Elias Diab
Verified Expert in Engineering
vCISO and Security Program Developer
Toronto, ON, Canada
Toptal member since February 28, 2023
Elias is a highly dedicated business, technical, and strategic information security, cybersecurity, and risk management officer, executive (CISO/vCISO), consultant, advisor, expert, and specialist.With over 25 years of worldwide experience, he specializes in building, managing, and maintaining information security and cybersecurity programs designed to protect your organization's systems and assets from internal and external threats and help organizations meet regulatory compliance requirements.
Portfolio
Experience
- Consulting - 20 years
- Policies & Procedures Compliance - 20 years
- GRC - 20 years
- CISO - 20 years
- Cybersecurity - 20 years
- Advisory - 20 years
- Incident Management - 12 years
- Information Security Management Systems (ISMS) - 10 years
Availability
Preferred Environment
Advisory, GRC, Incident Response, Security Awareness Training, IT Security, Workshops, Vulnerability Assessment, Information Security Management Systems (ISMS), Enterprise Cybersecurity, IT Consulting
The most amazing...
...thing I built is a cybersecurity preparedness program to help regulated financial dealers work securely, meet compliance, and mitigate cyber risks efficiently.
Work Experience
Chief Information Security and Risk Officer (CISO/CISRO)
Infotechglobe
- Developed, implemented, and managed an information security, cybersecurity, and risk compliance program for various institutions from the financial services, insurance, telecom, private, retail, food, oil and gas, real estate, and technology sectors.
- Established an enterprise security risk management program to achieve the ongoing assessment of risks, mitigation tactics, escalation, monitoring and response activities, and overall compliance with formal audit functions.
- Built a cybersecurity dashboard showcasing the key performance indicators (KPIs), offering the executive team valuable insights related to the security program's success while supporting and evolving the organization's cybersecurity strategy.
- Established and executed a fully operational information security vendor risk management program, including strategy, framework, processes, etc.
- Provided the necessary and much-needed advice and direction to the senior leadership team and client executives in the integration of security practices into the set strategic and operational processes.
- Created a cyber forensics practice to investigate all reported security incidents.
- Planned, developed, and delivered a corporate security awareness training program.
- Established and delivered secure software development lifecycle (SDLC) programs and frameworks following a shift-left approach.
- Steered the implementation and audit of information security management program based on risk and regulatory frameworks, standards, and best practices, such as ISO 27001/27002/27005, PCI DSS, COBIT, OWASP, CIS v8.1, SOC 2, and NIST SSDF/CSF/800-53.
- Evaluated and managed many security solutions related to GRC, SIEM, DLP, IAM, PAM, penetration testing, endpoint protection, malware defense, application security, IPS/IDS, firewalls, vulnerability management, and cloud security CASB and Zero Trust.
Senior Managing Security Consultant
IBM
- Delivered strategic security consulting services, enhancing clients' security posture and aligning solutions with business goals.
- Conducted comprehensive risk assessments, developed mitigation strategies, and implemented tailored security frameworks to address client-specific challenges.
- Advised clients on achieving regulatory compliance and aligning with industry standards, including NIST CSF, ISO 27001, and SOC 2.
- Developed and implemented incident response plans, helping clients prepare for and effectively manage security breaches.
- Assisted clients in selecting and deploying innovative security technologies, ensuring seamless integration into existing IT environments.
- Led cybersecurity training sessions, promoting best practices and raising awareness of emerging threats.
- Collaborated with IT teams to secure web and mobile applications, cloud environments, and network infrastructures.
- Provided ongoing security monitoring and post-implementation support to ensure long-term security resilience.
Director Information Security and Risk Management
Manulife Canada
- Developed and implemented the information security strategy and program for the business unit, ensuring alignment with organizational goals.
- Led risk management efforts, including identifying, assessing, and mitigating security risks across the business units.
- Oversaw incident response and recovery operations, ensuring rapid recovery from security breaches and minimizing organizational impact.
- Conducted regular security and privacy assessments and audits to ensure compliance with industry regulations, such as OSFI, PIPEDA, SOC 2, and ISO 27001.
- Collaborated with senior leadership to integrate security priorities into business initiatives, fostering a security culture across the business unit.
- Designed and executed security awareness programs to educate employees and stakeholders on security best practices and regulatory compliance.
- Monitored and reported on key security metrics and trends, providing recommendations for continuous improvement in the security posture.
Information Security Officer
OpenText
- Managed information security operations, ensuring the confidentiality, integrity, and availability of organizational data and systems.
- Conducted vulnerability assessments and penetration testing to identify security weaknesses and implement appropriate remediation measures.
- Implemented and enforced security controls for in-house software development teams, cloud environments, and infrastructure to mitigate risks.
- Developed, reviewed, and maintained comprehensive security policies, standards, and procedures, ensuring alignment with industry best practices and regulatory requirements.
- Led incident response efforts, coordinating with relevant teams to quickly identify, contain, and resolve security incidents.
- Conducted regular security training and awareness sessions for staff to reinforce a security-conscious culture.
- Collaborated with cross-functional teams to assess and manage emerging security threats, ensuring proactive measures were taken to protect critical assets.
