Welcome to QI-Lab (Quantz Innovations Lab FZE), where we're redefining the future of digital excellence. Led by Dr Tabish Asifi, a thought leader in Digital Transformation, Governance, and Risk, the mission of QI-Lab is to empower businesses to navigate the complexities of today's digital landscape through the power of Automation and Innovation. With over 20 years of multinational consulting and industry experience in the GCC region, including pivotal roles at Deloitte, GT, and MAF, Tabish has successfully spearheaded over $500 million worth of transformative IT initiatives over his career.Recognized as a catalyst for enterprise transformation and a respected member of the UAE Ministry of Economy’s CIO Majlis, Tabish and the team at QI-Lab are committed to delivering measurable impact and sustainable growth. Whether you're seeking to enhance your IT Governance, embark on a digital transformation journey, or innovate with cutting-edge AI-driven products, QI-Lab will be your partner in achieving unparalleled digital success.Let's transform the future together.

As the Principal Consultant & Advisor at Credo Technology, I specialize in delivering strategic advisory and consulting services in the realms of AI-driven solutions and IT Governance, Risk, and Compliance (GRC). My role involves guiding organizations in adopting cutting-edge AI technologies while ensuring compliance with industry standards and regulatory frameworks. By leveraging deep domain expertise, I help clients mitigate risks, enhance operational resilience, and optimize governance practices, driving sustainable digital transformation.Key Responsibilities:Develop and implement AI and IT GRC frameworks for enterprise clients.Advise on AI adoption strategies while ensuring regulatory compliance.Lead risk assessments, audits, and compliance initiatives to align IT systems with industry standards.Partner with senior leadership to deliver tailored solutions that address complex governance challenges.This role enables me to merge technology with strategic governance to create impactful, compliant, and forward-thinking business solutions.

STRATEGIC• Lead the definition, implementation, and communication of the organisation’s IT strategic frameworkand direct the creation and review of an IT strategic plan to support business requirements.• Establish appropriate guidance to enable transparent IT related investment decision-making.GOVERNANCE• Lead the establishment and maintenance of a function that provides a consistent and integrated approach to IT governance in line with the organisation's corporate governance requirements.• Development of IT Governance Strategy and Roadmap for the MAF Holding with respect to its DigitalTransformation aspirations.• Identify and resolve key IT / Technology function related governance issues across the group withsupport from the CIO forum and Digital council. DIGITAL TRANSFORMATION• Develop a portfolio of Digital Transformation Projects across the group with well-defined criteria forqualifying and prioritization.• Develop a strategic direction for a cohesive digital transformation initiative at the group level (withoversight by Holding and potentially operated by a Shared Service Centre for all opcos).• Develop a roadmap for implementing, the overall digital strategy, with support from the business andtechnology executive leaders across the group.SHARED SERVICE ORGANIZATION• Assessment of the feasibility of a shared service centre [SSC] model for the IT function across MAF.• Engage with consulting firms as and when required to develop a business case for the feasibility of anSSC for IT function which can be shared with the Board and Executive Council.MISC OTHERS• Engage with, and influence, relevant top-level business stakeholders to obtain organisational commitment to IT strategy roadmaps.• Handle Executive level workshops for the biannual Technology familiarization program of MAF.

I provide specialized advisory & consulting in below mentioned areas (aligned with standards like NESA, ISR, ADSIC , ISO 27001, NIST, ISO 20000, PCI DSS, ITIL v3 & COBIT 4/5):• IT Governance Strategy and Road-map Development (for both IT and ICS environment)• IT Audit and Information Risk Assessments (for both IT and ICS environment), • Alignment with IT best practices (ISO, ITIL) and UAE regulatory requirements (NESA)• IT Governance and Value reporting (Cobit 4 or 5)• ICS specific cybersecurity solutions and consultingHave been engaged in high value government projects related to Cyber-security , Information Risk Assessment and NESA/ISO 27k compliance (some of my recent projects- completed / ongoing):# ADWEA (Abu dhabi)# TAKREER (Abu dhabi)# ADGAS (Abu Dhabi)# FEWA (Ajman)# ADNOC (Abudhabi)# RTA (Dubai)# HSBC (Dubai)FEW RECENT INNOVATIONS:# Developer of "Cyberstrat- A GRC Gaming Workshop/ Model" based on experiential learning, for senior executives.# Developer of UAE information security standards based GRC automation platform with advanced analytics.# Developer of the first fully functional distributed Ultra-portable Vulnerability scanner (U-VAS).QUICK OVERVIEW OF PROFESSIONAL BACKGROUND:Having worked with companies like Deloitte , Grant Thornton , EmiratesNBD Bank and large conglomerates like Algosaibi group (KSA), Rolaco group (KSA), Aal Mir group (Dubai) etc in the IT domain for the last 16 years within the GCC region, I bring the best of what I have learnt over the years working with world-class​ companies combined with localized experience, to all my consulting projects. With my extensive exposure in recent years to major industrial sectors (like Oil and Gas , Utility ) specially within UAE , I can convincingly position myself as one among the few global cybersecurity consultants who can effectively understand and address cybersecurity challenges in an ICS (Industrial Control Systems) environment.

