Close modal
profile-image

Azzam Ahmed

Cyber Security GRC Consultant
  • email me@azzamahmed.com
  • language www.azzamahmed.com
  • azzamxp@hotmail.com
  • phone +966 509233663
  • place Riyadh, Saudi Arabia

Hello! As a seasoned Senior Cyber Security GRC Specialist, highly proficient in conducting comprehensive risk assessments, identifying critical vulnerabilities, and implementing robust controls to safeguard organisational assets. With a proven track record of facilitating regulatory compliance, including obtaining approvals from esteemed entities such as the Saudi Arabian Monetary Authority (SAMA), Poised to excel in a Senior Cyber Security GRC Specialist role. Demonstrable in orchestrating successful security reviews for new applications and features, coupled with the ability to navigate complex GRC frameworks, which positions perfectly for the Senior Cyber Security GRC Specialist position. Furthermore, has active membership in the change advisory boards, which underscores my commitment to maintaining a proactive and collaborative approach to security governance, making me a strong candidate for the Senior Cyber Security GRC Specialist role.

Education

Bsc in Computer Science (Honors)
University of Gezira

I completed my preparatory education from this prestigious institution. I successful completed all the credits without any fallout.

R
Red Hat Linux System Administrator 1 & 2 & 3
Red Hat
(Certificate of Participation)

S
CISSP
Infnite Skills Inc

i completed CISSP course and now preparing for taking exam.

C
Certified Ethical Hacker (CEH V9)
Ec-council
Certification Number: ECC10865195783

Passed CEH exam!

EC-Council Certified Security Analyst (ECSA V9)
EC-Council
Certification Number: ECC28026556108

I got ECSA Certified after i solving 12 challenges, writing penetration testing report and pass the exam.

C
Certified Red Team Professional (CRTP)
PentesterAcademy
STID: ADLID1689

Passed a 24 hours of Practical exam at "Active Directory Attack-Defense Lab" and present penetration testing report.

C
CRISC
ISACA
Certification Number: 232238504

i completed ISACA reqirenments to get CRISC certification, this include prerequsite professional experience, adherence to the ISACA code of professional ethics and the CRISC continuing profesional education policy and passage of the CRISC exam.

Skills

Professional
Penetration Testing
90%
Security Analyst
90%
Risk Assessment
90%
Linux System Engineering
90%
Bash Scripting
85%
PHP + ASP.NET
90%
HTML + CSS + JS
85%
VB6 + VB.NET
80%
Perl + Python
80%
Personal
Communication
90%
Teamwork
85%
Creativity
92%
Dedication
90%
Leadership Skills
90%
OS & Software
Kali Linux
90%
Burp Suite
90%
Wireshark
90%
WINDOWS AD
80%
MySQL
85%

Experience

H
Linux Servers Administrator & Security
HostUsZone - Khartoum
Mar 2012 - Dec 2017

• Deployed, configured and maintained Linux server systems to meet the organisation's requirements, which included selecting the appropriate Linux distribution, setting up network parameters and configuring essential services such as 3 new Linux web servers (Apache, PHP, MySQL, CPanel).
• Implemented security measures to safeguard Linux servers against potential threats. This involves applying security patches, configuring firewalls, managing user access and privileges and regularly conducting security audits to identify vulnerabilities.
• Continuously monitored server performance, resource utilisation and identified potential bottlenecks. Implemented performance tuning strategies to ensure servers operate efficiently and can handle the organisation's workloads.
• Established and managed backup solutions to protect critical data and server configurations. Developed robust recovery procedures to minimise downtime in the event of system failures or data loss.
• Managed user accounts, permissions and access control to ensure that users have appropriate levels of access while enforcing security best practices which included enforcing password policies and implementing multi-factor authentication where necessary.
• Identified and resolved server-related issues promptly. Troubleshooting hardware and software problems, analysing system logs and working to prevent recurring issues to maintain server stability.

