Haji Mohammad Norhaidi Haji Hamdi
Information Risk Management - IT/OT Advisory
No 50, Jalan Sumbui-sumbui, RPN Lumut, Belait,Brunei Darussalam
Summary
Cybersecurity professional with 20 years of progressive experienced in Oil and Gas industry. Demonstrated skill identifying business risks and compliance issues and designing proactive solutions. To seek and maintain full-time position that offers professional challenges utilizing interpersonal skills, excellent time management and problem-solving skills. Organized and dependable candidate successful at managing multiple priorities with a positive attitude. Willingness to take on added responsibilities to meet team goals. Successful at optimizing cyber security standards, improving planning processes and managing systems implementation. Knowledgeable about disaster recovery planning, roadmapping and well-versed in infrastructure daily operations management.
Overview
22
22
years of professional experience
6
6
Certificates
Work History
IT/OT Advisory
Brunei Shell Petroleum
10.2023 - Current
- Enhanced BSP45/Asset Management System (AMS) governance frameworks by implementing robust policies and procedures based on IRM Risk Profile.
- Ensured regulatory compliance, proactively identifying areas of potential risk and taking corrective actions.
- Supported strategic planning efforts by providing insights into relevant risks, opportunities, and compliance requirements.
- Conducted comprehensive audits on IT/OT governance processes, ensuring adherence to established standards and best practices.
- Collaborated with cross-functional teams to develop governance-related training programs, raising awareness on critical issues.
- Managed team of professionals responsible for executing various aspects of organization''s advisory activities efficiently and effectively.
- Defined performance indicators and quality metrics to maintain compliance with advisories policies, standards and adoption requirements.
- Streamlined OT incident response processes, shortening time required to detect, analyze, and respond to cyber attacks effectively.
PCD IT Security Governance and Compliance
Brunei Shell Petroleum
06.2019 - 10.2023
- Conducted thorough risk assessments for proposed projects or changes in technology infrastructure, highlighting potential vulnerabilities before implementation could begin.
- Improved overall PCD IT security posture by regularly reviewing BSP45 and updating protocols in alignment with industry best practices and emerging trends.
- Evaluated new technologies to strengthen PCD IT security infrastructure, maintaining cutting-edge protection against threats.
- Enhanced network security by conducting regular vulnerability assessments and implementing necessary patches for BSP Assets.
- Collaborated with cross-functional teams to address complex security incidents, minimizing potential damage.
- Created customized reports for stakeholders detailing key metrics related to PCD IT security performance, fostering transparency and accountability within organization.
- Performed regular LOD1/LOD2 audits and assessment.
- Identified areas requiring improvement through detailed analysis of past incidents, preventing future occurrences through targeted remediation efforts.
- Spearheaded development of incident response plan, significantly reducing downtime in event of breach.
- Educated and trained users on information security policies and procedures.
Lead, PCD IT Security
Brunei Shell Petroleum
04.2016 - 06.2019
- Developed and implemented IRM Risk Profile and Design Engineering Practice [DEP] IT security policies, ensuring compliance with industry standards and best practices.
- Established robust patch management process that ensured timely updates to 356 servers components across 42-sites in BSP Assets.
- Implemented 2-multi-factor authentication measures for accessing OT, adding extra layer of defense against unauthorized access attempts in PCAD (Process Control Access Domain).
- Collaborated with cross-functional teams to address complex security incidents, minimizing potential damage.
- Conducted quarterly PCD IT security audits to identify vulnerabilities.
- Executed annual penetration testing to identify security weaknesses and develop disaster recovery plans.
- Developed plans to safeguard computer files against modification, destruction, or disclosure.
- Advising request on firewall access to maintain optimal levels of network protection while allowing for necessary business operations.
Senior System Engineer
Brunei Shell Petroleum
04.2009 - 04.2016
- Collaborated with cross-functional teams to develop integrated IT infrastructure, resulting in improved performance and reliability.
- Enhanced user experience through design of intuitive user interfaces for custom applications and tools.
- Improved system stability by performing regular audits, updating software patches, and addressing vulnerabilities promptly.
- Contributed to strategic planning initiatives by providing expert insights into emerging trends in IT infrastructure management best practices.
- Mentored junior engineers and attachment students, fostering culture of continuous learning and professional growth within team.
- Implemented virtualization technologies to consolidate resources, reduce costs, and improve overall system efficiency.
