Dr. Bahareh Shojaie

- Managing capability in planning and monitoring teams of different divisions - consistent development of new product ideas - Market research and observing future security trends - Responsible for the lifecycle of security products - Task distribution priorities - Developing relevant document, such as business case, product concept, trainings, sales information - Portfolio Strategy - Analysing turnover to improve the sale - Maintaining current products, e.g. more options, better price, attractive bundles

Conducting cloud risk management and supporting cloud risk processes Performing Threat modelling, vulnerability management and governance in cloud computing security Designing and implementing an ISMS according to the ISO/IEC 27001 Assessing and analysing policies and conducting gap analyses Conducting IT security audit, risk management and assessing corresponding technical security solutions Analysing Capability Maturity Model based on the Cyber Strategy Framework

- Ensuring the security of IT landscape - Governance, risk, compliance and in particular establishment and further development of new internal control system - Coordinating and supporting IT in analysing processes, identifying and assessing risks, implementing appropriate controls as well as the documentation and implementation of the necessary measures - Accompanying external and internal audits and assist in the resulting measures - Actively participating in knowledge sharing and cross-functional working

Assessing Information Security Management Systems based on international standards Assessing Cyber security maturity based on ISO/IEC 27001 Assessing and analysing policies as well as auditing technical IT security solutions

Analyzing “Implementation of Information Security Management Systems based on the ISO 27001 standard” Evaluating the effectiveness of the security controls of ISO 27001 for IT security audit Analyzing organizations’ Information Security Culture for designing security awareness Analyzing the adoption of ISO 27001, in terms of the average number of certificates issued Analyzing complementary and best practices security standards from industry and security policies

Analyzing and re-planning of Information Security Management System

Analyzing Implementation of ISMS based on the ISO 27001 standard, Evaluating the effectiveness of security controls ISO 27001:2013, Analyzing organizations’ Information Security culture, Investigating the benefits of ISO 27001 to develop an ISMS