N
Information Security Officer
National Ribat University - Khartoum
Dec 2017 - Aug 2018

• Took on the responsibility of configuring security settings for a range of 14 servers, encompassing Linux, Windows, AD, mail servers and alongside this, undertook the task of developing comprehensive information security plans and successfully established more than five robust information security policies.
• Was involved in the implementation of Web Application Firewall (WAF), specifically ModSecurity, to enhance the security of our web-based servers. Moreover, effectively configured hardware firewalls such as ASA and StormShield to fortify our defence mechanisms.
• Deeply involved in the intricate task of designing secure networks, systems and application architectures. These efforts contributed significantly to maintaining the integrity of our digital infrastructure.
• Conducted quarterly vulnerability assessments, leveraging automated tools like Nessus and Nmap. This proactive approach helped identify vulnerabilities and threats that could potentially compromise our systems.
• Engaged in manual penetration testing, meticulously evaluating the security posture of our websites and applications. This hands-on testing played a pivotal role in uncovering vulnerabilities that might otherwise have gone undetected.
• Encompassed a comprehensive spectrum of security.

C
Cyber Security GRC Specialist
Continental Jet Services - Sharjah
Feb 2018 - Aug 2021

• Conducted thorough risk assessments for information systems, applications and processes to meticulously identify potential vulnerabilities and threats, ensuring the security landscape was comprehensively analysed.
• Developed multifaceted risk mitigation strategies in close collaboration with cross-functional teams, guaranteeing a comprehensive and well-rounded approach to security that adhered to industry standards and regulatory requirements.
• Continuously monitored and systematically reassessed risks, demonstrating the commitment to maintaining a proactive and adaptable risk posture, effectively responding to the ever-evolving threat landscape.
• Orchestrated the development, implementation and sustained maintenance of a robust framework of information security policies, procedures and standards. These were meticulously aligned with various regulatory frameworks such as ISO 27001, NIST and PCI-DSS, showcasing a dedication to compliance and best practices.
• Conducted internal security audits and in-depth assessments to meticulously evaluate the efficacy of security controls, adeptly identifying areas for enhancement and driving continuous improvement across the security landscape.
• Collaborated seamlessly with procurement and legal teams to meticulously assess vendor contracts, ensuring they met stringent security and compliance prerequisites, safeguarding the organisation's interests and information.
• Established and maintained a highly effective and vigilant vendor risk management program that systematically monitored the ongoing security performance of vendors. This program ensured a proactive approach to vendor relationships while upholding the highest standards of security performance.

A
Senior Information Security GRC Consultant
Al Rajhi Bank - Riyadh
Nov 2021 - Current

• Meticulously conducts risk assessments for more than 65 critical applications. Identifies significant risks, thoroughly analyses potential impacts and strategically recommends appropriate controls to fortify our systems and data against potential threats.
• Conducts thorough risk reviews for new applications and features and obtains the esteemed approval of the Saudi Arabian Monetary Authority (SAMA), ensuring that technology deployments align with the highest regulatory standards.
• Actively reviews and approves over 95 application change requests during the initiation stage, which entails robustly navigating the intricacies of GRC (Governance, Risk and Compliance) approvals for essential documents such as Business Requirement Documents (BRD) and Statement of Work (SOW) documents, ensuring that all changes adhere to the established guidelines.
• Holds a pivotal position in ensuring the pre-deployment approval process within our information security department. Participates in CAB meetings and provides invaluable insights and rigorous security evaluations for proposed changes.
• Manages a significant workload, diligently processed over 3400 requests, spanning diverse categories including firewall configurations, Load Balancer adjustments, IP assignments, hardware requests, copy/cloning operations, VPN setups and critical application changes and ensures that systems remain agile and responsive to the dynamic needs of our organisation.
• Oversees and manages the execution of over 950 security scan tasks, utilising our state-of-the-art Archer (eGRC tool). Identifies vulnerabilities but also plays a crucial role in assigning more than 150 observed findings, ensuring that the team can address and rectify these vulnerabilities promptly.

Contact