Requests
0
Keep in touch with meI'm using Intch to connect with new people. Use this link to open chat with me via Intch app
Work Background
Zakat, Tax and Customs AuthorityInformation Technology Governance Consultant
Jul. 2025Riyadh, Saudi ArabiaDeveloped and implemented a comprehensive IT Governance & Compliance framework based on COBIT & ITIL 4, ensuring alignment with strategic business objectives. Defined and monitored KPIs, SLAs, and OLAs, improving IT compliance reporting and governance oversight. Conducted enterprise-wide IT risk assessments, identifying control weaknesses, documenting risks, and coordinating remediation plans in line with NCA and ISO requirements. Partnered with internal and external auditors, ensuring successful closure of compliance findings and timely submission of regulatory evidence along with Standard Operating Procedures (SOPs) review. Supported senior leadership in governance maturity assessments, delivering reports and roadmaps to advance compliance posture.
KAFD | كافدData Protection & GRC Consultant
Nov. 2024Riyadh, Saudi Arabia▪ Develop and maintain the GRC framework, aligning it with organizational goals and regulatory requirements to enhance the security posture. ▪ Lead risk assessment activities and ensure effective mitigation strategies are in place. ▪ Prepare documentation for NCA (ECC, CSCC, DCC) regulatory authority. ▪ Implement and manage data privacy policies and procedures in compliance with regulations (SDAIA & NDMO and PDPL). ▪ Conduct data privacy impact assessments (DPIA) and advise on data protection risks. ▪ Develop and implement a comprehensive data classification framework that aligns with organizational and regulatory requirements. ▪ Classify data according to its sensitivity (e.g., confidential, restricted, public) and establish protocols for handling each data class. ▪ Ensure proper labeling and categorization of sensitive information such as PII, financial, intellectual property, and regulated data. ▪ Collaborate with IT and security teams to ensure proper access control mechanisms are in place based on data classification. ▪ Provide ongoing training and education to employees on data classification standards and protocols. ▪ Assist in the development and implementation of data governance policies and procedures. ▪ Participate in security risk assessments and audits, ensuring compliance with data privacy and classification guidelines. ▪ Develop and deliver training programs to staff on data privacy and classification protocols. ▪ Raise awareness about the importance of data privacy and classification across all departments. ▪ Work closely with the Information Security team to align GRC practices with security measures. ▪ Monitor emerging threats and coordinate risk management strategies. ▪ Support the implementation of technical controls for data protection and risk mitigation.
ZainTECHGRC Consultant
Apr. 2023 - May. 2025Riyadh, Saudi ArabiaDevelop and participate in implementation of ISO 27001: 2022 initiatives Implement and drive activities related to risk reduction, governance and compliance. Collaboration with internal and external auditors for regulatory compliance. Deep understanding and knowledge of NCA, SAMA & ISO 27001 controls, including documentation development, implementation and audits handling. Provide recommendations to improve organizational security posture through process improvement, policy automation and continuous evolution of capabilities. Conduct risk and exception assessments by assessing multiple inputs from internal/external sources. Conduct due diligence assessments on third party vendors using supply chain risk management practices. Implement GRC function to automate and continuously monitor information security controls, exceptions, risks reporting metrics, dashboards and evidence artifacts. Interview various stakeholders across the organization to determine security controls implementation and to verify its effectiveness.
Zain KSACybersecurity GRC Consultant
Apr. 2023 - Oct. 2024Riyadh, Saudi ArabiaDirected the ISO 27001:2022 rollout, including risk treatment plans, control testing, and audit readiness; achieved certification with zero major non-conformities. Developed and implemented cybersecurity governance policies, procedures, and RACI matrices aligned with NCA and SAMA CSF relegations, strengthening organizational accountability and compliance maturity. Provided management with NCA compliance scorecards, risk posture reports, and maturity assessments, supporting informed decision-making and continual improvement initiatives. Automated compliance monitoring dashboards and GRC tool integrations, reducing audit cycle time and improving visibility into risks and exceptions. Coordinated with internal & external auditors to ensure timely closure of compliance gaps, improving audit performance and regulatory readiness. Performed third-party/vendor compliance assessments, identifying control gaps and ensuring supplier alignment with data protection requirements. Designed and enforced cybersecurity governance policies supporting continuous compliance improvements and regulatory alignment. Supported BCM team in their documentation and internal audit initiatives aligned with NCA and ISO 22301.
