Jeddah, Makkah, Saudi Arabia
Cybersecurity GRC, Data Protection, and SOC professional with 6+ years of experience across compliance, risk management, SOC operations, privacy assessments, incident response, security governance, and policy/procedure development. I have worked on PDPL compliance assessments, ISO 27001 aligned control reviews, PCI DSS related control reviews, cybersecurity gap assessments, SOC monitoring, policy and procedure drafting, and regulatory readiness initiatives from small to large and complex organizations. My current focus includes PDPL compliance, privacy governance, risk assessments, cybersecurity control validation, governance documentation, and practical remediation planning to help organizations strengthen compliance posture.
Delivering cybersecurity governance, privacy, and KSA PDPL compliance engagements through consulting partnerships. My work includes conducting departmental assessments across aviation, manufacturing, logistics, corporate services, and government-affiliated organizations; evaluating personal data processing activities, access controls, retention practices, third-party sharing, cross-border transfers, and security measures; and preparing gap assessments, risk and impact statements, remediation recommendations, ROPA inputs, DPIAs, data-flow assessments, and management presentations. I also support the development and review of privacy policies, procedures, notices, consent mechanisms, data processing agreements, and broader governance frameworks.
Content Contributor
✓ Successfully defended against spoofed phishing attacks through enhanced email security protocols, configurations and employee awareness training. ✓ Maintained a 100% audit compliance record by promptly addressing and resolving all identified issues and areas of improvements. ✓ Empowered management with Cyber SOC insights through the development of intuitive and informative dashboards. ✓ Optimized the performance of 4+ security tools through comprehensive gap assessments and configuration enhancements. ✓ Proactively identified and neutralized multiple threats originating from the dark web, protecting sensitive data and employee credentials.
✓ Ensured compliance with PCI DSS, ISO 27001, and multiple regulatory circulars including BPRD Circular 4 and ETGRMF. ✓ Supported CISO in developing documentation and SOP(s) to align with industry best practices and regulatory requirements. ✓ Developed and maintained trackers for better reporting and enhanced information management. ✓ Prepared and delivered reports and presentations for management, including board and management packs. ✓ Managed vendor communications and handled budget-related activities. ✓ Conducted compliance reviews of information security policies to ensure effective implementation. ✓ Improved risk assessment criteria for identifying and mitigating vulnerabilities in the bank's digital assets. ✓ Performed threat intelligence activities, including the collection and analysis of historical and current industry attacks to identify improvement opportunities. ✓ Supported internal and external audits (SBP), ensuring compliance and readiness. ✓ Proud to be part of the team for achieving PCI DSS certification, working diligently to ensure the fastest compliance in the industry by mitigating gaps as identified by QSA.
- Organized engaging security awareness workshops to help staff recognize and avoid phishing and social engineering threats. - Worked closely with various departments to make sure everyone understood and followed information security policies and procedures. - Reviewed Network & infrastructure to ensure it met information security standards, policies & regulatory requirements. - Formulated Security Hardening Baseline Document for Linux, Windows, ATM(s) & Database. - Performed Regulatory Compliance reviews. - Performed periodic access reviews to prevent and address unauthorized or unregulated access risks. - Performed vulnerability assessments and configurations reviews on network devices to identify and remediate information security gaps.
Worked in Easy Paisa (Telenor Microfinance Bank) as SOC Analyst L1 and looked after the following activities: ✓ Monitoring Security Alerts & Log Analysis ✓ Threat Hunting & Events Investigation ✓ Phishing Emails and Malware Analysis ✓ Initiating Threat & Vulnerability Advisories ✓ Performing Vulnerability assessment and testing of network and application. ✓ Also worked with other IS Units (IS Governance) because of interest - Gap Assessment of IT Asset Inventory ✓ Reviewing and granting access requests & maintaining trackers for access requests.