Senior Consultant
EY - Qatar
مجموع سنوات الخبرة :5 years, 11 أشهر
• Overseeing end-to-end cybersecurity projects, including initial due diligence, evaluating existing setups, conducting technical product assessments, creating architectural designs and project plans, leading implementation efforts, and securing project signoff.
• Lead implementation of Governance Risk and Compliance (GRC) and GRC operations of a prominent service provider. Responsibilities encompassed ensuring compliance and conducting regular governance assessments for original equipment manufacturers (OEMs), service providers, business lines, and security groups.
• Played a key role in formulating and executing cybersecurity strategies aligned with organizational goals.
• Developed policies and procedure for critical clients.
• Designed cybersecurity measures for OT environments.
• Managing diverse external audits, such as BSI audits for ISO 27001 certifications, PCI DSS audits, NIST, Qatar 2022 cybersecurity framework evaluations, as well as internal audits and assessments, including risk evaluations and business process maturity assessments.
• Offering cybersecurity advisory services to government authorities.
• Collaborating with clients to enhance their business process capabilities and maturity levels by identifying suitable technologies, policies, organizational structures, and third-party relationships.
• Executing numerous information security and business continuity assessments and implementation projects in accordance with ISO 27001, ISO 22301, and enterprise resilience frameworks.
• Performed enterprise risk evaluation and assessed third-party information security risks using IT General Controls (ITGC), ISO 27001:2013, and the corporate framework.
• Contributed to various client projects involving Information Security, operational risk management, and Third-Party/Vendor Risk Management.
• Collaborated with engagement team stakeholders to strategize and create pertinent work documents/deliverables for vendor information security assessments, formulated vendor assessment strategies, and established a vendor evaluation framework.
• Managed essential phases of the assessment/audit lifecycle: planning, execution, reporting, quality assurance, and monitoring.
• Guided clients in enhancing the effectiveness and maturity of their business processes by recommending suitable technologies, policies, organizational structures, and third-party relationships.
• Utilized a range of tools such as Alteryx, RAWS, KY3P, etc., for tasks such as Audit, Due Diligence Questionnaire (DDQ) review, and generating reports.
• Effectively coordinated with the Engagement Manager and client leadership, ensuring consistent updates on project advancement.
• Conducted numerous awareness training sessions for middle and senior management.
• Conducted risk assessments utilizing IT General controls (ITGC), ISO 27001:2013, and an enterprise risk assessment framework.
• Managed multiple simultaneous processes and ensured exceptional service by promptly addressing the needs of internal and external stakeholders.
• Produced and presented risk governance dashboards to senior management.
• Assisted in formulating and delivering recommendations for addressing identified audit and assessment findings.
• Collaborated with development teams and external vendors to fortify overall product security.
• Coordinated with teams to oversee fraud and risk-related incidents.
• Analysed market trends and devised new systems to proactively prevent fraud by mitigating risks.