- Led troubleshooting efforts during high-profile incidents effectively resolving complex issues within minimal downtime.
- Led server infrastructure development, quality assurance, staging and production systems.
System Engineer
Brunei Shell Petroleum
03.2005 - 04.2009
- Provided technical support to end-users, ensuring timely resolution of hardware and software issues.
- Streamlined workflow processes by automating repetitive tasks, increasing overall productivity in department.
- Maintained up-to-date knowledge of industry best practices through continuous professional development initiatives such as certifications and training workshops.
- Participated in on-call rotations to provide round-the-clock support for critical systems, ensuring minimal disruption to business operations.
- Coordinated with other IT departments to ensure seamless integration between systems during new software implementations or migrations from legacy platforms.
- Contributed to business continuity plans by developing disaster recovery strategies that minimized downtime in case of unexpected events or incidents.
- Developed comprehensive documentation detailing system architectures, configurations, and troubleshooting procedures for future reference.
Corporate External Affairs
Brunei Shell Petroleum
06.2002 - 03.2005
- Enhanced community relations by coordinating and executing outreach events and initiatives.
- Managed social media platforms to increase brand awareness and public engagement with relevant stakeholders.
- Cultivated relationships with local journalists to secure positive coverage of important initiatives and programs.
- Prepared or edited organizational publications such as SALAM newsletters for internal or external audiences.
- Built and maintained positive relationships with government stakeholders by utilizing strategic plans such as PRYNSA (Princess Rashidah Young Nature Scientist Award), National Day Celebration, His Majesty Birthday Celebration
Engineer-Shell Global Infrastructure Desktop (GID)
Komputer WISMAN
01.2002 - 06.2002
- Assisted customers in identifying issues and explained solutions to restore service and functionality.
- Collaborated with vendors to locate replacement components and resolve advanced problems.
- Configured hardware, devices, and software to set up work stations for employees.
- Installed, configured and maintained computer systems and network connections.
- Diagnosed and troubleshot hardware, software and network issues.
Education
HND (Higher National Diploma) - Computer Studies
Institute Technology Brunei
Tungku, Rimba 04.2001 -
A Level -
Maktab Duli Pengiran Muda Al-Muhtadee Billah
Gadong 04.2001 -
Accomplishments
Spearheading BSP Asset IT Infrastructure upgrade project. By leveraging my expertise in IT Security & Infrastructure, Virtualization and Middleware platform, I collaborated successfully migrated the BSP Asset IT infrastructure to a more scalable and cost effective platform. This initiative not only enhanced system performance and reliability but also generated significant cost savings for the organization securely.
Certification
Certified Global Shell-Asset Management System (AMS) Auditor
Skills
Network security
Security auditing
NIST frameworks
Penetration testing
Vulnerability assessment
Security policy development
Compliance management
Patch management
Security architecture
ISO 27001 compliance
Business continuity
IoT security
Cybersecurity frameworks
Cloud security
Security training
Network security management
Security risk assessment
Compliance auditing
Teamwork and collaboration
Security protocols
Data security
Timeline
PCD Technical Authority (TA2)-in progress
11-2025
IT/OT Advisory
Brunei Shell Petroleum
10.2023 - Current
Certified Global Shell-Asset Management System (AMS) Management Of Change
06-2023
Certified Tropical BOSIET with CA-EBS
05-2023
Certified Global Shell-Asset Management System (AMS) Auditor
03-2023
Certified ITIL4 Foundation
03-2022
Certified GICSP (Global Industrial Cyber Security Professional) PAS03
07-2020
PCD IT Security Governance and Compliance
Brunei Shell Petroleum
06.2019 - 10.2023
Lead, PCD IT Security
Brunei Shell Petroleum
04.2016 - 06.2019
Senior System Engineer
Brunei Shell Petroleum
04.2009 - 04.2016
System Engineer
Brunei Shell Petroleum
03.2005 - 04.2009
Corporate External Affairs
Brunei Shell Petroleum
06.2002 - 03.2005
Engineer-Shell Global Infrastructure Desktop (GID)
Komputer WISMAN
01.2002 - 06.2002
HND (Higher National Diploma) - Computer Studies
Institute Technology Brunei
04.2001 -
A Level -
Maktab Duli Pengiran Muda Al-Muhtadee Billah
04.2001 -