King Faisal Specialist Hospital and Research CenterInformation Security Consultant
Mar. 2019 - Mar. 2023Riyadh, Saudi ArabiaLeading the best practice of delivering cybersecurity consultation services covering cybersecurity governance, risk management, compliance and standards. Aligning delivery approaches, recommendations and strategies with multiple frameworks and regulatory standards, including Saudi’s NCA Cybersecurity Controls, in addition ISO 2700X. Conduct end-to-end cybersecurity risk and compliance assessments based on the organization’s methodologies and internationally recognized standards (e.g. NIST and ISO). Interview stakeholders for completing the scoping questionnaires and assessments to understand, analyze and document cybersecurity-related practices and processes. Compare and benchmark different solutions and technologies to propose the best-fit advice to the management. Write and develop required cybersecurity documentation, including charts, policies, procedures, standards, frameworks and strategies. Effectively write and communicate assessment and compliance engagement reports to provide technical and management recommendations. Develop client-tailored cybersecurity strategies in accordance to their vision and objectives, and identify security-related opportunity areas. Supporting organization to improve and transform its businesses securely and achieve corporate excellence in their cybersecurity program.
King Faisal Specialist Hospital and Research CenterCyber Security Specialist
Mar. 2019 - Mar. 2023Riyadh, Saudi ArabiaLeading the best practice of delivering cybersecurity consultation services covering cybersecurity governance, risk management, compliance and standards. Aligning delivery approaches, recommendations and strategies with multiple frameworks and regulatory standards, including Saudi’s NCA Cybersecurity Controls, in addition ISO 2700X. Conduct end-to-end cybersecurity risk and compliance assessments based on the organization’s methodologies and internationally recognized standards (e.g. NIST and ISO). Interview stakeholders for completing the scoping questionnaires and assessments to understand, analyze and document cybersecurity-related practices and processes. Compare and benchmark different solutions and technologies to propose the best-fit advice to the management. Write and develop required cybersecurity documentation, including charts, policies, procedures, standards, frameworks and strategies. Effectively write and communicate assessment and compliance engagement reports to provide technical and management recommendations. Develop client-tailored cybersecurity strategies in accordance to their vision and objectives, and identify security-related opportunity areas. Supporting organization to improve and transform its businesses securely and achieve corporate excellence in their cybersecurity program.
Arabic Computer SystemsInformation Security Engineer
Feb. 2012 - Feb. 2019Riyadh, Saudi ArabiaAdministrate Symantec AV to investigate relevant incidents with team coordination. Post analysis performing of incident root cause and reporting with recommendations. Proactive research to identify and understand new threats, vulnerabilities, malware and exploits. Monitor Security Devices Active Channels in Arc-Sight and creating tickets for any malicious alerts/events Follow the day-to-day operations to ensure continuity of work Monitor and analyze events using multiple security technologies, such as SIEM, IDS/IPS etc.
Al Rajhi BankInformation Security Analyst
Jan. 2012 - Aug. 2012Riyadh, Saudi ArabiaAdministrated the following products • McAfee Email Gateway (Iron Mail), a comprehensive email security solution for Secure Web Delivery • McAfee Vulnerability Manager (MVM) for vulnerability scanning and assets discovery and technical report writing on the basis of data collected.
IT MatrixService Delivery Engineer
Jun. 2010 - Aug. 2012Riyadh, Saudi ArabiaOn behalf of IT Matrix outsourcing engineer, I worked on various projects at the following sites, • Riyad Bank, Saudi Arabia: Administrating the McAfee Anti-Virus (McAfee ePolicy Orchestrator “ePO”), a centralized security management solution along with the client’s management. Administrating the McAfee Group Shield, an email security system for Microsoft Exchange Servers and reviewing its security policies as per organization requirements. Administrating the McAfee Host DLP & Device Control to protect data from removable devices. • Saudi Hollandi Bank, Saudi Arabia: Wireless Scanning through dedicated tools in the banking premises with the report generation on the basis of logged data. Troubleshooting McAfee Endpoint Encryption for File & Folders. • Al-Marai & NADEC, Saudi Arabia:: Troubleshooting WatchGuard Firewall and Secure Mail Matrix (SMM) a software based corporate email firewall
eircomTechnical Support Engineer
Apr. 2005 - Apr. 2007Dublin, IrelandProvide telephone, e-mail and chat technical and customer support based on various software packages. Responsible for delivering timely, accurate technical answers and providing a high degree of customer service satisfaction Achieve and maintain Service and Sales level statistics as defined. Effective use of the systems and tools available to the support centre Track & document customer & problem information in call tracking database
Intch is a Professional Networking App for the Future of WorkSee more people like Muhammad on Intch
300k+ people
130+ countries
AI matching
Get Intch if you'd like to
1021988 people
15
Senior Projects Control Manager
15
Behavioral Economist @ Doughit
16
Senior Software Architect / Principal Senior Software Engineer @ QBS Software
272408 people
15
Senior Projects Control Manager
16
Senior Software Architect / Principal Senior Software Engineer @ QBS Software
19
Consultant/Project Manager @ KPMG