Nabil Massaad
Certified Information System Auditor (CISA)
Hadath
Summary
Experienced and results-driven Head of IT Audit with over 20 years in financial services, specializing in auditing complex IT environments, cybersecurity frameworks, and regulatory compliance across banking systems. Proven track record of leading risk-based IT audit strategies aligned with business goals, regulatory expectations, and global standards (COBIT, ISO 27001, NIST). Skilled in managing cross-functional teams, driving audit transformation, and providing strategic insights to senior leadership and audit committees. Certified in CISA and currently preparing for the CRISC exam to further deepen expertise in IT risk management. Committed to strengthening IT governance and ensuring resilience in digital banking operations.
Overview
23
23
years of professional experience
6
6
years of post-secondary education
3
3
Languages
Work History
Head of IT Audit
Bank Audi sal
Downtown
11.2024 - Current
- Develop and implement the annual IT audit plan in line with business strategy and risk assessments
- Align audit strategies with regulatory requirements and frameworks
- Advise senior management and the audit committee on IT risks and emerging technologies
- Lead and manage audits covering:
- IT infrastructure (servers, databases, networks)
- Cybersecurity controls
- Business continuity/disaster recovery
- Application controls (including core banking systems)
- Change management
- Third-party/vendor risk
- Ensure all audits are conducted in accordance with internal audit standards
- Identify key IT risk areas in the bank's operations
- Work closely with Enterprise Risk Management (ERM), Information Security, and Compliance teams to monitor risk trends
- Track and evaluate remediation actions from prior audits
- Regularly communicate findings and risk insights to senior management, the audit committee, and regulators
- Collaborate with internal and external auditors and regulators during inspections or assessments
- Ensure IT audits comply with:
- Internal policies and procedures
- Banking regulations (e.g., FFIEC, MAS, RBI, EBA—depending on jurisdiction)
- Data privacy laws
- Participate in governance and steering committees (IT Steering Committee, Risk Committees)
IT Audit Assistant Manager
Online Money Transfer - OMT SAL
Beirut
10.2022 - 08.2024
- Primary mission is to perform independent and objective assessments of business processes, systems, infrastructure and related controls with the goal of improving risk management, operations, security, compliance, and the overall system of internal controls within OMT.
- Audit planning, execution, reporting and following up
- Assess the adequacy and effectiveness of IT controls
- Identify and assess IT-related risks
- Ensure that IT practices and systems compliance with relevant laws, regulations, and industry standards
- Foster open and effective communication with various stakeholders, including IT teams, business units, and external auditors
- Maintain the quality and consistency of IT audit processes and documentation
- Assess and audit third-party vendors and service providers to ensure they meet security and compliance requirements
- Member of IT Security Committee and Tendering Committee
- Stay current with industry trends, emerging technologies, and changes in regulatory requirements
Senior IT Auditor
BSL Bank SAL
Beirut, Achrafieh
07.2017 - 10.2022
- Design, plan, and implement BSL’s IT audit programs taking into consideration its risk assessments
- Coordinate and execute information system audit activities
- Identify potential IT risks and related issues by applying knowledge of Information Technology industry trends and present IT environment and develop and implement a risk-based IT Audit plan
- Recommend corrective steps to address the risks
- Appraises adequacy of internal control systems
- Ensure audit recommendations are addressed and implemented and do follow up
- Develop well-crafted audit reports including results and recommendations for management
- Ensure compliance with BDL regulations, International Standards and BSL internal policies
- Support external audits and regulatory examinations by preparing and submitting relevant documentation and reports that are being requested
Head of IT Network and Systems
BSL Bank SAL
Beirut, Downtown
09.2002 - 07.2017
- Structure planning and budgeting
- Organize and define responsibilities and needs of the unit
- Performance evaluation
- Responsible of solutions improvement
- Assure the security on the systems
- Keep up-to-date with new technologies
- Administration of Microsoft Windows Infrastructure:
- Windows Servers, HyperV, Directory Services
- Exchange, SQL
- Administration of AS400 (520 and 720)
- HMC, MIMIX, PowerTech Security Modules, HSM
- Administration of EMC VNX5200 and Recover Point
- Administration of EMC Data Domain 2500 and Networker9
- Administration of Network and Security Appliances:
- LAN/WAN, Routers, Switches, Firewall
- IPS/IDS, WAF, Mail Filter
- Administration of Swift Alliance Access Platform
IT Network and System Administration
Ministry of Culture
Beirut, Downtown
12.2001 - 01.2003
- Network and system Administration and Helpdesk and support at the Arab and Francophone Summits
Education
Masters - Computer Engineering
University of Balamand
01.1999 - 01.2001
Masters - Networking
INCI/ESIB/USJ
01.1998 - 01.1999
Bachelor - Telecommunications and Computer Science
INCI/ESIB/USJ
01.1995 - 01.1998
Skills
Team leadership
Collaborative teamwork
Flexible in dynamic environments
Adaptable to change
Consistently dependable
Strategic decision making
Effective time management
Project coordination
IT audit management
Risk assessment
Regulatory compliance
Cybersecurity controls
Courses Trainings
- Creative problem solving and decision making, 2023
- The Power of Positive Thinking Emotional Intelligence, 2023
- Presentation Skills and Public Speaking, 2023
- COBIT 2019 Foundation, 2019
- Fraud and Corruption Auditing, 2018
- CISA- Certified Information Systems Auditor, 2017
- ITIL Foundation v3, 2014
- CAST 611- Advanced Penetration Testing, 2014
- CAST 611- Advanced Penetration Testing, 2011
- Configuring and Troubleshooting a Windows Server 2008 Network Infrastructure, 2012
- Implementing and Managing Ms. Server Virtualization, 2012
- System Center Virtual Machine Manager, 2011
- IBM i Administration and Control, 2009
- Microsoft Certified System Engineer, 2003
Interests
Playing Music
Singing
Reading
Swimming
Education Certifications
- Certified Information Systems Auditor (CISA), ISACA, 2019, 19158537
- Masters in Computer Engineering, UOB - University of Balamand, 2001
- Masters in Networking, INCI/ESIB/USJ, 1999
- Bachelor in Telecommunications and Computer Science, INCI/ESIB/USJ, 1998
Music, Reading
Arabic (native language)
English
French
Timeline
Head of IT Audit
Bank Audi sal
11.2024 - Current
IT Audit Assistant Manager
Online Money Transfer - OMT SAL
10.2022 - 08.2024
Senior IT Auditor
BSL Bank SAL
07.2017 - 10.2022
Head of IT Network and Systems
BSL Bank SAL
09.2002 - 07.2017
IT Network and System Administration
Ministry of Culture
12.2001 - 01.2003
Masters - Computer Engineering
University of Balamand
01.1999 - 01.2001
Masters - Networking
INCI/ESIB/USJ
01.1998 - 01.1999
Bachelor - Telecommunications and Computer Science
INCI/ESIB/USJ
01.1995 - 01.1998