Mansoor Siddiqui

Senior Manager Corporate Applications GRC·NEOM

Saudi Arabia

Master's degree, Computer Science

Work experience

Total years of experience: 20 years, 8 months

Senior Manager Corporate Applications GRC

September 2023 - Present

NEOM

Neom, Saudi Arabia

September 2023 - Present

• Led enterprise-wide GRC frameworks for corporate and SAP applications, aligned with SOX, ISO
27001, NIST, and NCA ECC (Saudi Arabia) standards.
• Established centralized governance using RBAC, ABAC, and PAM across S/4HANA, Ariba,
SuccessFactors, Fiori, and third-party systems.
• Integrated GRC controls into the application lifecycle in partnership with IT, legal, compliance, and
business owners.
• Maintained centralized risk registers with real-time KRI monitoring and executive reporting.
• Introduced AI/ML for continuous risk assessment, predictive analytics, and SoD rule mining in SAP
GRC/IAG.
• Led audits, vendor compliance reviews, and engineered automated workflows with real-time
dashboards to accelerate audit closure.
• Directed SAP role redesigns to enforce least privilege and mitigate SoD conflicts.
• Implemented IAM (Azure AD, Okta) with SSO and zero-trust architecture, enhancing identity
governance.
• Integrated SAP GRC and IAG with SOC workflows for real-time compliance tracking.
• Reduced security incident response time by 20% through streamlined processes.
• Deployed predictive behavior analytics to strengthen SOC response.
• Developed GRC risk scoring tools, automated governance pipelines, and monitoring dashboards for
continuous compliance.

Company industry:: Construction & Building

IT Risk & Controls Manager

June 2022 - September 2023

NEOM

Neom, Saudi Arabia

June 2022 - September 2023

• Led design and execution of SOX/ICOFR control frameworks for SAP, Azure, and multi-cloud
platforms, ensuring alignment with global standards (SOX, SOC 2, ICoFR, ISO 27001, NCA ECC).
• Built and deployed AI/ML-driven control monitoring for early detection of deviations, SoD violations,
and UAR review triggers, automating remediation workflows.
• Designed scalable IT control frameworks, standardized testing scripts, robotic testing utilities, and
centralized repositories to maintain full audit traceability.
• Directed IT, financial, and security audits, developing automated workflows for control evidence
collection, remediation tracking, and reporting.
• Spearheaded SOC 2 readiness and cybersecurity risk assessments, closing compliance gaps in
partnership with IT, Security Operations, and business process owners.
• Integrated dynamic dashboards (Power BI, SAP IAG) for real-time visibility into financial,
operational, and security governance metrics.
• Collaborated with Enterprise Risk Management to develop ERM frameworks, risk scoring tools, and
decision-support mechanisms for transactions, investments, and joint ventures.
• Provided expert guidance on IT governance, risk management, and compliance, driving alignment
with regulatory mandates and strengthening organizational risk posture.

Company industry:: Construction & Building

IT Risk & Security Manager

February 2021 - June 2022

Accenture - United States

Texas, United States

February 2021 - June 2022

• Directed global network and endpoint security threat management strategy, integrating AI/ML
driven identity governance, continuous controls monitoring, and vulnerability management.
• Led development of security frameworks, policies, standards, and guidelines, ensuring compliance
with ITGC, SoD principles, and regulatory mandates.
• Implemented SAP GRC & IAG automation for provisioning, SoD remediation, access risk analytics,
and emergency access governance.
• Delivered deep-dive risk assessments for critical business initiatives, identifying technical,
architectural, and operational risks with actionable remediation strategies.
• Advanced PAM integrations and privileged access controls across SAP, cloud, and hybrid
environments, reducing high-risk exposure.
• Developed and maintained security metrics programs to inform leadership decisions, mitigate
vulnerabilities, and track compliance posture.
• Consulted on GRC, IDM, SAP HANA, cloud architecture, authentication, integration technologies,
and SAP security best practices.
• Educated developers on secure SDLC practices and embedded security in product lifecycles.
• Designed, evaluated, and optimized SAP access control protocols, including role design,
provisioning, SoD management, and user access reviews.
• Managed security tool development, vulnerability testing, penetration assessments, and
architecture documentation.
• Collaborated with global compliance teams and auditors to resolve regulatory gaps and strengthen
alignment with corporate security and ITGC requirements.

