Elias Diab, Developer in Toronto, ON, Canada
Elias is available for hire
Hire Elias

Elias Diab

Verified Expert  in Engineering

Bio

Elias is a highly dedicated business, technical, and strategic information security, cybersecurity, and risk management officer, executive, consultant, advisor, expert, and specialist. With over 30 years of worldwide experience, he specializes in building, managing, and maintaining information security and cybersecurity programs designed to protect your organization's systems and assets from internal and external threats and help organizations meet regulatory compliance requirements.

Availability

Full-time

Preferred Environment

Cloud, Advisory, Architecture, Certified Information Systems Security Professional, Business Transformation Program Management, Certified Trainer, CISM, CISO, Capability Maturity Model Integration (CMMI), Cloud Security

The most amazing...

...thing I've developed is a cybersecurity preparedness program established to help regulated financial dealer members operate securely worldwide.

Work Experience

Chief Information Security Officer (CISO) | Chief Information Risk Officer (CIRO)

2016 - PRESENT
Infotechglobe
  • Developed, implemented, and managed an information security, cybersecurity, and risk compliance program for various institutions from the financial services, insurance, telecom, private, retail, food, oil and gas, real estate, and technology sectors.
  • Established an enterprise security risk management program to achieve ongoing assessment of risks, mitigation tactics, escalation, monitoring and response activities, and overall compliance with formal audit functions.
  • Built a cybersecurity dashboard showcasing the key performance indicators (KPIs), offering the executive team valuable insights related to the security program's success while supporting and evolving the organization's cybersecurity strategy.
  • Established and executed a fully operational information security vendor risk management program, including strategy, framework, processes, etc.
  • Provided the necessary and much-needed advice and direction to the senior leadership team and client executives in the integration of security practices into the set strategic and operational processes.
  • Created a cyber forensics practice to investigate all reported security incidents.
  • Planned, developed, and delivered a corporate security awareness training program.
  • Established and delivered secure software development lifecycle (SDLC) programs and frameworks following a shift-left approach.
  • Steered the implementation and audit of information security management program based on risk and regulatory frameworks, standards, and best practices, such as ISO 27001/27002/27005, PCI DSS, COBIT, OWASP, CIS v8, SOC 2, and NIST SSDF/CSF/800-53.
  • Evaluated and managed many security solutions related to GRC, SIEM, DLP, IAM, PAM, penetration testing, endpoint protection, malware defense, application security, IPS/IDS, firewalls, vulnerability management, and cloud security CASB and Zero Trust.
Technologies: CISO, Information Security, Information Security Management Systems (ISMS), Certified Information Systems Security Professional, Capability Maturity Model Integration (CMMI), Risk Management, Consulting, Cybersecurity, Certified Trainer, Cloud Security, GRC, Windows, Policies & Procedures Compliance, Strategic Planning & Execution, Mentorship & Coaching, Process Execution, Operational Risk, Secure Software Development Framework (SSDF), Security Awareness, Teamwork, Vulnerability Assessment, Threat Analysis and Risk Assessment (TARA), Motivational Speaking, Leadership, Creativity, ISO 27001, SOC 2( Service Organization Control), NIST, PCI DSS, FedRAMP, CISM, CISSP, C|CISO, GWAPT, Certified Ethical Hacker (CEH), Linux, Java, Masters in Cybersecurity, Financial Management, ITIL V3 Foundation Certified, Enterprise Cybersecurity, GCP Security, AWS IoT, Azure, Google Kubernetes Engine (GKE)

Cybersecurity and Risk Management Program

Many small to medium businesses from the financial industry sectors were becoming targets of direct cybersecurity attacks due to the type of classified, sensitive information they work with. Having limited availability of internal information security expertise and working with tight financial budgets did not help either. For this purpose, I was brought to establish a cybersecurity and risk management program to provide these financial dealer members with an adequate level of cybersecurity protection while still meeting the stringent provincial and federal cybersecurity compliance requirements for financial firms.

This program took around 18 months from inception to completion, and it was based on adopting and incorporating a combination of customized information security and risk management frameworks, policies, standards, guidelines, and procedures, such as ISO 27001, ISO 27002 controls, NIST CSF, and SP 800-53 controls. The program components and requirements were implemented and managed as a fully established and well-managed information security management system lifecycle. This project was a massive success as it provided all these financial firms with the required level of cybersecurity protection measures.
2019 - 2021

Master's Degree in Cybersecurity

EC-Council - New Mexico, USA

2012 - 2015

Master's Degree in Finance

Canadian Management Center - Toronto, Canada

JULY 2019 - PRESENT

Certified Cloud Security Professional (CCSP)

Cybrary

MAY 2013 - PRESENT

Certified ISO 27005

PECB

FEBRUARY 2013 - PRESENT

Certified ISO 27001 Lead Auditor

PECB

NOVEMBER 2012 - PRESENT

Certified ISO 27001 Lead Implementer

PECB

AUGUST 2012 - PRESENT

Certified Chief Information Security Officer (CCISO)

EC Council

FEBRUARY 2010 - PRESENT

Certification in Risk and Information Systems Control (CRISC)

ISACA

JUNE 2008 - PRESENT

ITIL

Loyalist

JANUARY 2008 - PRESENT

Certified Information Security Manager (CISM)

ISACA

DECEMBER 1998 - PRESENT

Certified Information Systems Security Professional (CISSP)

ISC2

Tools

GCP Security, Google Kubernetes Engine (GKE)

Paradigms

Secure Code Best Practices, Penetration Testing, DevSecOps, DevOps

Platforms

Windows, AWS IoT, Azure, Linux

Industry Expertise

Cybersecurity, Network Security

Languages

Java

Other

Enterprise Risk Management (ERM), IT Service Management (ITSM), Security Architecture, Information Security Management Systems (ISMS), ISO 27001, ISO 27002, Threat Analysis and Risk Assessment (TARA), Software Development Lifecycle (SDLC), Policies & Procedures Compliance, System Security, CISO, CISSP, Security Audits, GRC, NIST, Critical Security Controls (CIS Controls), Web App Security, Threat Modeling, Certified Trainer, IT Audits, Threat Intelligence, Endpoint Security, Data Loss Prevention (DLP), Vulerability Management, Advisory, Consulting, Incident Management, Incident Response, SOC 2( Service Organization Control), GAP Analysis, Roadmaps, SWOT Analysis, Capability Maturity Model Integration (CMMI), Information Security, Certified Information Systems Security Professional, Risk Management, Computer Science, Business Information Systems, IT Governance, Compliance, Executive Coaching, Program Management, Cross-functional Collaboration, Communication, Process Management, Reporting, Motivational Speaking, Frameworks, IT Security, Security, System-on-a-Chip (SoC), Strategic Planning & Execution, Process Design, Mentorship & Coaching, Third-party Management, Third-party Risk, Process Execution, Operational Risk, Risk Assessment, Secure Software Development Framework (SSDF), Security Awareness, Teamwork, Vulnerability Assessment, Unified Threat Management (UTM), Technical Consulting, Leadership, Creativity, CISM, C|CISO, Enterprise Cybersecurity, Financial Management, Masters in Cybersecurity, ITIL V3 Foundation Certified, Cloud Security, Business Transformation Program Management, Technical Writing, Architecture, Identity & Access Management (IAM), Web Security, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), PCI DSS, FedRAMP, GWAPT, Certified Ethical Hacker (CEH), Data Governance, AI Trust, Risk and Security Management (AI TRiSM)

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring