Submitting more applications increases your chances of landing a job.

Here’s how busy the average job seeker was last month:

Opportunities viewed

Applications submitted

Keep exploring and applying to maximize your chances!

Looking for employers with a proven track record of hiring women?

Click here to explore opportunities now!
We Value Your Feedback

You are invited to participate in a survey designed to help researchers understand how best to match workers to the types of jobs they are searching for

Would You Be Likely to Participate?

If selected, we will contact you via email with further instructions and details about your participation.

You will receive a $7 payout for answering the survey.


User unblocked successfully
Nawal Har, EXECUTIVE ADVISOR

Nawal Har

EXECUTIVE ADVISOR·Bank

Saudi Arabia

Master's degree, Information Technology

Work experience

Total years of experience: 15 years, 4 months

EXECUTIVE ADVISOR

January 2025 - Present

Bank

Riyadh, Saudi Arabia

January 2025 - Present

• Architecting the Enterprise AI Risk & Governance Framework to ensure all Generative AI deployments adhere to
national ethical principles, SDAIA regulations and NCA security standards
• Engineering Privacy-Enhancing Technologies (PETs) to enable secure data flows and large-scale AI training
while maintaining strict SAMA and local data residency compliance
• Conducting strategic security assessments for LLM integrations, balancing rapid innovation with robust
defensive controls for sovereign cloud environments
• Directing local audit programs and performs technical due diligence to meet digital transformation standards
• Advising on AI model risk management, including the mitigation of prompt injections, data poisoning, and
algorithmic bias

Company industry:
Banking
Job role:
Banking

HEAD OF CYBERSECURITY & RISK GOVERNANCE – DEPUTY CISO

October 2023 - January 2025

bank

Dubai, United Arab Emirates

October 2023 - January 2025

• Managed end-to-end security controls and remediation programs for Cloud, Infrastructure, Middleware,
Network and application layers.
• Orchestrated internal and external audit programs (ISO27001, SOC2, ISR)) while performing technical due
diligence on third-party vendors assessing CVE exposure, patch SLAs, and secure SDLC evidence. Integrated
ARAQ/RAF into reviews.
• Designed and implemented business continuity and resilience standards in strict alignment with NCEMA 7000
• Directed strategic data privacy initiatives in compliance with UAE regulations mandates (PDPL, ISR, CBUAE)
reinforcing compliance and building trust with stakeholders
• Quantified Cyber risks into financial impact using the FAIR methodology to support C-level decision-making
and optimize ROI for Saudi Business Units.
• Drove and optimized cybersecurity budget ensuring strategic prioritization.
• Managed regional security incidents and ensure Identity Access Management (IAM) controls are enforced
according to local data residency laws and cloud security regulations
• Led the cybersecurity roadmap and GRC activities for the UAE entity, ensuring full compliance with the NESA
CIIP manual and DESC standards

Company industry:
Banking
Job role:
Banking

HEAD OF CYBERSECURITY & RISK GOVERNANCE – DEPUTY CISO

January 2023 - January 2025

bank

Dubai, United Arab Emirates

January 2023 - January 2025

• Managed end-to-end security controls and remediation programs for Cloud, Infrastructure, Middleware, Network and
application layers.
• Orchestrated internal and external audit programs (ISO27001, SOC2, ISR)) while performing technical due diligence on
third-party vendors assessing CVE exposure, patch SLAs, and secure SDLC evidence. Integrated ARAQ/RAF into reviews.
• Designed and implemented business continuity and resilience standards in strict alignment with NCEMA 7000
• Directed strategic data privacy initiatives in compliance with UAE regulations mandates (PDPL, ISR, CBUAE) reinforcing
compliance and building trust with stakeholders
• Quantified Cyber risks into financial impact using the FAIR methodology to support C-level decision-making and optimize
ROI for Saudi Business Units.
• Drove and optimized cybersecurity budget ensuring strategic prioritization.
• Managed regional security incidents and ensure Identity Access Management (IAM) controls are enforced according to
local data residency laws and cloud security regulations
• Led the cybersecurity roadmap and GRC activities for the UAE entity, ensuring full compliance with the NESA CIIP manual
and DESC standards