KEY RESPONSIBILITIES:• Was responsible for the transformation and alignment of the group and its subsidiaries with the leading Global IT standards. • Significant focus was on improving the posture of the organisation in terms of operational excellence, and IS risk exposure. • It included development of an enterprise governance model, in alignment with business priorities, as well as development and implementation of IT policies, standards, and controls in compliance with applicable local and global security regulations and standards (ITIL, ISO 27001, SANS 20 and COBIT 4).SIGNIFICANT ACHIEVEMENTS:• Was recognized across the group as an outstanding performer for 2015 and received significant reward and recognition.• Moved the group IT function, in the last 2 years, from an ITSM process maturity rating of 1.53 to a level of 3.20 on a scale of 5.00. (accessed and reported by an independent Dubai-based vendor- UniG.)• Pioneered 4 major IT transformation projects across the group in the last 2 years– One at head office and three other projects related to its major subsidiaries - GFC (FMCG domain) , IACC (Logistics domain) and GAC (shipping industry).• Was instrumental in the successful implementation of ECS (Microsoft cloud based solutions) across the group to achieve 95% and above license compliance, streamlined and transparent procurement, reduction of licensing cost by 30% and achieving a 99.9% reliability on email services, with a significant improvement in the security posture of the associated email and collaboration services.• Developed an ISO aligned risk management and assessment program that was metric driven and IT service focused and adapted for the maturity level of the organization , acknowledging the existing constraints. It not only encouraged Team spirit but also took care effectively of the typical disconnect and conflict of interest which is there between IT Ops and IT security. [details available for discussion]

KEY RESPONSIBILITIES:• Responsible for the compliance and risk management of the IT function for all Deloitte FAS offices in the region.• Responsible for development of Security Road-map & strategic IT security plan aligned with the guidelines and standards from Deloitte UK .• Implementation of incident and change management practices for the IT operations.SIGNIFICANT ACHIEVEMENTS:• Was part of Deloitte's global Wide Area Network (GWAN) Initiative. Successfully helped in implementation of it across all the Deloitte FAS offices (UAE, Kuwait, KSA) within a year with full compliance to the security control requirements.• Developed a proper Disaster Recovery Plan from scratch. Got the acceptance from the regional Deloitte compliance group in UK and the Deloitte FAS offices were certified as being compliant on DR.• Helped in the development and implementation of a secure print and document management system in partnership with XEROX for the regional Deloitte FAS offices. It helped the company with a secure, highly available and efficient printing infrastructure and also resulted in an annual savings of around 1 million AED. It was scaled up to other member firms in GCC, seeing the benefits.• Designed a secure Network Blueprint for HSBC data hosting project of Deloitte Forensic department, satisfactorily addressing the security concerns highlighted by HSBC evaluation team.• Completed a proof of concept project along with the Deloitte middle east CIO, for the Deloitte and India Joint venture office (DIJV) in mumbai. It involved our office acting as the data hosting and processing center for all UK based projects which was to be handled by the Indian deloitte team remotely. I presented a simplified , secure and cost effective alternative in record time with a working PoC (viz a viz what UK team were proposing). My proposal was preferred and I got appreciation from the DIJV team head and the Deloitte regional CIO as well. (references available)

I did IT Audits and IT Advisory engagements for their clients under the specialist advisory services department. Some of the major ones were - Dubai RTA (ISO 27001) and AW Rostamani group (pre ERP Audit to asses’ readiness of the business in terms of the needed process maturity, skills gap, systems upgrade and resource costs), IS Systems (Governance Risk Compliance) GRC Audit for Taleem Group and SinoGulf.

As an IT Admin (Auto Loans Dept.) I was responsible for the IT operations and support for the department and Compliance with the overall Bank IS Security policy and procedures. I also played a key role in many of the technology-centric projects being implemented across the retail banking departments (not just limited to Auto loans).Some of the most challenging projects were- deployment of their new Debt Collection systems, online Cheque deposit system (for commercial loan clients), content management system for maintaining an up-to-date client info (with CRM functionalities).

My main focus area was on providing consultative role in Data network related projects. I was primarily involved in Capacity planning, Network design and documentation, System security and Audit and also occasionally in providing second level incident management support. Got a lot of exposure to best practices for handling complex, multisite, technology-intensive projects.