Senior Cybersecurity Consultant
ECOVIS AL SABTI
مجموع سنوات الخبرة :7 years, 0 أشهر
Conducted a comprehensive SAMA CSF assessment, identifying alignment gaps and implementing corrective measures to strengthen cybersecurity across the entire organization.
Executed an NCA-DCC gap assessment, pinpointing areas for improvement. Enhanced organizational security and regulatory compliance by developing and updating Cybersecurity policies aligned with SAMA-CSF, NCA-DCC, NCA-ECC, and OSMACC, ensuring their successful implementation organization-wide.
Established a thorough Cybersecurity Awareness Plan for staff, customers, and vendors to enhance overall security awareness.
Executed phishing campaigns using the PhishGuard tool, delivering valuable insights and outcomes to the Cybersecurity steering committee, thereby enhancing the organizations resilience against phishing threats.
Conducted due diligence for third-party vendors and managed cybersecurity risk assessments for various projects.
Develop and update comprehensive Threat, Vulnerability, and Risk Registers, identifying potential risks and vulnerabilities and ensuring timely mitigation measures.
Monitored and managed threats through CTM360/SAMA/SOC, initiating tickets for threat mitigation and contributing to a robust cybersecurity defense strategy.
Generated ManageEngine tickets to promptly notify IT of threats for patching and IOCs blocking significantly minimizing potential vulnerabilities and bolstering the organizations cybersecurity posture.
Coordinated Red Team and Penetration Testing exercises, significantly enhancing security operations efficiency.
Developed Cybersecurity checklists and conducted periodic assessments of existing systems and network devices ensuring proactive identification and resolution of security vulnerabilities.
Gathered evidence and collaborated on ongoing Cybersecurity audits, contributing to audit success.
Provided regular updates on regulatory compliance, audits, and adherence to industry standards.
Actively participated as an Audit team member, ensuring compliance with SAMA CSF and NCA (ECC & DCC) frameworks.
Conducted IT and CS Risk Assessment, identifying critical assets, and threats, and implementing effective treatment measures.
Assessed application controls to ensure robust system application security. Reviewed project life cycles, identified gaps, and suggested corrective actions to streamline processes.
Successfully conducted an independent compliance audit for a large Capital investment Bank, aligning with Tadawul Members Technical Requirements.
• Cybersecurity Consulting and Operational Support YANAL Finance Company
Gap Assessment:
• Led a comprehensive assessment of the SAMA CSF, NCA-ECC, NCA-DCC, and OSMACC frameworks.
• Identified alignment gaps and implemented corrective measures to strengthen overall organizational security and regulatory compliance. Cybersecurity Policy Development:
• Developed and updated Cybersecurity policies aligned with SAMA-CSF, NCA-DCC, NCA-ECC, and OSMACC, ensuring successful implementation across the organization. Cybersecurity Awareness and Training:
• Established a Cybersecurity Awareness Plan for staff, customers, and vendors to enhance overall security awareness.
• Executed phishing campaigns using the Phish Guard tool, delivering valuable insights to the Cybersecurity steering committee, thereby enhancing the organizations resilience against phishing threats. Risk Management:
• Created and maintained a comprehensive risk register to enhance overall risk awareness and informed decision-making.
• Communicated the risk register to risk owners, coordinated target dates, and ensured timely mitigation of identified risks.
• Engaged in risk assessments for every project initiation, identifying cybersecurity risks to enhance project security. Threat Management:
• Monitored and managed threats through CTM360/SAMA/SOC, initiating tickets for threat mitigation and contributing to a robust cybersecurity defense strategy.
• Develop and update comprehensive Threat and Risk Registers, identifying potential risks and vulnerabilities and ensuring timely mitigation measures.
• Generated ManageEngine tickets to promptly notify IT of threats for patching and IOCs blocking, significantly minimizing potential vulnerabilities and bolstering the organizations cybersecurity posture. Incident Management:
• Prepared incident reports, obtained stakeholder approval, and submitted them to the regulator and executive management.
• Coordinated with MSSP (SOC) to ensure swift and effective resolution of security incidents.
• Updated the incident register and regularly reported it to the Cybersecurity Steering Committee.
Vulnerability Management:
• Updated the vulnerability register and reported vulnerability scan results to the IT team to ensure timely mitigation of vulnerabilities, enhancing the companys security posture.
• Coordinated Red Team and Penetration Testing exercises, significantly enhancing security operations efficiency. Cybersecurity Reviews:
• Developed Cybersecurity checklists and conducted periodic assessments of existing systems and network devices for proactive identification and resolution of security vulnerabilities.
• Successfully conducted comprehensive cybersecurity assessments for critical infrastructure components including EDR systems, Firewalls, Servers, VPNs, Routers, Switches, and Privileged Access Management (PAM) solutions, identifying vulnerabilities and recommending mitigation strategies. Vendor Due Diligence:
• Conducted due diligence for third-party vendors and managed cybersecurity risk assessments for various projects.
• Liaised with third-party vendors to gather requirements and completed outsourcing documentation for submission to the regulator, facilitating the companys compliance with regulatory requirements for outsourcing services. Cybersecurity Audit:
• Gathered evidence and collaborated on ongoing Cybersecurity audits, contributing to audit success.
• Provided regular updates on regulatory compliance, audits, and adherence to industry standards.
• Managed end-to-end recruitment cycle, handling a high volume of requirements from Fortune companies like Deloitte, Uber, Comcast, Motorola, Cisco, USAA, GSK, and many more.
• Identified opportunities for enhancement in recruiting strategies.
• Scheduled candidate interviews with recruiters and hiring managers.
• Compiled weekly and monthly reports and forwarded them to Managers and Directors.
• Assigned tasks to various teams of technical, corporate, and marketing recruiters.
• Maintained a cloud-based database of all job requirements.
• Broadcast daily client requirements to the recruitment teams.
• Oversaw day-to-day operations and handled all departmental administrative functions.
• Ensured strict adherence to legal and organizational policies and procedures.
• Coordinated various training and development programs for new employees.
• Planned workloads, assigned tasks, and monitored employees progress toward targets.
• Provided valuable feedback on employee performance to the reporting Manager.
• Prepared and submitted monthly and yearly performance reports for subordinates.
• Efficiently organized meeting schedules and prepared meeting agendas, recording minutes for future reference.
• Proficient in generating reports, correspondence, letters, and memos using Office Automation System (OAS), MS Word, MS Project, and PowerPoint.