Company industry:
Banking
Job role:
Banking

APPLICATION SECURITY MANAGER

April 2019 - October 2023

bank

Montreal, Canada

April 2019 - October 2023

• Industrialized security within SDLC and CI/CD pipelines through DevSecOps practices during architecture
phase to remediate vulnerabilities early on.
• Directed comprehensive OWASP-based DAST, SAST, and SCA programs to identify weaknesses in proprietary
and open source components.
• Collaborated with global stakeholders to prioritize security risks and ensure compliance with international
banking standards.
• Strengthened AML/CFT Controls by integrating mission-critical cybersecurity measures into core banking
applications.
• Delivers the data-classification framework by defining business categories, mapping sensitivity levels, and
ensuring technical enforcement (labelling, DLP rules, encryption

Company industry:
Banking
Job role:
Information Technology

SOC MANAGER (Consultant) PWC

January 2018 - January 2019

Project for AXA Corp

Paris, France

January 2018 - January 2019

• Directed 24/7 Operations and managed a team of security analysts for global threat detection
• Spearheaded 50+ detection use cases mapped to MITRE ATT&CK
• Acted as Lead Incident Commander for critical security breaches and complex forensic investigations
• Leveraged actionable Threat Intelligence to proactively mitigate industry specific emerging risks
• Orchestrated scanning and prioritized remediation with IT infrastructure teams
• Cloud Security: Hardened AWS/Azure environments through strict IAM policies, WAF, and KMS crypto hygiene.
• Delivered operational SOC KPIs and Dashboard to Executive Committees,
• Orchestrated the technical design of RFPs, securing contracts by demonstrating SOC maturity and operational excellence to

prospective clients

Company industry:
Banking

INFORMATION SECURITY OFFICER (Consultant) PWC

January 2017 - January 2018

Project for Societe Generale (Banking)

Paris, France

January 2017 - January 2018

• Engineered a Technical Risk Cartography for high-frequency trading perimeters to identify critical asset dependencies
and operational single points of failure
• Led the RCSA (Risk Control Self-Assessment) process for business units, identifying security gaps and implementing
technical mitigating controls to reduce residual risk
• Directed vulnerability lifecycle and technical risk analysis, enforcing patch compliance across core banking
infrastructures while managing security exceptions
• Orchestrated the GRC roadmap and annual compliance testing, translating internal audit mandates into actionable
technical security requirements for IT teams

Company industry:
Banking

CYBERSECURITY & RISK SPECIALIST (Consultant)

January 2014 - January 2017

ENGIE (Oil & Gas/Energy)

Paris, France

January 2014 - January 2017

• Orchestrated technical Pentesting campaigns and managed the implementation of security controls for IT and SCADA
environments
• Designed Security-by-Design architectures for sensitive systems in collaboration with vendors, including MFA solution
qualification
• Supported business continuity, incident management exercises, and delivered strategic reporting to IT Executive
Committees.
• Organized Cyber Security awareness + Groupe annual Seminar Cyber Security Days

Company industry:
Oil & Gas

IT SECURITY & COMPLIANCE ENGINEER (Consultant)

January 2011 - January 2014

Groupe (Media Production)

Paris, France

January 2011 - January 2014

• Hardened broadcasting and production infrastructure through Active Directory GPO management and technical risk
assessments
• Managed Patch deployment and vulnerability reporting via SCCM to maintain high compliance standards
• Improved technical evidence collection for audits and promoted group-wide security awareness programs