Company industry:: IT Services

IT Risk & Security Manager

January 2021 - January 2022

Accenture,

Texas, United States

January 2021 - January 2022

Company industry:: IT Services

Security Consultant

July 2019 - February 2021

Accenture - United States

Texas, United States

July 2019 - February 2021

• Led network-based penetration testing and vulnerability assessments using RFS methodologies,
delivering actionable remediation guidance to project leads and clients.
• Provided cybersecurity advisory services covering breach prevention, technical risk assessments,
and ITGC/SOX compliance alignment.
• Designed and implemented security frameworks for SAP S/4HANA, Ariba, and multi-module
landscapes (HR, MM, SRM, BI/BW, APO, GTS, Solman), integrating ABAP, Java, and HANA security
controls.
• Directed GRC advisory programs for Fortune 500 clients, including SoD rule reengineering, role
cleanup, risk mitigation, and access control optimization.
• Built custom risk scoring dashboards integrating SAP, Azure, and IAG datasets, enabling predictive
conflict detection through ML-enhanced simulations.
• Managed structural authorizations and advanced role provisioning via PFCG, BI Analysis
Authorizations, and SAP GRC 10.1 upgrades/migrations.
• Produced monthly audit reports on privileged access, invalid logons, and unauthorized
table/program access; implemented controls to restrict sensitive HR data visibility.
• Configured and tested security for end-user, interface, and background job processes, ensuring
application integrity and availability in multi-data center environments.
• Coordinated technical integration across infrastructure support areas, aligning technology
strategies with business goals and regulatory requirements.
• Developed training materials and delivered security/SAP GRC training to end users, managers, role
owners, and SoD administrators.
• Established centralized GRC governance for risk ownership, control testing, and compliance
tracking, standardizing processes across global implementations.

Company industry:: IT Services

Security Consultant

January 2019 - January 2021

Accenture, NA

Texas, United States

January 2019 - January 2021

Company industry:: IT Services

Security & Compliance Lead

June 2019 - July 2019

LSI Consulting (Penn State University)

Pennsylvania, United States

June 2019 - July 2019

• Led SAP security redesign for the PSU SIMBA project, implementing a GRC-first framework to
streamline access governance across FI/CO, HCM, BW HANA, SRM, and Portal modules.
• Established policy-aligned role governance models for Central User Administration (CUA) and
Solution Manager environments.
• Implemented compliance controls for identity lifecycle management, transaction authorization
workflows, and cross-module security models.
• Directed security team initiatives to standardize and strengthen SAP access controls across
finance, HR, analytics, and procurement systems.

Company industry:: IT Services

SAP Security Lead

April 2019 - May 2019

Mindset Consulting (The Tile Group)

Michigan, United States

April 2019 - May 2019

• Redesigned SAP Fiori and Gateway access architecture to ensure SoD compliance, audit readiness,
and full access traceability.
• Developed security and control matrices to support ITGC requirements and risk-based access
reviews.
• Standardized roles for developers and IT functional teams, improving access governance and
operational efficiency.
• Produced security protocol documentation to formalize and sustain governance practices.

Company industry:: IT Services

SAP Risk & Access Governance Consultant

February 2019 - April 2019

Xoriant Inc. (Under Armour)

California, United States

February 2019 - April 2019

• Led GRC implementation for S/4HANA global rollout, embedding SoD controls, conflict remediation,
and SOX-aligned security standards.
• Oversaw audit gap remediation, defect resolution, and quality control cycles, managing offshore
teams for efficient execution.
• Contributed to UAs 20/Twenty project, supporting global testing across AP, PTP, MM, OTC, and
other modules, and driving security redesign mapping efforts.
• Identified and remediated critical vulnerabilities in UA processes and SOX controls, improving
compliance and risk posture.
• Provided cross-platform security support for SOLMAN, Fiori, BOBJ, and S/4HANA, enhancing
integration and operational efficiency.

Company industry:: IT Services

SAP Governance Project Lead

March 2017 - January 2019

Xoriant Inc. (The Hershey Company)

California, United States

March 2017 - January 2019

• Led SAP security governance for enterprise transformation programs (CFIN, EHS, CRM, PLM),
implementing CHaRM processes and Fiori access controls for a secure development lifecycle.
• Directed GRC policy updates and SAP Access Control workflow customizations, ensuring robust
compliance and risk coverage.
• Coordinated identity integrations via CUA, conducted risk-based reviews, and advised on control
design and authorization mapping.
• Managed security role design workshops with stakeholders, aligning organizational levels, field
specifications, and localization requirements to best practices.
• Oversaw onshore/offshore security build efforts, ensuring timely delivery and comprehensive
testing of security authorizations.
• Redesigned Firefighter and IS Support strategy, optimizing privileged access governance and
operational responsibilities.
• Developed Fiori catalogs/groups and security measures aligned with business workflows across S/4
and SuccessFactors.
• Delivered security documentation, audit mechanisms, and knowledge-sharing sessions,
standardizing governance across ERP transformation initiatives.

Company industry:: IT Services

Senior Applications GRC Developer

March 2016 - March 2017

Houston ISD

Texas, United States

March 2016 - March 2017

• Implemented and configured SAP GRC 10.1 (Access Control), establishing approval workflows for
provisioning, Firefighter usage, HR triggers, and compliance processes.
• Designed custom SoD rulesets (HISD and global aligned) with tailored Risk IDs and functions to
meet audit and regulatory requirements.
• Developed risk mitigation workflows, compliance documentation, and standardized role design
processes across ECC, BW, HR, SRM, and finance-related modules.
• Provided end-to-end security support for production and non-production ECC, SRM, BI/BW, GRC,
and EP environments.
• Collaborated with Controllers and compliance teams to identify high-priority risks and implement
mitigation strategies.
• Designed and maintained SAP security roles across MM/INV/WM, SRM, BI/BW, HR, PM, PS, VM, and
Finance modules.
• Delivered training sessions for business managers and key stakeholders, enhancing security
awareness and operational execution.
• Supported system enhancements, UAT cycles, and troubleshooting for security and compliance
related issues.

Company industry:: Primary, Prep, & Secondary School

GRC Analyst

June 2015 - March 2016

Insight Global (3M)

Minnesota, United States

June 2015 - March 2016

• Led SoD testing, WRICEF risk assessments, and GRC remediation initiatives during SAP global
rollout, aligning with SOX and regulatory requirements.
• Mapped compliance controls and documentation in collaboration with audit and regulatory teams,
ensuring process and control alignment.
• Reviewed functional/technical specifications and WRICEF integration points to ensure compliance
with 3Ms business processes and development standards.
• Provided Go-Live SoD support, implementing mitigation controls for users and roles, and resolving
GRC SoD issues in partnership with audit teams.
• Developed and maintained SOPs for IDM user requests, ensuring SoD clearance and process
standardization.
• Conducted risk analyses at user/role levels, recommending adjustments to GRC rulesets and
executing SOX/IT control testing.
• Created and executed test scripts in HP ALM Quality Center to validate transactional and reporting
controls.
• Produced job aids, advisory recommendations, and best practice guidance for SAP controls,
particularly in finance-related processes.

Company industry:: IT Services

Senior SAP Security & GRC Specialist

July 2014 - May 2015

Hallmark Cards

Missouri, United States

July 2014 - May 2015

• Directed global SAP Security and GRC rollout, integrating LDAP and SSO with Firefighter logging
and aligning with internal audit and regulatory requirements.
• Established global compliance frameworks for CRM, OMNI, and audit processes, supporting multi
region deployments (Europe, China, Mexico, Brazil, US).
• Designed and implemented global/local role structures based on job responsibilities, mitigating
risks and preventing financial exposure through targeted controls.
• Developed SOPs for user access, role, and transport management; configured Access Enforcer
workflows, custom attributes, and Firefighter module settings for hourly monitoring and automated
reporting.
• Managed go-live activities including integrations, upgrades, ECATT-based mass user provisioning,
and Analysis Authorization implementation.
• Led risk assessments and SoD conflict remediation, applying restrictions on sensitive transactions
(e.g., PA20) and segregating payroll/time entry functions.
• Coordinated with audit teams to identify risks, establish mitigation controls, and standardize
approval workflows.
• Delivered training and documentation for audit teams, offshore security teams, and stakeholders
to ensure GRC process adoption and continuity.
• Mentored team members, fostering security governance knowledge across the organization.

