محمد حسن

Working as ‘GRC Analyst’ in Kahramaa (Qatar General Electricity and Water Corporation), Doha, Qatar managing
multiple GRC activities like Internal Audit (Information Security), Change Management, Microsoft Azure
adoption & governance, and implementation & monitoring of various information security frameworks like
ISO27001 and NIA v2.0.
Internal Audit (Information Security):
* IT Controls around the areas of Access Management, Change Management, backup Operations, and
Program development review of documentation and application controls and controls to ensure
completeness and accuracy of the tool results, preparation of draft observation report highlighting gaps
identified for discussion with management, etc.
* Contribute to the enhancement of IT controls, policies, procedures, and baselines documents.
* Ensuring compliance with regulatory-mandated information security standards and best practices.
Microsoft Azure Governance & Compliance:
* Working as a

Experienced of working with Clients like CRA - Communications Regulatory Authority, Es'hailSat - Qatar
Satellite Company, Ministry of Finance, RKH Qitarat - (Doha Metro), leading bank in Doha, and several other
Qatar Ministries. Working for Government organizations in Qatar in the implementation of Information Security
Framework like ISO 27001, NIAv2.0, and FIFA World Cup 2022 in Qatar.
Clients worked for:
* CRA - Communications Regulatory
Authority
* Qatar Credit Bureau
* Qatar Rail (Doha Metro)
* Es'hailSat - Qatar Satellite Company,
Qatar
* Ministry of Finance
* Doha Bank, Qatar
* Conducting Internal audits and evaluating the security maturity level of the organization.
* Conduct periodic audits of various systems to ensure information security implementation processes and
procedures are effective
* Evaluating the adequacy and effectiveness of Technology controls, conducting ITGC Audits.
* Implement and execute security evaluation processes. Provide feedback and recommendations on how to
remediate security gaps exposed as part of the evaluation process.
* Preparation of recommendations for corrective action and risk mitigation of clients
* Bi-weekly interface with Senior Management, stakeholders, technical and business sources to discuss
information security risks within the organization.
* Carrying out Gap Assessment activities and documenting Gap Assessment reports. Evaluate existing
information security controls, impact, and information security risks.
* Involved in Risk Assessment and Risk Management Activities. Communicate risks and mitigation actions to the
business stakeholders.
* Develop and manage information security risk register.
* Protects system by defining access privileges, control structures, and resources.
* Develop, review and maintain thorough, accurate and up to date documentation (policies, procedures,
guidelines, templates, forms, process maps, and other associated documentation) for ISO 27001:2013
standard and the NIA framework

Excellent exposure of working with Clients like:-
* Citibank * Syneos Health * Microsoft
* Worked as Delivery Compliance Analyst, conducted Information Systems Audit and Compliance Assessment
based on standard frameworks like ISO 27001 and NIST.
* Conducted periodic Risk Assessments and drive integration of remediation efforts with the Risk Management
process.
* Under the guidance of the Delivery Compliance Officer, performed activities to help measure and monitor
compliance as per company policies and procedures for securing the information.
* Prepared and maintained Risk Register in order to track all the identified issues and risks till the closure.
* Review internal and external documents, processes, and procedures for client, company, and regulatory
requirements and respond accordingly
* Effectively present information and provide responses to groups of Executives, Manager, Administrators,
Clients, and Customers.
4. Netskope India Office