Company industry:
Media Production

Education

Cybersecurity Major at Universite de Paris

January 2011

January 2011

Master's degree, Information Technology

France

Skills

IDENTITY AND ACCESS MANAGEMENT
Intermediate
IDENTITY AND ACCESS MANAGEMENT
Intermediate
INCIDENT MANAGEMENT
Intermediate
INCIDENT MANAGEMENT
Intermediate
ISO IEC 27001
Intermediate
ISO IEC 27001
Intermediate
STRATEGIC LEADERSHIP
Intermediate
STRATEGIC LEADERSHIP
Intermediate
COMPLIANCE REPORTING
Expert
COMPLIANCE REPORTING
Expert
IT RISK MANAGEMENT
Expert
IT RISK MANAGEMENT
Expert
GOVERNANCE
Expert
GOVERNANCE
Expert
VULNERABILITY MANAGEMENT
Expert
VULNERABILITY MANAGEMENT
Expert
CYBER RESILIENCE
Expert
CYBER RESILIENCE
Expert
LEADERSHIP
Expert
LEADERSHIP
Expert
CONTAMINATION
Intermediate
CONTAMINATION
Intermediate
LINKEDIN
Intermediate
LINKEDIN
Intermediate
NIST 800
Intermediate
NIST 800
Intermediate
BUSINESS STRATEGIES
Intermediate
BUSINESS STRATEGIES
Intermediate
INCIDENT RESPONSE
Intermediate
INCIDENT RESPONSE
Intermediate
RISK MANAGEMENT
Intermediate
RISK MANAGEMENT
Intermediate
SECURITY AWARENESS
Intermediate
SECURITY AWARENESS
Intermediate
CORPORATE STRATEGY
Intermediate
CORPORATE STRATEGY
Intermediate
CROSS FUNCTIONAL COLLABORATION
Intermediate
CROSS FUNCTIONAL COLLABORATION
Intermediate
GOVERNANCE RISK MANAGEMENT AND COMPLIANCE
Intermediate
GOVERNANCE RISK MANAGEMENT AND COMPLIANCE
Intermediate
INTERNAL AUDITING
Intermediate
INTERNAL AUDITING
Intermediate
REGULATORY REQUIREMENTS
Intermediate
REGULATORY REQUIREMENTS
Intermediate
CROSS FUNCTIONAL COORDINATION
Intermediate
CROSS FUNCTIONAL COORDINATION
Intermediate
RISK GOVERNANCE
Intermediate
RISK GOVERNANCE
Intermediate
ARTIFICIAL INTELLIGENCE
Intermediate
ARTIFICIAL INTELLIGENCE
Intermediate
CONSULTING
Intermediate
CONSULTING
Intermediate
CYBER GOVERNANCE
Intermediate
CYBER GOVERNANCE
Intermediate
CYBER SECURITY
Intermediate
CYBER SECURITY
Intermediate
DATA SECURITY
Intermediate
DATA SECURITY
Intermediate
INFORMATION SECURITY MANAGEMENT SYSTEMS
Intermediate
INFORMATION SECURITY MANAGEMENT SYSTEMS
Intermediate
NIST CYBERSECURITY FRAMEWORK CSF
Intermediate
NIST CYBERSECURITY FRAMEWORK CSF
Intermediate
TEAMWORK
Intermediate
TEAMWORK
Intermediate
PROJECT RISK MANAGEMENT
Intermediate
PROJECT RISK MANAGEMENT
Intermediate
GENERATIVE ARTIFICIAL INTELLIGENCE
Intermediate
GENERATIVE ARTIFICIAL INTELLIGENCE
Intermediate
COMPUTER NETWORKS
Intermediate
COMPUTER NETWORKS
Intermediate
DATA MODELING
Intermediate
DATA MODELING
Intermediate
REGULATORY COMPLIANCE
Intermediate
REGULATORY COMPLIANCE
Intermediate
COMPLIANCE REQUIREMENTS
Intermediate
COMPLIANCE REQUIREMENTS
Intermediate
INFORMATION PRIVACY
Intermediate
INFORMATION PRIVACY
Intermediate
INNOVATION
Intermediate
INNOVATION
Intermediate
IT INFRASTRUCTURE
Intermediate
IT INFRASTRUCTURE
Intermediate
ENTERPRISE SECURITY
Intermediate
ENTERPRISE SECURITY
Intermediate
ETHICAL STANDARDS AND CONDUCT
Intermediate
ETHICAL STANDARDS AND CONDUCT
Intermediate
MODEL RISK MANAGEMENT
Intermediate
MODEL RISK MANAGEMENT
Intermediate
COMPUTER SECURITY
Intermediate
COMPUTER SECURITY
Intermediate
LABOR LAW
Intermediate
LABOR LAW
Intermediate