Company industry:: Industrial Production

Senior Systems Auditor

February 2014 - July 2014

Ingredion Inc.

Westchester, United States

February 2014 - July 2014

• Led SAP security risk assessments and ITGC/SOX audits across multi-system ERP landscapes,
strengthening internal controls and compliance posture.
• Performed role testing, conflict identification, and transactional data analysis to detect and
remediate SoD violations.
• Advised on SAP Security standards and GRC requirements, guiding upgrades, implementations,
and access governance strategies.
• Coordinated SOX IT testing with business units, IT, and external auditors, managing audit progress,
addressing findings, and validating remediation.
• Conducted continuous audits to assess control effectiveness, reduce operational risks, and
improve compliance confidence.
• Developed audit scopes, reports, and presentations, delivering actionable recommendations and
risk-based remediation plans to senior leadership.
• Reviewed SDLC processes to identify risks in design, testing, and QA phases of ERP
implementations and upgrades.
• Provided ERP advisory services covering risk management, SoD controls, change control, and
business impact analysis.
• Supported process documentation and control design with business process owners for both new
and existing workflows.

Company industry:: Industrial Production

Associate IT Auditor

January 2013 - February 2014

King Abdullah University of Science & Technology (KAUST)

Thuwal, Saudi Arabia

January 2013 - February 2014

• Led ITGC and SAP security control testing across Basis, FI/CO, HCM, and MM/SD modules,
enhancing audit frameworks, SoD compliance, and user access governance.
• Supported SAP GRC 10.0 implementation, including risk analysis, mitigation setup, control
monitoring, and access management alignment.
• Managed external and internal IT audits (SOX, ISO, COBIT) across UNIX, SAP, Oracle, Microsoft, and
Windows platforms, identifying control gaps and driving remediation.
• Conducted SAP transaction code testing for SoD security assessments, improving authentication,
authorization, and provisioning controls.
• Designed audit scopes, programs, and procedures, conducting walkthroughs with process owners,
vendors, and consultants to evaluate control design and operational effectiveness.
• Employed CAATs to analyze SAP and non-SAP datasets, validating compliance with internal policies
and regulatory standards.
• Audited IT infrastructure and applications, including Windows OS, Exchange, virtual servers, UNIX,
SAP ABAP, IDM, and GRC.
• Provided compliance advisory and strategic guidance on IT security frameworks, risk management,
and industry best practices for control design and monitoring.

Company industry:: Primary, Prep, & Secondary School

SAP Technical Specialist

August 2011 - December 2012

King Abdullah University of Science & Technology (KAUST)

Thuwal, Saudi Arabia

August 2011 - December 2012

• Implemented enterprise-wide SAP GRC 10.0 with IDM and SSO integrations, unifying access
provisioning processes across SAP modules, Active Directory, and enterprise portals.
• Designed control architecture for identity governance, SoD rule frameworks, and security matrices
to support audit readiness and compliance.
• Coordinated SAP audits and compliance validation for access policies, SoD risks, and license
administration.
• Managed authorizations helpdesk, escalations, and security incident response, ensuring swift
resolution and operational continuity.
• Directed offshore/onshore SAP security teams, overseeing role/authorization design, policy
reviews, and change control processes.
• Integrated security requirements into the SAP system development lifecycle, aligning with
information security protocols and long-term strategic objectives.
• Established SAP Audit Information Systems (AIS) for internal auditors, enhancing audit capabilities
and data access.
• Advised SAP projects on security, role governance, and best practices, ensuring long-term stability
and scalability of SAP security solutions.