- Monitored and reported on security metrics, providing actionable insights to senior management on the organization’s overall security posture.
Experience
Cybersecurity and Risk Management Program
This program took around 18 months from inception to completion, and it was based on adopting and incorporating a combination of customized information security and risk management frameworks, policies, standards, guidelines, and procedures, such as ISO 27001, ISO 27002 controls, NIST CSF, and SP 800-53 controls. The program components and requirements were implemented and managed as a fully established and well-managed information security management system lifecycle. This project was a massive success as it provided all these financial firms with the required level of cybersecurity protection measures.
Enterprise Cybersecurity GRC Framework Implementation
Cybersecurity Preparedness Program for Financial Dealer Members
RESPONSIBILITIES
• Conducted security risk evaluations across dealer member firms, identifying vulnerabilities in trading platforms, client data protection, and network security.
• Developed and tested a standardized Cyber Incident Response Plan (CIRP) aligned with ISO 27035 and NIST 800-61, ensuring firms had clear escalation paths and containment measures.
• Led cyber crisis simulation exercises for executive leadership and IT teams, testing responses to real-world cyberattack scenarios (e.g., ransomware).
• Integrated business continuity and disaster recovery (BC/DR)
• Managed regulatory compliance and reporting
Education
Master's Degree in Cybersecurity
EC-Council - New Mexico, USA
Master's Degree in Finance
Canadian Management Center - Toronto, Canada
Master's Degree in Computer Science
KPI - United Kingdom
Certifications
Certified Cloud Security Professional (CCSP)
Cybrary
Certified ISO 27005
PECB
Certified ISO 27001 Lead Auditor
PECB
Certified ISO 27001 Lead Implementer
PECB
Certified Chief Information Security Officer (CCISO)
EC Council
Certification in Risk and Information Systems Control (CRISC)
ISACA
ITIL
Loyalist
Certified Information Security Manager (CISM)
ISACA
Certified Information Systems Security Professional (CISSP)
ISC2
Skills
Tools
GCP Security, Google Kubernetes Engine (GKE)
Paradigms
Secure Code Best Practices, Penetration Testing, DevSecOps, DevOps
Platforms
Windows, AWS IoT, Azure, Linux
Industry Expertise
Cybersecurity
Languages
Java
Other
Enterprise Risk Management (ERM), IT Service Management (ITSM), Security Architecture, Information Security Management Systems (ISMS), ISO 27001, ISO 27002, Threat Analysis and Risk Assessment (TARA), Software Development Lifecycle (SDLC), Policies & Procedures Compliance, Security Policies & Procedures, CISO, CISSP, Security Audits, GRC, NIST, Critical Security Controls (CIS Controls), Web App Security, Threat Modeling, Certified Trainer, IT Audits, Threat Intelligence, Endpoint Security, Data Loss Prevention (DLP), Vulnerability Management, Advisory, Consulting, Incident Management, Incident Response, SOC 2, GAP Analysis, Roadmaps, SWOT Analysis, Capability Maturity Model Integration (CMMI), Information Security, Certified Information Systems Security Professional, Risk Management, Computer Science, Business Information Systems, Network Security, IT Governance, Compliance, Executive Coaching, Program Management, Cross-functional Collaboration, Communication, Process Management, Reporting, Motivational Speaking, Frameworks, IT Security, Security, System-on-a-Chip (SoC), Strategic Planning & Execution, Process Design, Mentorship & Coaching, Third-party Management, Third-party Risk, Process Execution, Operational Risk, Risk Assessment, Secure Software Development Framework (SSDF), Security Awareness, Teamwork, Vulnerability Assessment, Unified Threat Management (UTM), Technical Consulting, Leadership, Creativity, CISM, C|CISO, Enterprise Cybersecurity, Financial Management, Masters in Cybersecurity, ITIL V3 Foundation Certified, Security Awareness Training, Workshops, Regulatory Compliance, Tabletops, ISO Compliance, SOC Compliance, Security Assessment, Cloud Security, Business Transformation Program Management, Technical Writing, Architecture, Identity & Access Management (IAM), Web Security, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), FedRAMP, GWAPT, Certified Ethical Hacker (CEH), PCI DSS, Data Governance, AI Trust, Risk and Security Management (AI TRiSM), Business Continuity Planning (BCP), Disaster Recovery Plans (DRP), Office of the Superintendent of Financial Institutions (OSFI), Personal Information Protection and Electronic Documents Act (PIPEDA), Strategy, ISO Standards, Business Objectives, Risk Management Framework (RMF), Machine Learning, IT Networking, Cloud Computing, Advisory, Consulting, Cybersecurity Strategy and Risk Management, GRC, Incident Response, Security Architecture, IAM, Cloud Security, Network Security, Penetration Testing, Data Security, SOC, Threat Intelligence, Compliance, Security Auditing, BCDR, DevSecOps, Endpoint Security, SIEM, Security Awareness, Third-Party Risk Management, Zero Trust Architecture., Security Operations Centers (SOC), Business Continuity & Disaster Recovery (BCDR), Cyber Threat Intelligence (CTI), IT Consulting
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring