Summary
Overview
Work history
Education
Skills
Certification
Timeline
Generic

AHMED ALMALKI

Riyadh

Summary

Experienced professional with a strong background in information security, specialising in vulnerability assessment, risk assessment, and penetration testing. Demonstrated expertise in computer forensics and incident response, ensuring robust security updates and effective leadership in critical situations. Committed to advancing career goals by continuously enhancing skills and contributing to the field of cybersecurity.

Overview

10
10
years of professional experience
1
1
Certification

Work history

Head of Information Security

MIS
Riyadh
12.2024 - Current
  • Identify, assess, and prioritize risks to the organization's information systems, and implement measures to mitigate these risks.
  • Create and enforce security policies, standards, and procedures to ensure compliance with legal, regulatory, and organizational requirements.
  • Establish and manage an incident response plan to address security breaches and vulnerabilities promptly.
  • Work closely with IT, legal, and compliance teams to ensure comprehensive security measures are in place.
  • Assess and manage third-party service providers and their security practices to ensure they meet organizational standards.
  • Develop and manage the budget for the information security department, ensuring effective allocation of resources.

CISO

Najran University
Najran
08.2021 - 12.2024
  • Lead the development and implementation of the Najran University cybersecurity strategy aligned with its business objectives, risk tolerance, and regulatory requirements. This involves defining cybersecurity goals, priorities, and initiatives to protect against evolving threats and vulnerabilities.
  • Develop project plans, timelines, and budgets. Coordinate with stakeholders to define project scope, objectives, and deliverables. such as NAC, DLP, MDM, MFA, SOC preparation and SOC manpower.
  • Establish and maintain a security governance framework to ensure that security policies, procedures, and controls align with business objectives and regulatory requirements.
  • Foster a culture of security awareness and responsibility throughout the organization by promoting cybersecurity best practices, conducting regular security awareness campaigns.
  • Develop, implement, and enforce security policies, procedures, and standards to ensure compliance with National regulations and best practices.
  • Serve as the central point of contact and coordination during cybersecurity incidents, ensuring that all relevant stakeholders are informed and engaged in the incident response process. Coordinate with internal teams and external vendors, as needed to mitigate the impact of security breaches and ensure compliance with national requirements.
  • Prepare and present regular cybersecurity updates, status reports, and briefings to executive leadership, board committees, and risk management oversight groups. Provide timely and accurate information on cybersecurity risks, incidents, and mitigation strategies to support informed decision-making and governance oversight.
  • Provide leadership, direction, and support to team members, fostering a collaborative and positive work environment. Set clear expectations, delegate responsibilities, and empower team members to contribute their expertise and creativity to business success.

Assistant Cybersecurity Manager

Najran University
Najran
02.2021 - 08.2021
  • Assist the Cybersecurity Manager in overseeing daily security operations (SOC, vulnerability management, incident response).
  • Support the development and implementation of security policies and procedures
  • Maintain security documentation, risk registers, and audit evidence.
  • Conduct root cause analysis and prepare incident reports.
  • Assist in managing SIEM, EDR, DLP, IAM, WAF, vulnerability scanners.
  • Support the rollout of security awareness programs (phishing simulations, workshops).
  • Prepare weekly/monthly security reports for the Manager and leadership.
  • Identified and resolved operational issues impacting productivity, performance or profitability.

Cybersecurity Specialist

Najran University
Najran
01.2018 - 08.2021
  • Identify, assess, and prioritize risks to systems, networks, and data.
  • Conduct vulnerability assessments and penetration testing to uncover weaknesses.
  • Monitor networks and applications for suspicious activity and anomalies.
  • Stay updated on new threats via threat intelligence and sharing networks.
  • Hunt proactively for advanced threats and malicious activity.
  • Deploy and manage security tools (AV, EDR) for endpoints and servers.
  • Analyze network traffic, logs, and alerts to defend against intrusions.
  • Respond in real-time to attacks, contain breaches, and perform post-incident reviews.
  • Apply lessons learned to strengthen defenses.
  • Conduct security audits against standards (e.g., NCA ECC).
    Identify non-compliance issues and recommend corrective actions.

System analyst

Najran University
Najran
03.2015 - 01.2018
  • Work closely with stakeholders, including business users, managers, and IT professionals, to understand their needs and requirements for new or existing applications.
  • Translate business requirements into detailed system specifications, including functional and non-functional requirements. Document user stories, use cases, and system requirements documents to communicate the scope and objectives of the system to the development team.
  • Work closely with software developers to ensure that the system solution is implemented according to the defined requirements and specifications. Provide guidance and support to the development team throughout the development lifecycle.
  • Serve as a liaison between business stakeholders and technical teams, facilitating communication and collaboration to ensure that everyone has a clear understanding of the project objectives and requirements.
  • Participate in testing activities to validate that the implemented system meets the defined requirements. Conduct system testing, user acceptance testing (UAT), and regression testing to identify and resolve any defects or issues.
  • Provide ongoing support and maintenance for the deployed system, including troubleshooting issues, addressing user feedback, and implementing enhancements or updates as needed.

Education

Master of Science - Cyber Security

Bisha University

Postgraduate Diploma in Cyber Security

Institute Of Public Administration

Bachelor of Computer Science

King Khalid University

Skills

  • Leadership
  • Information security
  • Security updates
  • Vulnerability Assessment
  • Risk assessment
  • Penetration testing
  • Computer forensics
  • Incident response

Certification

Professional Certifications

  • CompTIA, Security+
  • EC-Council, CSA
  • Qualys, Vulnerability Management

Professional Training

  • Sec560: Network Penetration Testing and Ethical Hacking, SANS institute
  • SEC542:Web App Penetration Testing and Ethical Hacking, SANS institute
  • SEC508: Advanced Incident Response, Threat Hunting, and Digital Forensics, SANS institute
  • SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses, SANS institute.
  • CISSP: Certified information systems security professional, Tuwaiq Academy
  • SOC L2: Security Operations Center Level 2, Tuwaiq Academy


Timeline

Head of Information Security

MIS
12.2024 - Current

CISO

Najran University
08.2021 - 12.2024

Assistant Cybersecurity Manager

Najran University
02.2021 - 08.2021

Cybersecurity Specialist

Najran University
01.2018 - 08.2021

System analyst

Najran University
03.2015 - 01.2018

Master of Science - Cyber Security

Bisha University

Postgraduate Diploma in Cyber Security

Institute Of Public Administration

Bachelor of Computer Science

King Khalid University
AHMED ALMALKI