Abdul Hakim Khan

• Partnered with senior leadership to define IT strategic roadmaps aligned with business objectives, regulatory mandates, and risk management principles, ensuring technology investments support compliance, data governance, and sustainable growth.
• Implemented KPI's and best practices for IT Support Team, Business solutions, IT governance, and risk and compliance practices. Ensured that any SLA breaches are investigated and corrective action is taken to improve service delivery
• Established proactive compliance monitoring mechanisms and governance dashboards, collaborating with Infrastructure, Cybersecurity,
Network, and Service Management teams to ensure adherence to internal policies, regulatory standards, and control frameworks.
• Directed the design, implementation, and continuous enhancement of enterprise IT governance frameworks, policies, and internal control
environments to ensure regulatory compliance, risk transparency, and operational resilience across the organization.
• Established and matured control frameworks spanning Access Governance, Change Enablement, Third-Party Risk Management, Patch &
Vulnerability Management, Backup & Recovery, and Information Security Operations, embedding standardized processes and accountability
across IT functions.
• Led enterprise-wide IT risk assessments and maintained a centralized risk register with structured mitigation tracking, executive reporting, and
alignment to enterprise risk appetite. Oversaw full IT audit lifecycle management, including audit planning, control validation, stakeholder
coordination, remediation governance, and sustainable closure of findings.
• Strengthened Business Continuity and Disaster Recovery governance by institutionalizing Business Impact Analysis (BIA), defining RTO/RPO
frameworks, overseeing DR testing exercises, and implementing resilience KPIs/KRIs to monitor service continuity and critical system
recoverability.

• Directed enterprise-wide IT Governance, Risk, and Compliance (GRC) programs across SAP and cloud environments, leading risk identification,
assessment, mitigation, and executive reporting in alignment with ISO 31000, COBIT, NIST, and enterprise risk management principles.
• Spearheaded the implementation and enhancement of IT governance frameworks, policies, standards, and internal controls aligned with ISO
27001, ISO 20000, ISO 31000, Qatar NIA, SOX, and COSO, ensuring regulatory compliance and strengthening control maturity across complete
IT landscapes.
• Designed, implemented, and managed the organizations Information Security Management System (ISMS), embedding structured IT risk
assessments, control testing, and continuous monitoring mechanisms to safeguard critical services and information systems.
• Led GRC transformation, digitalization, and automation initiatives to streamline compliance workflows, centralize risk registers, enhance audit
readiness, and improve governance visibility through KPI/KRI dashboards and executive reporting.
• Oversaw IT audit and compliance programs, coordinating internal and external audits (ITGC, Information Security, Network Security, and
Regulatory audits), ensuring effective evidence management, structured remediation planning, and sustainable closure of findings.
• Developed and enforced governance-aligned control objectives and baseline IT controls across SAP, cloud, and enterprise systems, ensuring
alignment with regulatory mandates and industry best practices.
• Established structured risk mitigation strategies and remediation frameworks, resulting in significant reduction of control deficiencies and
improved audit outcomes through proactive risk management and continuous control improvement.
• Provided strategic advisory support to senior leadership on regulatory exposure, compliance posture, and governance maturity, aligning IT
strategy with business objectives while strengthening operational resilience across diverse industry sectors.

• Lead enterprise-wide IT risk management programs across complex IT and SAP/cloud environments, leading structured risk identification,
impact and likelihood assessments, control design validation, and risk treatment strategies in alignment with ISO 31000, COBIT, NIST, and
Qatar NIA, ensuring risks remained within defined risk appetite.
• Designed an enterprise IT Governance Framework integrating ISO 27001, ISO 20000, COBIT, ISO 38500, and ITIL, establishing clear
governance structures, accountability models, standardized policies, and internal control mechanisms aligned with business strategy and
regulatory mandates.
• Led GRC transformation and digitalization initiatives, centralizing risk registers, automating compliance tracking, and implementing KPI
dashboards to enhance governance transparency, audit readiness, and executive-level decision support.
• Oversaw third-party and vendor risk governance programs, conducting structured due diligence and compliance assessments to ensure
suppliers met information security, regulatory, contractual, and data protection obligations (including PDPL and PCI-DSS), strengthening
enterprise resilience.
• Designed and implemented Risk & Control Matrices (RCMs) across SAP, SAP Cloud, and enterprise platforms, embedding IT General Controls
(ITGC), application controls, and security controls to ensure integrity, confidentiality, and availability of critical services and information
systems.
• Defined, implemented, and continuously monitored IT governance and compliance programs aligned with SOX, COSO, HIPAA, PCI-DSS, ISO
27001, NIA, ensuring sustainable regulatory adherence across complete IT environments.
• Coordinated with Internal Audit, External Audit, Risk Owners, and senior management to address control gaps, design remediation roadmaps,
embed policies and procedures into operational workflows, and significantly enhance compliance maturity and control effectiveness.

