Asfand Yar

Cybersecurity GRC & Data Protection Consultant | PDPL Compliance | SOC Operations | Risk & Compliance

Jeddah, Makkah, Saudi Arabia

About

Cybersecurity GRC, Data Protection, and SOC professional with 6+ years of experience across compliance, risk management, SOC operations, privacy assessments, incident response, security governance, and policy/procedure development. I have worked on PDPL compliance assessments, ISO 27001 aligned control reviews, PCI DSS related control reviews, cybersecurity gap assessments, SOC monitoring, policy and procedure drafting, and regulatory readiness initiatives from small to large and complex organizations. My current focus includes PDPL compliance, privacy governance, risk assessments, cybersecurity control validation, governance documentation, and practical remediation planning to help organizations strengthen compliance posture.

Experience

  • Data Protection Consultant at Self Employed / Contract
    Sep 2025 - Present · 11 mos

    Delivering cybersecurity governance, privacy, and KSA PDPL compliance engagements through consulting partnerships. My work includes conducting departmental assessments across aviation, manufacturing, logistics, corporate services, and government-affiliated organizations; evaluating personal data processing activities, access controls, retention practices, third-party sharing, cross-border transfers, and security measures; and preparing gap assessments, risk and impact statements, remediation recommendations, ROPA inputs, DPIAs, data-flow assessments, and management presentations. I also support the development and review of privacy policies, procedures, notices, consent mechanisms, data processing agreements, and broader governance frameworks.

  • Community Volunteer at THINCS-CORP
    Apr 2022 - Present · 4 yrs 4 mos

    Content Contributor

  • Assistant Director - Cyber Security Compliance at NADRA Pakistan
    Feb 2025 - Aug 2025 · 7 mos

  • HBL Microfinance Bank LTD ()
    • Lead Cyber Security Operations Center
      Jul 2024 - Feb 2025 · 8 mos

      ✓ Successfully defended against spoofed phishing attacks through enhanced email security protocols, configurations and employee awareness training. ✓ Maintained a 100% audit compliance record by promptly addressing and resolving all identified issues and areas of improvements. ✓ Empowered management with Cyber SOC insights through the development of intuitive and informative dashboards. ✓ Optimized the performance of 4+ security tools through comprehensive gap assessments and configuration enhancements. ✓ Proactively identified and neutralized multiple threats originating from the dark web, protecting sensitive data and employee credentials.

    • Assistant Manager - Information Security GRC
      Jul 2023 - Jul 2024 · 1 yr 1 mo

      ✓ Ensured compliance with PCI DSS, ISO 27001, and multiple regulatory circulars including BPRD Circular 4 and ETGRMF. ✓ Supported CISO in developing documentation and SOP(s) to align with industry best practices and regulatory requirements. ✓ Developed and maintained trackers for better reporting and enhanced information management. ✓ Prepared and delivered reports and presentations for management, including board and management packs. ✓ Managed vendor communications and handled budget-related activities. ✓ Conducted compliance reviews of information security policies to ensure effective implementation. ✓ Improved risk assessment criteria for identifying and mitigating vulnerabilities in the bank's digital assets. ✓ Performed threat intelligence activities, including the collection and analysis of historical and current industry attacks to identify improvement opportunities. ✓ Supported internal and external audits (SBP), ensuring compliance and readiness. ✓ Proud to be part of the team for achieving PCI DSS certification, working diligently to ensure the fastest compliance in the industry by mitigating gaps as identified by QSA.

    • Assistant Manager - Network Security
      Jul 2022 - Jul 2023 · 1 yr 1 mo

      - Organized engaging security awareness workshops to help staff recognize and avoid phishing and social engineering threats. - Worked closely with various departments to make sure everyone understood and followed information security policies and procedures. - Reviewed Network & infrastructure to ensure it met information security standards, policies & regulatory requirements. - Formulated Security Hardening Baseline Document for Linux, Windows, ATM(s) & Database. - Performed Regulatory Compliance reviews. - Performed periodic access reviews to prevent and address unauthorized or unregulated access risks. - Performed vulnerability assessments and configurations reviews on network devices to identify and remediate information security gaps.

  • Telenor Microfinance Bank Limited (10 mos)
    • SOC Analyst
      Dec 2021 - Jul 2022 · 8 mos

      Worked in Easy Paisa (Telenor Microfinance Bank) as SOC Analyst L1 and looked after the following activities: ✓ Monitoring Security Alerts & Log Analysis ✓ Threat Hunting & Events Investigation ✓ Phishing Emails and Malware Analysis ✓ Initiating Threat & Vulnerability Advisories ✓ Performing Vulnerability assessment and testing of network and application. ✓ Also worked with other IS Units (IS Governance) because of interest - Gap Assessment of IT Asset Inventory ✓ Reviewing and granting access requests & maintaining trackers for access requests.

    • IS Intern
      Oct 2021 - Dec 2021 · 3 mos