GRC Expert at Oman Arab BankConduct Risk Assessments: Lead comprehensive risk assessments to identify, evaluate, and prioritize risks, ensuring that effective controls are in place to mitigate critical business vulnerabilities.Develop and Implement Compliance Programs: Create and enforce compliance programs that align with regulatory standards and industry best practices, ensuring continuous adherence and minimizing compliance risks.Design Governance Frameworks: Establish governance frameworks to guide decision-making, improve accountability, and foster a culture of risk-awareness and compliance within the organization.Policy and Procedure Development: Develop, review, and update policies and procedures to ensure consistency, regulatory compliance, and alignment with organizational objectives.Internal Audits and Control Testing: Conduct audits and control testing to assess the effectiveness of internal processes and identify areas for improvement, thereby strengthening internal controls.Risk Mitigation and Incident Response Planning: Design and implement risk mitigation strategies, including incident response plans, to prepare for and minimize the impact of potential security incidents.Regulatory Change Management: Monitor and respond to regulatory changes, updating organizational policies and practices as needed to maintain compliance with evolving legal requirements.Training and Awareness Programs: Lead training and awareness programs to educate employees on risk management, compliance responsibilities, and best practices for maintaining a secure and compliant environment.Data Privacy and Protection Compliance: Ensure data protection and privacy compliance, particularly with GDPR, CCPA, or other applicable regulations.Vendor Risk Management: Evaluate and manage third-party risks by conducting vendor risk assessments, ensuring they adhere to organizational policies and regulatory requirements to protect against external threats.

• Lead multiple clients with IRM / GRC engagements.• Developed my own GRC software embedded with artificial intelligence and Robotic Process automation• Implementing security program that achieved ISO27001 and PCI-DSS compliance• Implementing Information Security Risk Management framework ISO 27005• Directed in-house cyber security auditing program to detect flaws and weaknesses in various applications• Oversaw network architecture and security, defining policies and procedures for successful operations.• Conducted ongoing threat monitoring and targeted audits on systems.• Created cybersecurity best practice communications to educate staff against known threats and potential vectors of attack.• Participated in creation of device hardening techniques and protocols.• Designed company-wide policies to bring operations in line with Center for Internet Security (CIS) standards.• Authored security incident reports, highlighting breaches, vulnerabilities and remedial measures.• Recommend improvements in security systems and procedures.• Conducted security audits to identify vulnerabilities.• Conduct VAPT including black box Penetration testing• Expert in using KALI Linux

• Responsible for Information Security Governance and compliance within the organization• Partnered with security professionals to identify and address problems through incident validation and action synchronization.• Performed risk analyses to identify appropriate security countermeasures.• Architected systems to minimize potential intrusion points and overall security weaknesses.• Conducted security audits to identify vulnerabilities.• To provide inputs in developing and finalizing the security strategy for Omantel and its associate companies in line with the identified business objectives and focus areas.• Responsible for Risk Assessment including maintaining of Risk Register, asset register and treatment of Risks• Creation and maintenance of threat and vulnerability database• Access the Security Maturity Model of SOC and provide practical solutions• Creation and updating of minimum baseline security template for Systems being used in telco domains, including servers, routers, switches, operating systems, databases and applications• Responsible for aligning ISMS goals with Business goals and providing strategic direction and support in establishing, implementing, operating, monitoring, reviewing, and improving the ISMS.• Plans and implements programs on security awareness and training for employees and vendors of Omantel in coordination with the Training department under HR

To contribute to the development of IT & Telecom Network audit strategy for Omantel and its associate companies in line with the business objectives and focus areas. To assist in finalization of the annual internal audit plan. To lead a team for the timely execution of the annual IT & Telecom Network audit plan. To develop and drive adherence to the processes and procedures for effective conduct of IT & Telecom Network audit that provides assurance to the management about the effectiveness and efficiency of the IT & Telecom networks.Key Areas• To provide inputs in the development and finalization of IT & Telecom network audit strategy for Omantel and its associate companies in line with the identified business objectives and focus areas. • To communicate the technology audit strategy to the team and effectively plan for the resources.• To lead the design, development and implementation of the processes and procedures for the effective conduct of IT & Telecom network technology audit in line with ISO and other leading standards.• Prepare the annual audit plan after understanding the ERM framework in Omantel.• To oversee and provide inputs in finalizing the detailed annual internal audit plan consisting of audit objective, scope of coverage, review period, resource allocation and budgeted effort, project goals and expectations in close consultation with SM- Technology Audit• To lead the team and drive adherence to the finalized annual audits plan for IT network department.• To effectively plan for the resources and highlight surplus /shortages to SM – Technology to enable smooth execution. • To drive the implementation of IT & Telecom network audit methodology, standards and guidelines and identify non-compliance.• To research and be updated in industry best practices to apply in audit execution procedures.• To work on Audit tools like ACL and data analysis to define data logic and guide the team on data analysis techniques.

Ernst & Young is a global leader in professional services and working since 1974 in sultanate of Oman. Followings were my job responsibilities in E&Y:Conduct the security and network audits of enterprise level networks and telecom company’s network infrastructures.Handling the routing/switching and security projects. Conduct the Network routing switching trainings for corporate customers and within the team.Business continuity plan and disaster recovery solution to customersReview and verify the network security / routing and switching audit reports. Provide consultancy in deployment of new network from scratch to endConfiguration of active network devices Configuration review of router, switches and firewallsDeployment of new network monitoring systems Integration of complex IT systems including routers, switches, firewall and servers.

On the behalf of Cyber internet Services provider i was working in Network Services department of Warid Telecom, the fastest growing telecommunication firm in Pakistan, managing the EDN (Enterprise Data Network). Being a team lead of Waridnoc I am managing 24x7 network operations.

Designation: Senior Pie support Engineer Client: ITI Division MOST (PTCL) Government of PakistanServices: Pakistan Internet exchange is Advanced Internet service provider. All the big ISP’s are Clint of PIE. Pakistan internet exchange provide Clear pipe bandwidths to his Clients on high Speed inter-city ATM backbone. WAN Design: Cisco BPX 8620/MGX 8850 ATM switches for layer 2 inter-city connectivity over redundant E3 links and 2-4 Cisco 7513s in each city for layer 3 inter-city connectivity. International STM-1 connectivity from Karachi to STIX with 2 E3 links, one to CONCERT over satellite and second to EMIX over fiber, as redundant. BGP being used as the Inter AS routing protocol and OSPF as IGP.Troubleshooting: ATM trunk troubleshooting, Serial down or line protocol down problem, Issues of dual homing, Router memory crashes, VLAN, SPAN, MRTG, RRD and web server management, security issues.