About Me
Cybersecurity and GRC leader with 10+ years building enterprise security programs across SAMA-regulated banking, defense, government, and critical national infrastructure in Saudi Arabia. Track record of achieving full NCA and ISO 27001 compliance within six months, reducing audit findings by 35–40%, and translating complex technical risks into board-level intelligence. Proven ability to unify cross-functional teams around a single risk strategy and deliver measurable outcomes under regulatory pressure. Equally proficient in data protection (PDPL) and regulatory engagement across the NCA, SAMA, and CST ecosystems.
Experience
Senior Manager / Technology Risk Specialist @ Confidential Bank
2024-Present
- Lead enterprise-wide risk assessments across IT and cybersecurity, aligning 200+ controls with SAMA ITGF and reducing critical audit findings by 35%.
- Re-engineered Jira-based risk workflows by embedding KRIs, KPIs, and residual risk scoring, cutting risk assessment cycle time by 40%.
- Unified risk treatment documentation across audit, compliance, and IT, creating a single source of truth for 3 Lines of Defence reporting.
- Authored board-level risk posture reports and led inspection readiness, contributing to a clean regulatory examination.
- Integrated threat modelling and asset sensitivity data into risk registers, improving control-mapping accuracy and remediation prioritisation.
Data Security Specialist @ Confidential Government
2023 - 2024
- Drove compliance initiatives achieving full NCA, SAMA, and ISO 27001 alignment within six months, lifting audit scores from 62% to 94% and eliminating 12 critical non-conformities.
- Stepped in as acting cybersecurity department head during a leadership transition, managing a 6-person team and maintaining 100% SLA compliance for incident response.
- Designed an integrated IT/OT risk assessment framework adopted by operations and compliance teams, increasing threat visibility across 50+ industrial control systems.
- Deployed File Integrity Monitoring (FIM) and Data Loss Prevention (DLP) solutions across 1,200+ endpoints, reducing insider-threat exposure by an estimated 60%.
- Executed internal audits that closed 18 compliance gaps in 90 days, strengthening the organization's GRC posture ahead of a regulatory inspection.
Senior Cybersecurity Consultant @ Confidential
2023 - 2023
- Performed deep-dive audits across 5 public-sector organizations under ECC/TCC standards, uncovering 30+ critical gaps overlooked in prior third-party reviews.
- Audited Cloud Service Providers (CSPs) serving national infrastructure, remediating 15 high-risk findings and improving regulatory alignment scores by 25%.
- Managed 3 concurrent audit engagements with zero deadline overruns, delivering all reports within contracted timelines.
- Authored strategic reports adopted by CISOs to reshape compliance roadmaps and prioritize risk mitigation budgets.
Senior Cybersecurity Consultant @ ITS
2022 - 2023
- Assessed cybersecurity postures of SABIC (global operations) and ACWA Power, delivering targeted mitigations that improved audit scores by 20% within one quarter.
- Developed and enforced 15+ policies aligned with NCA ECC and ISO 27001, raising organizational compliance maturity from Level 2 to Level 3.
- Designed and led executive and staff-level security awareness programs reaching 500+ employees, reducing phishing click-through rates by 45%.
- Launched a data privacy consulting service from zero, building PDPL assessment tools and frameworks that generated new revenue and expanded the client base by 3 accounts.
Information Security Developer (GRC) @ General Authority for Statistics
2021 - 2022
- Completed NCA ECC/TCC training and implemented 25+ internal controls mapped to national cybersecurity standards, contributing to the organization's first compliant assessment.
- Delivered security awareness sessions to 300+ staff, resulting in a 35% improvement in phishing simulation pass rates within 3 months.
- Managed cybersecurity tool configurations (SIEM, vulnerability scanners) and maintained compliance documentation, ensuring audit-readiness across 4 review cycles.
Owner, Manager @ Mr.Wireless
2017 - 2020
- Founded and scaled a consumer electronics business to profitability within 18 months, overseeing operations, vendor management, and PCI DSS compliance for payment processing.
- Automated inventory tracking and sales workflows, reducing stock discrepancies by 70% and improving customer turnaround time.
Education
BSc in Information Technology | DePaul University
2013 - 2017
Cybersecurity bootcamp | SDA
01/2021 - 06/2021
Certificates:
Security+ (SY0-601) (Track 1)
Cybersecurity Analyst (CySA+) (Track 2)
CEH (Track 3)
Hands-On Technical Skills
Beyond governance and strategy, I maintain sharp technical skills through my Security Lab | 17 interactive cybersecurity demonstrations covering network reconnaissance, web application attacks, cryptography, and compliance frameworks.
Volunteer Experience
Web Developer, E-commerce and Mentor @ Kuumba Lynx
2016 - 2017
- Led project team members supervising the Gantt chart assuring accuracy and efficiency.
- Designed and developed a user-friendly website based on client’s needs.
- Developed and managed an E-Commerce section.
- Trained clients to use and maintain the website.
- Created how-to documents for reference.
Web Developer @ Cambodian Association of Illinois
2015 - 2016
- Designed and developed a user/mobile-friendly website based on clients’ needs along with a fully functional donation section.
- Migrated all content/databases to the new website.
- Trained clients to use and maintain the website.
- Created how-to documents for reference.
Industry Experiences & Prime Clients
Topic: Data Privacy: Key insights, approaches, challenges and pitfalls, recommendations.
Speaker at MENA ISC 2022
Oil, Gas, Energy
Acwa Power
Fintech
Raqamyah
Public & Government Sector
General Authority for Statistics
Oil, Gas, Energy
SABIC (Local and International Regions)
Public & Government Sector
Al Madinah Region Development Authority
Finance
AlJabr Finance