Social profiles

Languages

English

Native Speaker

French

Native Speaker

Arabic

Native Speaker

Spanish

Expert

Training and Certifications

Certifications
MCTS (Microsoft Certified Technology Specialist) Windows Server 2008
DESC ISR Implementation
NCA ECC Auditor
GDPR Data Protection Fundamentals Regional
ISO 27001 Lead Auditor
ISO/IEC 42001 Lead Implementer
AI &
MCTS (Microsoft Certified Technology Specialist) Windows Server 2008
CCNA1, CCNA2
ITIL V3 Cloud Computing
NCA ECC Auditor
GDPR Data Protection Fundamentals
ISO 27001 Lead Auditor
ISO 27005 Risk Manager / EBIOS
CISM
ISO/IEC 42001 Lead Implementer
MCTS (Microsoft Certified Technology Specialist) Windows Server
CCNA1
ITIL V3 Cloud Computing
Implementation
Regional Compliance
ISO 27001 Lead Auditor o GDPR Data Protection Fundamentals
Cybersecurity Operations & Privacy
ISO 27005 Risk Manager / EBIOS
Strategic Governance & Risk Management
AIGP in
AWS Certified AI Practitioner
ISO/IEC 42001
MCTS (Microsoft Certified Technology Specialist) Windows Server
CCNA1
ITIL V3 Cloud Computing
NCA ECC Auditor
Regional Compliance
GDPR Data Protection Fundamentals
ISO 27001 Lead Auditor
CDPSE
CISSP
Cybersecurity Operations & Privacy
ISO 27005 Risk Manager / EBIOS
CRISC
CISM
Strategic Governance & Risk Management
CAIP
AWS Certified AI Practitioner
ISO/IEC 42001
AI & Emerging Technology
MCTS (Microsoft Certified Technology Specialist) Windows Server 2008
CCNA2
ITIL V3 Cloud Computing
NCA ECC Auditor
Regional Compliance
ISO 27001 Lead Auditor o GDPR Data Protection Fundamentals
CDPSE
Cybersecurity Operations & Privacy
ISO 27005 Risk Manager
CRISC
Strategic Governance & Risk Management
AIGP
AWS Certified AI Practitioner
ISO/IEC 42001 Lead Implementer
AI & Emerging Technology Governance
MCTS (Microsoft Certified Technology Specialist) Windows Server 2008
CCNA2
ITIL V3 Cloud Computing
NCA ECC Auditor
Regional Compliance
ISO 27001 Lead Auditor o GDPR Data Protection Fundamentals
CDPSE
Cybersecurity Operations & Privacy
ISO 27005 Risk Manager
CRISC
Strategic Governance & Risk Management
AIGP
AWS Certified AI Practitioner
ISO/IEC 42001 Lead Implementer
AI & Emerging Technology Governance
MCTS (Microsoft Certified Technology Specialist) Windows Server 2008
CCNA1, CCNA2
ITIL V3 Cloud Computing
Implementation
Regional Compliance
GDPR Data Protection Fundamentals
ISO 27001 Lead Auditor
CDPSE
Cybersecurity Operations & Privacy
ISO 27005 Risk Manager / EBIOS
CRISC
Strategic Governance & Risk Management
CAIP
AIGP
AWS Certified AI Practitioner
ISO/IEC 42001 Lead Implementer
AI & Emerging Technology Governance
MCTS (Microsoft Certified Technology Specialist) Windows Server 2008
CCNA1, CCNA2
ITIL V3 Cloud Computing
Implementation
Regional Compliance
GDPR Data Protection Fundamentals
ISO 27001 Lead Auditor
CDPSE
Cybersecurity Operations & Privacy
ISO 27005 Risk Manager / EBIOS
CRISC
Strategic Governance & Risk Management
CAIP
AIGP
AWS Certified AI Practitioner
ISO/IEC 42001 Lead Implementer
AI & Emerging Technology Governance
MCTS (Microsoft Certified Technology Specialist) Windows Server 2008
ITIL V3 Cloud Computing
NCA ECC Auditor
ISO 27001 Lead Auditor
ISO 27005 Risk Manager / EBIOS
AWS Certified AI Practitioner
ISO/IEC 42001
MCTS (Microsoft Certified Technology Specialist) Windows Server 2008
CCNA1, CCNA2
ITIL V3
ISR Implementation
Regional Compliance
GDPR Data Protection Fundamentals
ISO 27001 Lead Auditor
CDPSE
CISSP
Cybersecurity Operations & Privacy
ISO 27005 Risk Manager / EBIOS
CRISC
Strategic Governance & Risk Management
CAIP
AIGP
AWS Certified AI Practitioner
ISO/IEC 42001 Lead Implementer
AI & Emerging Technology Governance
MCTS (Microsoft Certified Technology Specialist) Windows Server 2008
CCNA1, CCNA2
ISR Implementation
Regional Compliance
GDPR Data Protection Fundamentals
ISO 27001 Lead Auditor
CDPSE
CISSP
Cybersecurity Operations & Privacy
ISO 27005 Risk Manager / EBIOS
CISM
Strategic Governance & Risk Management
AIGP
ISO/IEC 42001 Lead Implementer
AI & Emerging Technology Governance
CISM
GDPR Data Protection Fundamentals
Training : Strategy of communication and Corporate Regulation
MCTS (Microsoft Certified Technology Specialist) Windows Server 2008
CCNA1, CCNA2
ISO 27001 Lead Auditor
ITIL V3 Cloud Computing
EBIOS
ISO 27005 Risk Manager
CISSP (Certified Information Security Systems Security Professional)