Manager
Managing Core GRC
Total years of experience :12 years, 2 Months
activities based on ISMS, NCA and SAMA Framework.
* Assessment review for Implemented security controls, risk assessment framework, and program that align to
regulatory requirements, ensuring documented and sustainable compliance according framework
* Evaluates risks and develops security standards, procedures, and controls to manage risks. Improves security
positioning through process improvement, policy and continues evolution of capabilities.
* Review Implements processes, such as GRC (governance, risk and compliance), to automate and continuously
monitor information security controls, exceptions, risks, testing. Develops reporting metrics, dashboards, and
evidence artifacts
* Defines and documents business process responsibilities and ownership of the controls in GRC tool. Schedules
regular assessments and testing of effectiveness and efficiency of controls and creates GRC reports.
* Updates security controls and provides support to all stakeholders on security controls covering internal
assessments, regulations, protecting
* Lead the organization-wide information security compliance program, ensuring IT activities, processes, and
procedures meet defined requirements, policies and regulations.
* Ability to understanding of all security and privacy standards, regulations, and laws of ( ISO27001/NCA-
ECC/SAMA/CIS/)
* Assessment Review of Information Security Policies and process quarterly.
* Architecture Review of Network Security Design Quarterly as per NCA Standards
* Information Security Governance review as per NCA and SAMA standards
* Assessment Review and update Information Security Policies on regular intervals.
* Managing ISMS review and work as internal auditor
* Managing Maturity Levels for Compliance to meet regulatory standards of organizational Structure.
* Managing NCA-ECC ISMS NCA, CIS, and 270001, Controls, policies and Procedures, Manuals, SOPs, Guidelines,
SLAs.
Manage training and development of cyber security program
* Provide Developing an Integrated Security Training, Awareness,
* Perform Awareness Training Content and Security Awareness Program
* Reviewed firewall, switch, router, workstation, and server configurations to ensure compliance with security
policies and IT standards
* Recent experience performing vulnerability scans, log analysis, security monitoring with Tenable (e.g., Nessus,
Security Center) or other industry solutions
* Participated in full lifecycle and implementation of GRC framework, ISO27001:2013 framework
* Managing core GRC activities such as ISMS review and compliance check related to ISO 27001
* Conducting Security reviews, risk assessments & IT Internal audits across different departments
* Managing CIS Standards and OS Secure builds
* Review Information Security Policies Quarterly with Vendors as internal auditor
* Architecture Review of Network Security Design Quarterly
Lead in the development/adoption and enforcement of Information Security policies.
* Managing core GRC activities such as ISMS/CIS/PCI-DSS review and compliance check.
* Conducting Security reviews, risk assessments & IT Internal audits across different departments
* Managing CIS Standards and OS Secure builds
* Review Information Security Policies and Devices configuration review Quarterly
* Architecture Review of Network Security Design Quarterly
* Preparing the status report of BCP / DR execution and representing report to management with recommendation.
* Compliance check of organization’s ISMS
* Hands-on experience in End-Point Protection Suites, DLP, Patch Management.
* Assessment of Secure builds for End-users usually developed/customized/hardened in-house.
-Atheeb GO Telecom by SNS Group Riyadh, Saudi Arabia.
* Lead in the development/adoption and enforcement of Information Security policies.
* Participated in full lifecycle and implementation of GRC framework, ISO27001:2013 framework and ISO27002
code of practice.
* Managing core GRC activities such as ISMS review and compliance check related to ISO 27001
* Managing ISMS review from initial risk assessment, policy development & implementation, operation and
maintenance of the (ISMS).
* BCP / DR planning and drills of organization.
* Preparing the status report of BCP / DR execution and representing report to management with recommendation.
Responsible for vulnerability Assessment testing for internal Network and Application, Access Rules Implement.
* Conduct security risk assessments to identify major risks, suggest mitigation controls and maintain risk registers for
tracking risk maps and focus areas for Information security projects/initiatives.
* Provide Developing an Integrated Security Training, Awareness,
* Perform Awareness Training Content and Security Awareness Program
* Reviewed firewall, switch, router, workstation, and server configurations to ensure compliance with security
policies and IT standards
courses: CISSP & ITIL (Complete Training) * ISMS 27000 L1