Company industry:: Primary, Prep, & Secondary School

SAP Technical Analyst

March 2009 - July 2011

King Abdullah University of Science & Technology (KAUST)

Thuwal, Saudi Arabia

March 2009 - July 2011

• Designed secure role models across SAP modules, enforcing SoD policies, audit tracking, and
internal control compliance.
• Implemented IDM-to-SAP EP integration with AD synchronization and SSO, automating user
lifecycle processes and improving provisioning efficiency.
• Developed security matrices governing production user requests and access control standards
across MM, SCM, SRM, PM, PS, RE, IDM, BI, SLCM, SEM, FI, CO, Treasury, AIS, and PI.
• Led conflict resolution and role remediation workflows in alignment with internal audit and
quarterly assessment requirements, reducing redundancy and cost.
• Configured SAP GRC Access Control policies in collaboration with business process owners,
covering audit, infrastructure, and HR-related security requirements.
• Administered project team access across environments, ensuring compliance with IT security
standards and control criteria.
• Delivered training and guidance for ITGC documentation reviews, risk assessments, and
infrastructure control processes.
• Managed IDM application implementation with self-service features, account management, SSO,
and automated provisioning workflows with approval governance.

Company industry:: Primary, Prep, & Secondary School

Applications Security Analyst

October 2005 - March 2009

CommScope (Former Andrew Corp.)

Westchester, United States

October 2005 - March 2009

• Managed global SAP security and SoD remediation using APPROVA, ACEVA, and in-house tools,
analyzing conflicts, T-code assignments, and user-role mappings.
• Led SAP GRC 5.x implementation (Access Enforcer/CUP, Firefighter/SPM, Compliance
Calibrator/RAR, Role Expert/ERM) to meet SOX and ITGC compliance requirements.
• Collaborated with audit teams to resolve user-role conflicts in FI/CO and MM Purchasing, and
supported internal/external audits, PCI/SOX reviews, and quarterly IT access audits.
• Established and maintained SOPs, policies, and user request processes, ensuring compliance with
legal, regulatory, and security best practices.
• Directed SAP security projects covering governance, risk, and compliance enhancements;
contributed to the SAP GRC Advisory Council to shape future platform improvements.
• Implemented access governance practices and optimized access control program management in
line with industry security standards.

