Information Security Auditor
Riyad Bank
Total years of experience :5 years, 7 Months
Information Security / Information Technology Auditor at the Internal Audit Division
Khalid’s responsibilities are:
• Be fully aware of the Bank’s Internal Audit’s Methodology and Audit Universe
•Part of several integrated audits toward some of the Bank's application reviews; by being involved at:
o Defining the engagement scope and participating at the audit opening
o Preparing the engagement program memorandum (EPM)
o Conducting the audit fieldwork by testing the auditable object controls and validates the
adequacy of the governance documentation
o Participating in the audit internal closing meeting which assesses the identified associated risks,
classifying reportable audit findings, work papers, and audit ratings
o Participating in the audit external closing meeting
o Follow-up and validate closure of reported audit findings with the auditee
• Conduct the NCA (National Cybersecurity Agency) regulatory controls’ assessment “ CSCC (Critical Systems Cybersecurity Controls)” thoroughly as an independent and objective party towards the Bank’s identified critical assets and their stakeholders; by identifying the governance documentation, identifying technology and business stakeholders, request evidences, generate assessment reports, and follow-up with the gaps and non-compliances
• Conduct the NCA regulatory controls’ assessment “ECC (Essential Cybersecurity Controls)” thoroughly as an independent and objective party; as per the above CSCC approach
• Part of SAMA (Saudi Arabian Monetary Agency) ITGF (Information Technology Governance Framework) assessment
Worked as organizational compliance expert.
Khalid’s responsibilities are:
• Continues compliance assessments towards official government regulatory agencies and directives that includes consistent follow-ups with stakeholders, policy makers, and organizational operators and practitioners
• Semi-annual compliance inspections and reporting
• Quarterly systems’ users access review
• Annual systems roles and privileges reviews
• Part of all SailPoint project milestones
• Conduct RBAC & SOD exercise on several systems.
• Part of NCGR’s one-of-kind National UGRP system (Unified Government Resources Payroll) which is meant to serve the government sector in Saudi Arabia.
• Continues organizational policies implementation compliance reviews
• Organizational policies feedback review with policy makers
• Examine internal IT controls, evaluate the design and operational effectiveness, determine exposure to risk, and develop remediation strategies
• Handling organizational complaints, disputes and grievances
• focal point of communication with official regulatory agencies
• Build up a cyber threat intelligence function
Cyber Threat Intelligence (CTI) analyst and consultant internally for SITE and externally for its clients as a subscription based business model. Khalid’s responsibilities at SITE were:
• Hunting feasible cyber threats to the Saudi threat landscape and immediately provide actionable intelligence, analysis, and professional assessments and reports
• Intel Collection (Internal - Commercial - OSINT - Surface-web - Deep Web - Counter Intel - Dark web)
• Advanced Persistent Threat groups profiling & Malware Analysis & Enriching SITE’s CTI platform (TIP)
• Part of building-up the CTI service catalogue model and subscription based business model initiativeCyber Threat Intelligence (CTI) analyst and consultant internally for SITE and externally for its clients as a subscription based business model. Khalid’s responsibilities at SITE were: • Hunting feasible cyber threats to the Saudi threat landscape and immediately provide actionable intelligence, analysis, and professional assessments and reports • Intel Collection (Internal - Commercial - OSINT - Surface-web - Deep Web - Counter Intel - Dark web) • Advanced Persistent Threat groups profiling & Malware Analysis & Enriching SITE’s CTI platform (TIP) • Part of building-up the CTI service catalogue model and subscription based business model initiative
Skills: Quality Assurance · Quality Management · Quality Control · Threat Analysis · Threat Assessment · Threat Modeling · Incident Response · Incident Handling · Computer Forensics · Consulting · Report Writing · Malware Analysis · Cyber Threat Intelligence (CTI) · Cybersecurity
Khalid and his colleagues published a conference paper named "Improving IoT Security Using Blockchain" in the 10th IEEE-GCC Conference and Exhibition at Kuwait. The conference theme was "Powering the 4th Industrial Revolution" and we published it under the track of "Smart City Technologies". https://ieeexplore.ieee.org/document/9087619
In addition, Khalid and his colleagues participated in Dell EMC Graduation Project Fair among Africa and middle-east and Turkey, and the project fell short of the highest top 10 out of 329 projects.
Fulltime program was provided by the Saudi Information Technology Company and hosted at Prince Sultan University.
This program aims to provide professional courses in softskills and the cybersecurity field as well.
Fulltime Cooperative Assignment at Bahri Co. in the IT Infrastructure Department focused on NOC and SOC.
Worked on a graduation project on my undergraduate studies. This project involves improving IoT Security using Ethereum Blockchain and developing a Smart-Contract for “Access Controlled Blockchain”. We published the paper in the 10th IEEE Conference and Exhibition on April 2019. The paper entitled "Improving IoT Security Using Blockchain". The conference theme was "Powering the 4th Industrial Revolution", and we published it under the track of "Smart City Technologies" discussing cybersecurity and IoT.
A pre-university English proficiency program consists of advanced English skills in communication and reading.