Abdullah Albaqami

Develop and implement cybersecurity governance frameworks aligned with NIST, ISO 27001,
and NCA.
• Ensure policies and procedures support business objectives and regulatory requirements.
• Identify, assess, and mitigate cyber risks across the organization, including emerging threats and
vulnerabilities.
• Develop the vendor risk management framework to assess third-party cybersecurity risks and
ensure alignment with organizational security policies.
• Ensure adherence to regulatory frameworks (e.g., ISO, NCA) and lead cybersecurity audits.
• Oversee employee training programs, including phishing simulations.

Conducted comprehensive cybersecurity risk assessments and provided recommendations for
mitigation strategies.
• Developed and implemented security awareness training programs for employees and
stakeholders.
• Assisted in the development and implementation of cybersecurity policies and procedures.
• Guided compliance activity with relevant cybersecurity regulations and standards.
• Conducted security audits and penetration testing to identify vulnerabilities and weaknesses in
systems and applications.
• Collaborated with IT teams to implement security solutions and improve overall security posture.
• Stayed abreast of emerging cybersecurity threats and vulnerabilities and provided timely updates
and recommendations to clients.
• Assisted in incident response and recovery efforts in the event of a cybersecurity incident.

Conducted comprehensive cybersecurity risk assessments and provided recommendations for
mitigation strategies.
• Developed and implemented security awareness training programs for employees and
stakeholders.
• Assisted in the development and implementation of cybersecurity policies and procedures.
• Guided compliance activity with relevant cybersecurity regulations and standards.
• Conducted security audits and penetration testing to identify vulnerabilities and weaknesses in
systems and applications.
• Collaborated with IT teams to implement security solutions and improve overall security posture.
• Stayed abreast of emerging cybersecurity threats and vulnerabilities and provided timely updates
and recommendations to clients.
• Assisted in incident response and recovery efforts in the event of a cybersecurity incident.

- Led number of a security projects.
- Supervise Penetration Testing projects for IT Systems.
- Design, implementation, operation and maintenance of the Information Security Management system (ISMS) ISO 27001:2013.
- supervise and implement national cyber security center (NCSC) cybersecurity framework.
- Perform risk assessments to ensure cyber-risks are well identified and mitigated based on risk mitigation strategies.
- Supervise and implement Periodic compliance reviews against regulatory Information Security requirements and internal Policies, procedures and standards.
- Develop and implement user-training and security awareness programs.
- Supervise security patches process.

- Supervise AEC Penetration Testing projects for IT Systems.
- Manage AEC’s ISO 27001:2013 Information Security Management System and ensuring continual compliance and ongoing eligibility for annual re-certification.
- Supervise and implement NIST cybersecurity framework.
- supervise and implement national cyber security center (NCSC) cybersecurity framework.
- Review System Security Plan (SSP) to verify that NIST 800-171 requirements map to the corresponding NIST 800-53 controls.
- Perform risk assessments to ensure cyber-risks are well identified and mitigated based on risk mitigation strategies.
- Supervise and implement Periodic compliance reviews against regulatory Information Security requirements and internal Policies, procedures and standards.
- Develop and implement user-training and security awareness programs.
- Supervise security patches process.
- Scan AEC environment for vulnerabilities and report findings to AEC system owners to mitigate security findings.

- Implemented Qualys private cloud platform as the first security scan environment in Saudi Arabia.
- Responsible for the execution of Detailed Risk Assessment for IT Systems.
- Responsible for maintaining PCI DSS compliance for Saudi Telecom ePayment channel.
- Responsible for approval of insecure ports through firewalls.
- Perform ad-hoc risk assessment for newly go live projects and for major enhancements in the existing systems.
- Participate in the software security patches process for known STC software.
- Participate in maintaining ISO 27001 certificate for STC.
- Participate in implementing GRC Archer for IT Systems.