Syed Saqib Andrabi

CISM Governance: Established Azure Security Baseline (NIST CSF); enforced via Policy as Code.

CISM Risk Management: Quantified 40+ migration risks; mitigated top 5 with automated guardrails.

• Led enterprise cybersecurity and governance, risk and compliance transformation projects
across UAE, Saudi Arabia, APAC and Europe using Agile and hybrid project delivery models,
ensuring on-time delivery and regulatory compliance.
• Established and managed enterprise GRC program aligning with UAE NESA IA, PDPL,
ADGM/DIFC data protection and ISO 27001 standards.
• Managed end-to-end project lifecycle delivery across all SDLC phases, including
requirements gathering, architecture design, implementation, testing, deployment, and
operational handover.
• Conducted enterprise-wide risk assessments, implemented controls, and achieved 20%
reduction in compliance gaps.
• Successfully delivered large-scale security and compliance programs onsite with clients
across UAE, Saudi Arabia, Germany, Netherlands, Italy, Switzerland, and France,
coordinating cross-functional global teams.
• Deployed Microsoft Purview, DLP, and Microsoft Defender as part of enterprise data
protection transformation initiatives.
• Led vendor and third-party security assessment programs, integrating them into
enterprise risk management frameworks.
• Delivered executive dashboards, program status reports, and risk metrics to C-level
leadership and steering committees.

CISM Program Development: Launched M365 Secure Score program; raised tenant score 62 → 94 in 6 months.

CISM Incident Management: Built Tier-0 playbook; cut P1 resolution 75%

CISM Risk Assessment: Mapped 25 SaaS vendors to risk tiers; blocked 3 high-risk contracts.

CISM Governance: Created first DR governance charter.

CISM Foundations: Standardized least-privilege AD groups; cut privilege creep 70%.

CISM Incident Logging: Pioneered centralized Syslog → precursor to today’s SIEM.

Developed Information Security Charter and mapped organizational security controls to ISO 27001 domains, establishing baseline governance for audit readiness.

Change Control Enhancement: Implemented formal change approval process integrating IT and operations; reduced unplanned outages by 35%.

Conducted quarterly access review audits across domain admin and service accounts, resulting in 100% SoD (Segregation of Duties) compliance.

Designed risk treatment plan aligned with CISM risk lifecycle; prioritized mitigation actions, reducing overall residual risk by 25% in two quarters.

Introduced Data Classification Framework and labeling policy; improved handling of sensitive information across departments.

Co-led Business Impact Analysis (BIA) and Disaster Recovery tabletop exercises—validated recovery objectives and improved RTO from 24 hours to 8 hours

CISM Governance Foundations: Authored first-ever Password Policy & Access Control SOP, enforced via Group Policy—reduced unauthorized logins 80%.
CISM Risk Identification: Built asset inventory & risk heatmap in Excel; flagged 12 unpatched servers for immediate remediation.
Provided Tier-1/2 support for 400+ users on Windows XP/7, Exchange 2007, and LAN connectivity.
Managed daily backups using Symantec Backup Exec; achieved 100% restore success in quarterly tests.

• Helped instructors in conducting network security labs, vulnerability assessments, and
penetration testing exercises.
• Contributed to policy drafting, documentation, and governance frameworks for training
projects aligned with ISO 27001 principles.
• Supported cybersecurity training programs focusing on risk assessment and IT governance.

• CISM Incident Logging (Pre-SIEM): Created centralized event log repository using scripts—precursor to today’s Sentinel/Syslog pipelines.
• CISM Program Awareness: Designed first security induction slide deck for 50 new hires; embedded phishing & social engineering basics.
• Assisted in Active Directory user provisioning and basic firewall rule reviews.
• Documented network diagrams and standard troubleshooting guides adopted team-wide.