ABDULELAH ALABBADY
Riyadh,Saudi Arabia
Summary
Cybersecurity Director with 9+ years of experience leading and transforming cybersecurity programs across highly regulated and mission-critical environments, including commercial and central banking, national payment infrastructure, and supreme audit institutions. Proven leader in establishing security programs within large-scale digital transformation initiatives, securing the design and delivery of nationally critical systems, infrastructure modernization, and cloud adoption. Brings deep expertise in Risk Management and System Security Engineering aligned with NIST SP 800-160/37, applying risk-informed security principles across the system lifecycle and contributing directly to security engineering and design decisions for complex, cloud-native and AI-enabled platforms operating at national and enterprise scale
Overview
7
7
years of professional experience
1
1
Certification
Work history
Chief information Security officer
General Court of Audit
Riyadh, Saudi Arabia
2023.12 - Current
General Court of Audit is Saudi Arabia’s Supreme Audit Institution (SAI)
- Led and scaled a team of 20+ cybersecurity professionals to design and implement a robust, risk-driven, and process-integrated cybersecurity function during a full-scale digital and business transformation.
- Established and operationalized NCA-Compliant NIST-aligned System Security Engineering and Risk Management frameworks, reducing strategic and tactical cybersecurity KRIs by over 90% through risk-driven controls and system-level enforcement mechanisms.
- Directed Cybersecurity compliance programs, achieving over 120% improvement in compliance coverage and control effectiveness across multiple regulatory and security frameworks.
- Optimized cybersecurity investment returns by introducing automation and control optimization initiatives, reducing exposure to cyber threats by more than 70%.
- Contributed to the establishment of core functions including Enterprise Risk Management, enterprise Business Continuity, infrastructure modernization, and organization-wide digital transformation programs
- Acted as the final technical authority for security design decisions and implementation of security controls across Nationally critical systems.
Cybersecurity Risk Consultant
Cyberani Solutions
Khobar, Saudi Arabia
2023.03 - 2023.12
Cyberani Solutions (Joint Venture of Aramco & Raytheon Technologies)
- Led delivery of cybersecurity risk management workstreams for key enterprise and critical-infrastructure clients, acting as primary delivery lead across multiple engagements.
- Directed comprehensive cybersecurity risk and architectural assessments across organizational processes, technology platforms, and system designs, delivering actionable, executive-ready outputs.
- Provided technical assurance for secure software delivery, including assessment of DevSecOps programs, CI/CD pipelines, and secure deployment practices in collaboration with application teams.
- Conducted third-party security and compliance reviews for suppliers supporting critical programs, including evaluations against Aramco control and assurance requirements.
Cybersecurity Risk Senior Officer
Saudi Payments - SAMA
Riyadh, Saudi Arabia
2021.01 - 2023.02
Saudi Payments (SAMA – Saudi Central Bank National Payments Operator)
- Led cybersecurity risk management activities for Saudi Arabia’s national payments infrastructure, supporting payment schemes and settlement systems operating at national scale.
- Conducted strategic cyber risk framing and threat research across global, regional, and sectoral contexts, presenting risk insights and priorities to executive leadership.
- Developed and maintained cybersecurity risk management processes aligned with NIST RMF, performing risk assessments and driving remediation planning for critical systems.
- Monitored enterprise risk posture through validation of remediation actions and closure evidence, strengthening risk governance and accountability.
Information Security Risk officer
Samba Financial Group
Riyadh, Saudi Arabia
2019.03 - 2020.12
- Supported the CISO office in cybersecurity risk governance for enterprise and core banking systems, reviewing security requirements, risk assessments, and risk treatment decisions for major and minor initiatives.
- Participated in the development and maintenance of information security risk management policies, processes, and risk models aligned with international standards and Saudi regulatory frameworks, contributing to regulatory compliance and audit readiness.
- Represented the CISO office in change and design governance forums, including IT Change Control and Design Authority Boards, and served as a designated Business Information Security Officer (BISO), supporting early-stage security decision-making and business alignment.
Cybersecurity Trainee
SITE
Riyadh, Saudi Arabia
2018.12 - 2019.02
Education
Bachelor of Engineering - Computer Engineering
King Fahad University of Petroleum and Minerals (KFUPM)
Dhahran, Saudi Arabia 09/2012 - 08/2018
Skills
- Cybersecurity leadership & Program Transformation
- Cybersecurity Risk Management & Governance
- Supply chain Risk Management
- System Security Engineering (NIST SP 800-160)
- Security Control Design & Implementation
- Business Continuity Management
- Secure Software Development Lifecycle (SSDLC) & DevSecOps
- Workload & Container Security
- Infrastructure & Platform Security (On-Prem, HCI, Cloud)
- GenAI & LLM Application Security
Languages
Arabic
Native
English
Fluent
Spanish
Upper intermediate
Certification
- ISO/IEC 27001/31000/22301 LI
- CISM
- EMV Security and Testing
- SANS SEC545: GenAI & LLM Application Security
References
References available upon request.
Timeline
Chief information Security officer
General Court of Audit
2023.12 - Current
Cybersecurity Risk Consultant
Cyberani Solutions
2023.03 - 2023.12
Cybersecurity Risk Senior Officer
Saudi Payments - SAMA
2021.01 - 2023.02
Information Security Risk officer
Samba Financial Group
2019.03 - 2020.12
Cybersecurity Trainee
SITE
2018.12 - 2019.02
Bachelor of Engineering - Computer Engineering
King Fahad University of Petroleum and Minerals (KFUPM)
09/2012 - 08/2018