محمد علي خان

• Leading and managing the MMEA region for the implementation of IT/ Cyber security objectives and targets, and supporting the stakeholders across 62+ countries.
• Support the IT ISMS Compliance. Accountable for overall ISMS Compliance.
• Security assurance in the design and architecture of the systems and solutions by performing the security certification in line with security baseline requirements.
• Contributing to the security risk assessments in compliance with organization’s security requirements and frameworks covering the ISMS/ ISO 27001 standard.
• Driving the third-party security risk management program. Identifying the security sensitive suppliers/ vendors and ensuring their compliance with organization’s security standards.
• Collaborating with regional/ global stakeholders for the IT asset management program.
• Leading the vulnerability management program. Establishing the remediation program to prioritize, assign and remediate the identified vulnerabilities within defined timeline.
• Support IT Security incident handling (collaboration between SOC, IT Security, and IT).
• Support IT security projects ensuring that the business requirements are addressed.
• Support data privacy in compliance with local regulations including DPA and GDPR.
• Collaborate with technical experts across the region for IT security hygiene activities.
• Supporting defining, implementing, automating and stabilizing the IT DR program.
• Support IT Security awareness campaigns for targeted Management/ Employee audiences for all areas and topics related to IT Security and Compliance.

• Lead the implementation of information/ cyber security, risk management framework and security assessments/ audits of country-wide technical infrastructure including Business applications, LAN, IP Telephony, Data Centers and WAN/ MPLS for 250+ sites.
• Established the security governance covering strategy, projects, operations, risks, roles, steering committee, policies, cloud security, performance optimization and accountabilities.
• Development and implementation of cyber security policies and procedures.
• Security compliance with regulatory requirements and frameworks covering ISO 27001, GIA, Security Frameworks, NIST 800-53, ISA/ IEC 62443, CIS and DPA.
• Lead advisor for security architecture for solutions and networks.
• Managed a corporate wide risk management program covering risk assessments, threat modeling, threat actors, applicable attack vectors and preparing risk treatment plans.
• Plan, lead and execute Vulnerability Assessments and Penetration Testing (VAPT).
• Lead the security remediation program to record, classify, prioritize, assign and remediate the identified IT and security vulnerabilities and issues within defined timeline.
• Lead the technology project assurance programme defining and managing project risks, accountabilities (RACI), scope management, stakeholder management, issue management, vendor management, timelines and realizing the expected benefits.
• Develop operational model for SOC monitoring. Define the procedures for security monitoring to detect, protect, respond and recover from security attacks. Also defined the requirements for Forward Intelligence/ Threat Intelligence.
• Reporting to the senior management and supporting at the board-level committees.
• Collaborating with stakeholders and technical experts for IT and security implementation.
• Baseline requirements for Digital Forensic capabilities.
• Deliver corporate-wide cyber/ information security awareness and training program.

(Practice Lead) - Technology Risk Assurance

•Lead and manage the Technology Risk Assurance practice for a large portfolio of clients and multi-disciplinary teams for the business development and engagement delivery.
•Managed and delivered the IT/ Cyber Security Implementation and Audit engagements covering information/ cyber security controls frameworks, risk management, data privacy, security governance, policies and procedures, cloud security, regulatory compliance, security strategy and DR planning.
•Supported the clients’ executive management to understand their priorities and establishing the business cases for security consulting to solve the complex problems.
•Lead and contribute to developing and executing the sector specific go-to-market strategies.
•Effective project planning, engagement risk management, resource management, budgeting, prioritizing tasks and talent management.
•Solving complex challenges and deeply technical problems of multiple clients.
•Technical proposal writing and presenting to the client’s senior executives.
•Business development activities by defining high priority targets and future growth plans, capitalizing existing relationships, approaching clients, building new networks and penetrating into new markets.
•Representing the firm at the regional industry forums.
•Building strong relationship and networking with existing and prospective clients.

Enterprise Risk Service - Technology Assurance)

•Managed a large portfolio of clients for delivering the security audits and consulting projects.
•Built strong relationship with clients by providing the right value in their engagements.
•Engaged with senior stakeholders of clients to understand and meet their expectations.
•Managed the complex engagements with diversified teams.
•Engaged with business development activities by writing high-quality proposals with tailor methodologies to deliver projects.
•Assessed the security compliance of clients covering SOX-IT and SSAE/ SOC2.
•Assessed the data privacy of clients in compliance with DPA and GDPR.
•Performed security assessments of a large government client in compliance of ISO 27001 visiting their multiple sites across various geographical locations.
•Supported junior consults in defining and meeting their performance objectives.
•Reporting to the senior management of client and the firm.

Technology and Security Risk Services)

•Managed the multiple engagements for the information/ cyber security implementations, assessments, risk management, IT audits, governance, policies & procedures and disaster recovery plans covering ISO 27001, CobiT, NIST, ISF, PCI DSS, CIS and local government’s regulatory frameworks.
•Provided business-focused services for the technology and security advancements.
•Performed risk assessment of a large energy sector client covering 100+ applications and networks spanned across multiple geographical locations in UAE and Qatar. Also, evaluation the criticality of industrial and corporate systems and produced heat-map to indicate the criticality of the systems.
•Supported business development activities by chasing the opportunities with priority clients.
•Performed technology governance review for government clients and evaluated their security strategy, security policies, risks, security controls, performance and projects.
•Conducted network security audit of the large retail bank covering network operations, security, configuration, capacity, performance, remote access and single point of failure.
•Performed SAP and other ERP reviews.
•Managed good relationship with the stakeholders and senior management of firm/ clients.

Technology Risk Services)

•Delivered the security audits and risk consulting projects.
•Performed the application/ ERP security review of banking client.
•Managed the IT security audit of a largest healthcare government client.
•Reviewed the security audit reports of different engagements.
•Reviewed the security policies based on the ISO 27001 and COBIT standards.