• Led comprehensive IT and cyber risk assessments across SAP and SAP Cloud platforms, driving structured risk identification, business and
technological impact analysis, mitigation strategy development, and implementation of governance-aligned IT controls, policies, and
procedures to proactively manage enterprise risk exposure.
• Designed and implemented SAP security governance frameworks aligned with ISO 27001, NIST 800-53, COBIT, and PCI-DSS, conducting in
depth information security risk assessments and strengthening baseline security controls to enhance overall security posture and regulatory
compliance.
• Implemented enterprise IT governance and control frameworks, defining control objectives and baseline IT controls aligned with ISO 27001,
ISO 31000, Qatar NIA, PDPL, PCI-DSS, and industry regulatory mandates (including SAMA), ensuring critical systems and information assets
remained compliant and resilient.
• Directed end-to-end IT audit coordination and remediation management, partnering with Internal and External Auditors, Risk Owners, and
Control Owners to address control gaps, implement corrective action plans, and embed sustainable compliance practices into operational
processes.
• Led GRC reporting and governance visibility initiatives by developing centralized executive dashboards and KPI/KRI reporting mechanisms,
providing senior management and the Head of Technology (GRC) with clear insights into risk exposure, control effectiveness, compliance
posture, and audit readiness.
• Supported GRC transformation and governance digitalization initiatives by standardizing risk registers, automating compliance tracking
workflows, and enhancing monitoring capabilities across SAP and enterprise IT environments.

• Led enterprise-wide GRC transformation and digitalization initiatives, implementing automated access governance and control monitoring
solutions to standardize user access reviews, role lifecycle management, emergency access governance, and segregation of duties (SoD)
oversight across critical IT platforms.
• Conducted organization-wide IT and information security risk assessments across business-critical applications and infrastructure, identifying
business and technology risks, developing risk mitigation strategies, and supporting structured audit remediation in alignment with ISO 27001,
ISO 31000, COBIT, NIST, and SOX requirements.
• Designed and implemented enterprise IT governance controls, including access governance, SoD management, and configuration baseline
controls, embedding risk-based control design and continuous monitoring to strengthen the overall control environment.
• Partnered with Internal Audit, External Audit, Risk Owners, and Control Owners to remediate control gaps, close audit findings, and
institutionalize IT policies, standards, and procedures, ensuring controls were embedded into day-to-day operational processes.
• Defined, implemented, and monitored key performance indicators (KPIs), key risk indicators (KRIs), and governance maturity metrics using
COBIT and CMMI maturity models, providing executive-level dashboards on compliance posture, control effectiveness, and audit readiness.
• Ensured alignment of enterprise IT processes and critical information systems with regulatory and compliance mandates including SOX, ISO
27001, NIST, PCI-DSS, and regional requirements, strengthening operational resilience and enterprise governance maturity.

• Led GRC transformation and digitalization initiatives focused on access governance, implementing automated access control solutions to
streamline user access reviews, role management, emergency access handling, and Segregation of Duties (SoD) analysis, improving process
efficiency and audit readiness.
• Conducted IT risk and vulnerability assessments across SAP ECC, BW, and HR systems, identifying business and technology risks, developing
mitigation strategies, and supporting end-to-end audit remediation activities in alignment with ISO 27001, ISO 31000, COBIT, and SOX.
• Designed and implemented SAP access controls, SoD controls, and system configuration controls, including creation of customized SoD rule
sets, remediation of conflicts, and ongoing monitoring of access-related risks to maintain compliance with regulatory standards.
• Coordinated with Internal and External Audit, Risk Owners, and Control Owners to resolve audit findings, embed IT controls, and operationalize
IT policies, procedures, and information security guidelines into day-to-day processes.
• Defined and monitored key metrics for SAP and critical financial systems using COBIT and CMMI maturity models, creating dashboards to track
IT governance effectiveness, control performance, and compliance trends for reporting to senior stakeholders.
• Ensured critical IT processes and systems were aligned with compliance mandates, including SOX, ISO 27001, NIST, and PCI-DSS, enhancing
operational resilience and strengthening the IT governance and control environment.

• Conducted IT control testing to evaluate the design and operating effectiveness of information security controls and IT General Controls (ITGC)
in alignment with ISAE 3402, identifying compliance gaps and recommending risk mitigation strategies. Executed IT audit engagements
including information security audits, ITGC audits, and vulnerability assessments.
• Performed vulnerability assessments and security reviews across SAP systems (ECC, S/4HANA, BW, HR) and enterprise IT systems, assessing
system and security configurations, transaction code access, user roles, and authorization structures to identify potential risks and gaps.
• Designed and implemented vulnerability assessment processes and tools to evaluate system configurations, user-role access, SoD rule
compliance, and Identity and Access Management (IAM) processes across SAP and Oracle environments, supporting proactive risk
management.
• Developed automated IT controls and vulnerability assessment tools to streamline testing of system configurations, security settings, user-role
access, and IAM processes, improving audit efficiency, compliance monitoring, and risk visibility.
• Analyzed SAP authorizations at user and role levels, redesigned authorization models, and remediated SoD conflicts, reducing segregation of
duties violations by 80% and maintaining updated SoD rulesets across all critical business processes.

• Designed and implemented SAP GRC access controls and compliant security authorization models, creating and maintaining SAP roles to
ensure authorized access while enforcing least privilege principles and appropriate segregation of duties.
• Delivered GRC automation initiatives, streamlining access governance through workflow-based controls for user management, role
management, emergency access, and Segregation of Duties (SoD) reviews, strengthening operational compliance and audit readiness.
• Analyzed SAP user and role authorizations, redesigned authorization models, remediated SoD conflicts, and mitigated SoD violations, reducing
segregation of duties issues by 70% and maintaining updated SoD rulesets across critical business processes.
• Conducted vulnerability assessments and system security reviews across SAP ERP applications (ECC, BW, HR), evaluating transaction code
access, user roles, system configurations, and security architectures to identify and remediate risks.