Company industry:: Telecommunications

Education

University of Karachi

January 2003

Master's degree, Computer Science

Pakistan

Sir Syed University of Engineering & Technology

January 2000

Bachelor's degree, Computer Technology

Pakistan

Bayt.com tests

ERP Test

Business and Management

Skills

SAP

Expert

SAP

Expert

Security

Expert

Security

Expert

ERP

Expert

ERP

Expert

GRC

Expert

GRC

Expert

IDM

Expert

IDM

Expert

INFORMATION TECHNOLOGY AUDITS

Expert

INFORMATION TECHNOLOGY AUDITS

Expert

INFORMATION SECURITY MANAGEMENT

Expert

INFORMATION SECURITY MANAGEMENT

Expert

LEADERSHIP

Expert

LEADERSHIP

Expert

GOVERNANCE

Expert

GOVERNANCE

Expert

IDENTITY AND ACCESS MANAGEMENT

Intermediate

IDENTITY AND ACCESS MANAGEMENT

Intermediate

CLOUD SECURITY

Intermediate

CLOUD SECURITY

Intermediate

ENTERPRISE RISK MANAGEMENT ERM

Intermediate

ENTERPRISE RISK MANAGEMENT ERM

Intermediate

Project Management

Expert

Project Management

Expert

IT Auditing

Expert

IT Auditing

Expert

Risk Analysis

Expert

Risk Analysis

Expert

ARTIFICIAL INTELLIGENCE

Intermediate

ARTIFICIAL INTELLIGENCE

Intermediate

CYBER SECURITY

Intermediate

CYBER SECURITY

Intermediate

CYBERSECURITY COMPLIANCE

Intermediate

CYBERSECURITY COMPLIANCE

Intermediate

GOOD GOVERNANCE

Intermediate

GOOD GOVERNANCE

Intermediate

GOVERNANCE RISK MANAGEMENT AND COMPLIANCE

Intermediate

GOVERNANCE RISK MANAGEMENT AND COMPLIANCE

Intermediate

MACHINE LEARNING

Intermediate

MACHINE LEARNING

Intermediate

PROJECT RISK MANAGEMENT

Intermediate

PROJECT RISK MANAGEMENT

Intermediate

RISK ANALYTICS

Intermediate

RISK ANALYTICS

Intermediate

SAP SECURITY

Intermediate

SAP SECURITY

Intermediate

WORKFLOW MANAGEMENT

Intermediate

WORKFLOW MANAGEMENT

Intermediate

GOVERNANCE RISK MANAGEMENT AND COMPLIANCE

Intermediate

GOVERNANCE RISK MANAGEMENT AND COMPLIANCE

Intermediate

ARTIFICIAL INTELLIGENCE

Intermediate

ARTIFICIAL INTELLIGENCE

Intermediate

MACHINE LEARNING

Intermediate

MACHINE LEARNING

Intermediate

RISK ANALYTICS

Intermediate

RISK ANALYTICS

Intermediate

WORKFLOW MANAGEMENT

Intermediate

WORKFLOW MANAGEMENT

Intermediate

GOOD GOVERNANCE

Intermediate

GOOD GOVERNANCE

Intermediate

CYBERSECURITY COMPLIANCE

Intermediate

CYBERSECURITY COMPLIANCE

Intermediate

SAP

Expert

SAP

Expert

Security

Expert

Security

Expert

ERP

Expert

ERP

Expert

GRC

Expert

GRC

Expert

IDM

Expert

IDM

Expert

Languages

Arabic

Beginner

English

Expert

Urdu

Expert

Training and Certifications

Certifications

Intermediate IT Audit School

Identity Management 7.1 - TZNWIM™

IT Project Management Essentials

GRC Access Control 10.0 (GRC300™

Certified Risk Analyst (CRA)

SAP Certified Security and Audit Associate

Certified Information Systems Auditor (CISA)

Certified Information Systems Security Professional (CISSP)

Intermediate IT

Identity Management 7.1 - TZNWIM™

IT Project Management Essentials

GRC Access Control 10.0 (GRC300™)

Certified Risk Analyst (CRA)

SAP Certified Security and Audit Associate

Certified Information Systems Auditor (CISA)

Certified Information Systems Security Professional (CISSP)

CISSP

May 2021

Mansoor Siddiqui

Share My Profile

Work experience

Senior Manager Corporate Applications GRC

IT Risk & Controls Manager

IT Risk & Security Manager

IT Risk & Security Manager

Security Consultant

Security Consultant

Security & Compliance Lead

SAP Security Lead

SAP Risk & Access Governance Consultant

SAP Governance Project Lead

Senior Applications GRC Developer

GRC Analyst

Senior SAP Security & GRC Specialist

Senior Systems Auditor

Associate IT Auditor

SAP Technical Specialist

SAP Technical Analyst

Applications Security Analyst

Education

University of Karachi

Sir Syed University of Engineering & Technology

Bayt.com tests

ERP Test

Skills

Languages

Arabic

English

Urdu

Training and Certifications

Certifications

Intermediate IT Audit School

Identity Management 7.1 - TZNWIM™

IT Project Management Essentials

GRC Access Control 10.0 (GRC300™

Certified Risk Analyst (CRA)

SAP Certified Security and Audit Associate

Certified Information Systems Auditor (CISA)

Certified Information Systems Security Professional (CISSP)

Intermediate IT

Identity Management 7.1 - TZNWIM™

IT Project Management Essentials

GRC Access Control 10.0 (GRC300™)

Certified Risk Analyst (CRA)

SAP Certified Security and Audit Associate

Certified Information Systems Auditor (CISA)

Certified Information Systems Security Professional (CISSP)

CISSP

Training

SAP Administration, SAP Business Objects Overview, IT Project Management Essentials – Introduction,

Identity Management 7.1 TZNWIM

GRC Access Control 10.0 GRC300

• Business Objects Administration & Security BOE310

Hobbies and interests

Tennis