Strategic Security Leadership: Drive the development and implementation of comprehensive Information Security strategies, ensuring alignment with organizational goals and regulatory requirements. Spearhead initiatives across Security Governance, Risk Management, and Compliance (GRC) to enhance security postures and mitigate risks.Compliance and Regulatory Expertise: Act as the principal advisor on compliance matters, interpreting and navigating through complex regulations such as SAMA CSF, NCA, ISO 27001, PCIDSS 4 and other pertinent standards. Lead efforts to achieve and maintain compliance, managing audits and ensuring adherence to legal and regulatory frameworks.Risk Assessment and Mitigation: Conduct in-depth risk assessments to identify vulnerabilities and threats. Develop and execute robust risk mitigation strategies, prioritizing resources to address critical risk areas effectively. Facilitate risk management processes, incorporating dynamic risk analysis and mitigation techniques.Security Policy Development: Craft and implement comprehensive security policies, standards, and procedures. Ensure policies are up-to-date, relevant, and in strict alignment with global best practices and regulatory requirements, fostering a culture of security awareness across the organization.Technical Audits and Penetration Testing: Lead technical and process audits, employing state-of-the-art tools and methodologies for network security, vulnerability management, and penetration testing (Web/Mobile). Identify security weaknesses and compliance gaps, providing actionable insights for enhancement.

Strategic Security Leadership: Spearhead cybersecurity strategy, aligning with business objectives and compliance standards (ISO 27001, NESA).Risk Management: Conduct risk assessments, identifying and mitigating vulnerabilities to minimize cyber threats.Compliance and Governance: Oversee adherence to regulatory requirements, enhancing compliance frameworks to include PCI DSS, ensuring data security and integrity.Incident Management: Lead swift incident response initiatives to mitigate impact and maintain operational resilience.Policy Development: Craft and enforce cybersecurity policies and protocols, promoting a secure organizational environment.Team Leadership: Mentor and develop a cybersecurity team focused on excellence and continuous skill advancement.Stakeholder Engagement: Communicate effectively with stakeholders, articulating cybersecurity risks and strategies comprehensively.

In my tenure as a Sr. Information Security Consultant with ISYX Technologies, I led comprehensive Vulnerability Assessments and Penetration Testing (VA/PT) initiatives, alongside performing rigorous Security Audits for a diverse client base across the GCC and India. Specializing in Web Application, Network, and Mobile Application Penetration Testing, my role involved:Diverse Industry Expertise: Successfully delivered critical security solutions to high-profile clients in Banking, Telecom, and Airline industries, among government and private sectors.Comprehensive Security Assessments: Conducted in-depth VA/PT across various platforms to identify vulnerabilities, safeguarding client infrastructures against cyber threats.Strategic Security Audits: Performed detailed security audits, evaluating and enhancing clients' security policies, procedures, and controls to meet stringent compliance standards.Specialized Penetration Testing: Utilized advanced techniques in Web, Network, and Mobile App Penetration Testing to uncover potential security weaknesses, providing actionable insights and remediation strategies.

As an Associate Consultant at Sify Technologies Ltd, I specialized in enhancing clients' cybersecurity posture through comprehensive vulnerability assessments and penetration testing. My responsibilities included:Vulnerability Assessments (VA): Conducting thorough evaluations to identify vulnerabilities across various client infrastructures, ensuring robust security measures are in place.Penetration Testing (PT): Executing detailed penetration tests for clients to uncover potential security weaknesses, simulating real-world attack scenarios.Internal VA/PT: Leading internal assessments to secure our clients’ critical systems and networks against potential threats.Wireless Penetration Testing: Conducting specialized penetration tests on wireless networks to identify and mitigate risks, safeguarding sensitive information.Web Application Penetration Testing (WAPT): Performing WAPT for both internal and external sites, focusing on identifying security vulnerabilities within web applications to prevent potential exploits.

At Mirox Cyber Security & Technology Pvt Ltd, I combined technical expertise and instructional skills to enhance our security infrastructure and educate the next generation of cybersecurity professionals. My key contributions included:Vulnerability Assessments and Penetration Testing: Conducted comprehensive vulnerability assessments and penetration testing to identify and mitigate security risks, safeguarding critical infrastructure.Cybersecurity Education: Led training and mentoring sessions for network administrators, professionals, and students on EC-Council's CEHv6 security protocols, significantly raising the standard of cybersecurity knowledge and awareness.Firewall Implementation: Spearheaded the implementation of advanced firewall solutions to fortify network defenses against external threats.Network Maintenance and Troubleshooting: Managed and resolved complex network issues, ensuring the company’s internal network remained robust and secure.