Rula Awawdeh

Experienced Information Security & IT Risk specialist with over 15 years of both domestic and international experience Cybersecurity, Application Security, Security Architecture, IT Risk Management, Data Privacy and IT Compliance Programs. Skilled in collaborating with key stakeholders, cross-functional teams, and personnel at all levels to develop and implement fully integrated frameworks to achieve organizational objectives. Recognized as a respected leader and problem solver, adept at translating objectives into actionable plans to drive tangible results.

• THE WORLD BANK GROUP (WBG), Washington, D.C., 01/01/10, Present, Data Protection Officer - Information Security, Privacy, Risk Management & Compliance, 01/01/19, Present, Support and facilitate a risk aware culture, ensuring that WBG information assets are protected in an effective, efficient, and balanced manner., Ensure that IT security and risk management efforts are coordinated and aligned to the Bank's business and IT strategy throughout the World Bank Group., Conduct Security Architecture review on WBG solutions (cloud, on-premises, and AI) as per the World Bank Group (WBG) Enterprise Security Framework, ISO27001, and identify required security controls to mitigate risks., Conduct AI Risk Assessment on AI solutions to ensure adherence to risk management best practices., Conduct Data Privacy Technical Impact Assessment (PTIA) as per the WBG Data Privacy policy to identify required technical privacy controls and reduce privacy risks., Collaborate with IT applications owners, IT Risk Management and Third-Party Risk Management teams to assess risk exposure and ensure compliance with global regulations., Collaborate with procurement, Data Privacy Offices, and legal teams to validate third-party contracts align with the WBG Information security and privacy requirements., Evaluate WBG current software security posture and propose mitigation and remediation plans to meet software security assurance requirements., Assist in developing an inventory that records the purposes and methods by which personal data is collected, shared, and utilized by the organization., Support the WBG Records Management team on implementing Data Retention & Disposition policy on solutions that process personal data (On-prem, cloud, SaaS)., Lead & execute periodic gap analysis exercise and assess technical controls for legacy solutions and work with the solutions owners and the IT development teams on corrective actions to ensure the implementation of required technical controls and mitigate privacy risks., Manage the implementation of the WBG Privacy Technical Controls Framework., Collaborate with stakeholders to develop corrective action plans for identified privacy compliance issues and ensure the implementation of required technical controls and mitigate privacy risks., Oversee and manage key projects that support security automation, agility, and simplification of data protection review and testing processes such as the implementation of the Threat Modeling tool., Provide training to the IT development teams on Security & Privacy by Design principle and provide the required support and guidance to ensure appropriate security and privacy controls are an integral part of WBG IT business solutions and the Software Development Lifecycle (SDLC)., Provide key information to senior management on security and privacy matters such as key performance indicators, metrics, and dashboard., Act as the primary contact from the Office of Information Security in WBG Data Privacy Technical Committee to facilitate the implementation of privacy tools such as OneTrust Privacy Management tool, Information Data Discovery, and ID proofing Identity for DSAR., IT Officer - IT Security, Risk, & Compliance, 01/01/15, 12/31/18, Oversaw and directed all development and maintenance operations in accordance with Institutional Software Assets Management (ISAM) policies, directives, and processes to support the software asset lifecycle., Mitigated risk by executing Software Asset Management (SAM) to ensure acquired and deployed software adheres to authorization requirements and license entitlements., Reduced risk by managing the execution of Software Asset Management (SAM) processes to ensure acquired and deployed software adheres to authorization requirements and license entitlements; championed the successful implementation of the Software License Optimization Tool., Automated the generation of periodic SAM reports leveraged to assess software compliance, completeness of inventory, and spend data to facilitate transparency to stakeholders into findings and results while supporting alignment to budgetary guidelines., Drove process and performance improvement initiatives through the collection and analysis of data to identify cost saving opportunities and deliver change recommendations to management as warranted., Oversaw the design, development, and deployment of ISAM dashboards and reports, integrating established key performance indicators (KPIs) and best practices., Improved reporting capabilities by leading the design and enhancement of software spend reports using Power Business Intelligence (BI) and data software request in Tableau., Streamlined the optional software request and procurement process by designing and implementing improved practices and identifying key stakeholders within the workflow., Performed periodic data quality and normalization assurance reviews of the SAM repositories, software catalog, deployment, and entitlement information., Managed the implementation of the Software License Optimization Tool (SLOE) and design custom reports to support a variety of IT initiatives, including the Windows 10 roll-out, IT simplifications, and end user computing roadmap development., Developed software vendor classifications based on spend and risk, supporting the Third-Party Risk Management group’s effort to ensure compliance to internal best practices., IT Analyst - Information Security Awareness & Compliance – Office of Information Security, 01/01/10, 12/31/14, Developed, designed, and implemented of comprehensive information security awareness program for the World Bank Group., Led efforts to measure effectiveness and impact of the awareness program by analyzing quarterly phishing results and distributing metrics and findings of phishing exercises executed., Designed and delivered the information security course to address emerging threats and improve related staff skills and capabilities design and facilitate information security awareness training during new staff orientation., Built and maintained a culture of security awareness in partnership with the Office of Information Security; coordinated information security events, including the World Bank Information Security Awareness Day and lunch and learn events., Monitored and enforced the completion of online security courses through the collection of data and preparation of metrics and reports., Teamed with Office of Information Security in directing information security activities by liaising with key cross-departmental staff to specify, review, implement, and validate effectiveness of awareness activities., Managed WBG Microsoft Portfolio to facilitate the renewal of Microsoft contract and negotiation process.
• THE INTERNATIONAL FINANCE CORPORATION (IFC), Amman, Jordan, 01/01/06, 12/31/10, IT & Security Specialist – The World Bank Group Middle East & North Africa, 01/01/06, 12/31/10, Provided IT and security leadership, charged with designing, installing, and configuring the server infrastructure across the Amman, Cairo, and Dubai offices., Controlled access to network resources, spanning network drives, printers, scanners, and Wi-Fi to ensure correct access per job function., Implemented local administration rights for workstations and through enforcement password security rules, procedures, and policies., Managed cost, schedules, and IT dependent assets and resources to ensure ongoing projects function without disruption., Evaluated and tested new products and services and make IT application and service recommendations for the Corporate Business Informatics Department; appointed project sponsor representative to support application development initiatives., Maintained seamless system operations by deploying upgrades, patches, and hardware upgrades in accordance with corporate and vendor standards while ensuring alignment with internal guidelines., Trained and onboarded new staff, ensuring an understanding of information security threats and staff roles to protect information., Raised IT and security awareness company-wide by organizing and facilitating campaigns and events covering a broad-range of subjects.