Abdul Hadi

On SecurEyes behalf, working as on-site full time Cybersecurity Consultant at STCbank. Overseeing the following areas:
• Enhancing the existing cybersecurity risk management of STCbank up to the compliance benchmarks of SAMA CSF, NCA, NDMO and PDPL.
• Conducting comprehensive risk assessments of cloud assets in line NCA-CCC requirements. Covered critical on-prem and thirdparty cloud solutions during assessments including GitLab, SCCC Alibaba, Oracle ERP, Group IB, eMecREY etc.,
• Conducting intensive risk assessments of on-premises applications, infrastructure, STCBank Social Media and Network etc. by aligning with the standards of SAMA CSF, NCA-ECC and NCA-CSCC.
• Conducted comprehensive risk assessments of multiple STCBank products and successfully obtained SAMA NOL based on these assessments.
• Assisting compliance team in the internal and external security assessments including the SWIFT, PCI-DSS, ISO27001, SAMA CSF and NCA.
• Assisting compliance team in internal assessments of policies and procedures compliance and with internal audits.
• Assisting Data Management Office in developing a Data Privacy Impact Assessment procedure.
• Assisting cyber security governance in managing and updating the policies, frameworks and procedures as per the regulatory compliance requirements.
• Assisting cyber security governance in managing and executing the phishing simulations as a major part of cyber security awareness campaigns.

• Lead the Information Security Risk management of Systems Limited and its associated companies including Visionet. Inc., TechVista Qatar, Systems Arabia and NDCTech
• Performed Risk assessment of critical Cloud Based applications including the MDM and SASE solutions as well
• In Project Management, performed the Risk Assessment of every project and maintaining the end-to-end risk lifecycle in all the phases of the project
• Ensured the mitigation of all information security risks before go-live on every IT project and presenting risk profile to higher management weekly
• Conducted privacy impact assessment in the organization for compliance with ISO-27701: Privacy Information Management
• Assisted Head GRC in the development of Information Security Policies and Procedures as per the compliance requirements of ISO-27001, ISO-27701, and PCI-DSS
• Assisted Head GRC in the development of Cloud Security Governance
• Developed policies from scratch for transition of ISO-27001:2013 to ISO-27001:2022
• Assisted in the compliance monitoring of ISO-27001, ISO-27701, SOC I & SOC II
• Assisted the compliance team in internal and external audits of ISO-27001, ISO-9001, SOC I & SOC II
• Ensured the compliance of the Information Security Policies with policy gap assessment activity
• Ensuring the IT asset management via quarterly asset registers reviews
• Working on automation of InfoSec risk management with the GRC tool
• Worked on the Information Security Awareness program of all the employees of Systems Limited, Visionet Inc., and TechVista via on-site and virtual awareness sessions

• Lead the PCI-DSS compliance for Askari Bank's infrastructure
• Worked on compliance of SWIFT security framework, SBP payment card security framework, and Cybersecurity hygiene
• Reviewed the Askari Bank's Information security Policy, Procedure, Risk management framework, and VAPT procedure
• Lead the Information Security Risk Management Plan for the year 2022
• Maintained the cyber risk lifecycle and ensuring the mitigation of identified risks as per the mitigation strategies
• Covered VAPT of all the in-scope applications of PCI-DSS in the Risk management plan
• Assisted the VAPT team in the external pen test project
• Assisted as a technical analyst in an ongoing Data Classification project
• Assisted SOC in making use cases for DLP

• Worked on Information Security Risk Management of all the assets and processes involved in digital banking
• Assisted in annual review and updating of Information security policies, procedures, and risk management and card security framework
• Assisted in Vulnerability Assessment and Pen testing of all the in-house applications and infrastructure
• Assisted in compliance roadmap of PCI-DSS and ISMS (ISO 27001)
• Performed scheduled VA scans and managed patching of vulnerabilities as per the defined TAT
• Investigated alerts of EDR and XDR
• Performed Annual Risk Assessment of Critical Assets including ATMs and Internet & Mobile Banking
• Performed pen tests of in-house applications and identified the critical vulnerabilities
• Also coordinated with respective IT teams in the patching vulnerabilities

• Performed a white box Pen testing on the existing network on-site, identified the vulnerable points, and reported to Network Administrator
• Managed Network connectivity on main buildings of company and also on remote construction site (managing from Layer 3 switch as well as the user interface of UniFi Access Points)
• Managed the network of 100+ CCTV cameras deployed on-site
• Assisted HoD IT and network administrator on the GPON project for TopCity-1
• Assisted the Network Administrator in deploying PFsense firewall on the network
• Design and deployed CCTV network on the remote construction sites and configure it to the main surveillance control room
• Design and Deployed wireless internet connectivity for the remote construction sites
• Have intermediate experience in the configuration of Cisco Layer 2 and Layer 3 switches (creating VLANs and ensuring security)