity, ensuring compliance across our technological landscape. This commitment not only protects our assets but also fosters a culture of security awareness throughout the organization.

My role at Pharaonic Petroleum Company and previous work experiences strength my ability to manage diverse security systems, from firewalls to data leak prevention. This experience help in developing tailored security solutions that safeguard ENPPI's critical assets and fortify our defenses against ever-evolving threats.

• Managed the full lifecycle of security practices, ensuring alignment with business objectives and regulatory mandates.
• Established operational governance frameworks to maintain continuous compliance and mitigate risks.
• Developed and maintained information security policies, standards, and procedures tailored to organizational needs.
• Led workforce training and awareness initiatives to enhance security culture and reduce human-centric risks.
• Managed vendor relationships, ensuring adherence to security policies and conducting rigorous assessments of third-party controls.
• Implemented and audited compliance against key regulations and standards:
  Saudi Aramco SACS-002 (Control and Cybersecurity Checklist)
  Saudi NCA ECC-1:2018 (Essential Cybersecurity Controls)
  Egyptian Law 175/2018 (Cybersecurity and Data Protection)
• Conducted organization-wide cybersecurity risk assessments, prioritizing remediation efforts based on impact and likelihood.
• Developed and reported key security metrics to stakeholders for informed decision-making

• Managed and led the security team to implement security controls and ensure operational governance.
• Implemented ISO27001 compliance frameworks.
• Implements security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances company business objectives.
• Performs and investigates internal and external information security risk and exceptions assessments.
• Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks.
• Documents and reports control failures and gaps to stakeholders.
• Provides remediation guidance and prepares management reports to track remediation activities.
• Assists other staff in the management and oversight of security program functions.
• Trains, guides, and acts as a resource on security assessment functions to other departments within the company.
• Remains current on best practices and technological advancements for all the IT environment.

• Understanding complex technical issues and managing them within a fast-paced business environment.
• Design and implement PHPC DR site.
• Maintaining all the software and hardware in relation to security.
• Identifying current and emerging technology issues including security trends, vulnerabilities and threats.
• Conducting proactive scans and analysis to analyze security weaknesses and recommend appropriate strategies.

• Collect and understand customers infrastructure in order to address the needs and pains in information security.
• Analyze the customer need to offer the best security approach and solution to its environment.
• Defining problems, collecting and analyzing data, establishing facts and drawing valid conclusions.

• Plan, design and implements different security solutions in the customers digital infrastructure.
• Security monitoring customers digital infrastructure for better problems identification.
• Investigate security-related incidents as soon as they occur.