Summary
Overview
Work history
Education
Skills
Websites
Certification
PUBLICATIONS
Languages
References
Timeline
Generic

Joory Alolayan

Riyadh,SaudiArabia

Summary

Cybersecurity professional specializing in Governance, Risk & Compliance (GRC) with strong expertise in Saudi cybersecurity regulations, including NCA Essential Cybersecurity Controls (ECC) and PDPL. Experienced in ISO 27001, ISO 27005, and ISO 31000, delivering gap assessments, maturity evaluations, and audit readiness for government and semi-government entities. Proficient in policy development, regulatory reporting, and leveraging GRC platforms for compliance metrics and KPI/KRI tracking. A collaborative and results-driven professional committed to strengthening cybersecurity governance, risk management, and organizational resilience.

Overview

5
5
years of professional experience
1
1
Certification

Work history

Cybersecurity GRC Consultant

Advanced Controls
01.2024 - 01.2026
  • Led and executed Governance, Risk, and Compliance (GRC) activities across multiple cybersecurity and regulatory domains.
  • Managed multiple clients across private and government sectors, including sensitive and highly regulated environments.
  • Designed and implemented an enterprise GRC management platform to centralize risk registers, compliance tracking, control mapping, and reporting.
  • Implemented and operationalized NCA Essential Cybersecurity Controls (ECC) and NCA Digital Cloud Controls (DCC).
  • Conducted enterprise risk assessments and risk treatment plans aligned with ISO 31000.
  • Supported the establishment and maintenance of ISMS in accordance with ISO/IEC 27001, including risk assessments per ISO/IEC 27005.
  • Ensured compliance with Saudi Personal Data Protection Law (PDPL), including data classification, privacy controls, and governance documentation.
  • Developed, reviewed, and maintained cybersecurity policies, procedures, standards, and control frameworks aligned with regulatory requirements.
  • Performed gap assessments, maturity assessments, and compliance reviews, followed by actionable remediation plans.
  • Monitored compliance KPIs and KRIs and prepared periodic reports for senior management and stakeholders.
  • Supported Business Continuity Management (BCM) initiatives, including: Business Impact Analysis (BIA),Risk analysis and dependency mapping and Emergency and crisis response planning Successfully delivered on tasks within tight deadlines.
  • Coordinated with technical, legal, privacy, and business teams to ensure effective implementation of governance and compliance requirements.
  • Acted as a trusted cybersecurity advisor, providing guidance on regulatory interpretation, control implementation, and governance best practices.
  • Supported continuous improvement and cybersecurity maturity enhancement initiatives across client environments.

Cybersecurity Engineer – SOC/NOC

Ministry of Housing – Mumarah
01.2023 - 01.2024
  • Operated within a 24x7 Security Operations Center (SOC), monitoring, analyzing, and responding to security alerts in a regulated government environment.
  • Performed incident triage, classification, escalation, and documentation in accordance with defined SOC procedures and SLAs.
  • Supported Network Operations Center (NOC) activities, including network availability monitoring, fault detection, and first-level troubleshooting.
  • Monitored and managed firewall security devices, including: Access control rules ,policy reviews and updates ,change validation and impact assessment
  • Conducted log monitoring and event correlation across security and network devices to detect potential threats and anomalies.
  • Supported vulnerability monitoring and basic remediation tracking, coordinating with infrastructure and security teams.
  • Assisted in root cause analysis (RCA) and post-incident reviews to support continuous improvement.
  • Monitored network performance and service availability, ensuring minimal downtime and adherence to SLAs.
  • Supported storage systems and critical infrastructure, ensuring performance, capacity, and availability.
  • Assisted in incident response activities, including containment, recovery, and lessons learned documentation.
  • Maintained operational documentation, incident reports, and shift handover records.
  • Ensured compliance with government security standards, internal policies, and quality procedures.
  • Coordinated with SOC, NOC, and GRC teams to ensure alignment between technical operations and regulatory requirements.
  • Supported quality assurance and audit evidence preparation for operational security controls.

Cyber Security Trainee

King Saud University
Riyadh, SaudiArabia
01.2021 - 01.2022
  • Supported day-to-day cybersecurity operations and administrative security tasks within a university enterprise environment.
  • Worked in the Security Operations Center (SOC) monitoring security alerts, analyzing events, and supporting incident handling activities.
  • Assisted Network Operations Center (NOC) teams with network monitoring, availability checks, and first-level troubleshooting.
  • Provided technical support for users, systems, and security-related issues in accordance with defined procedures.
  • Assisted in incident documentation, logging, and escalation to senior security analysts.
  • Supported the implementation and improvement of cybersecurity controls, configurations, and operational procedures.

Education

Bachelor’s Degree - Cybersecurity

Diploma - Technical Support

Skills

Saudi Cybersecurity Regulations
  • NCA Essential Cybersecurity Controls (ECC)
  • NCA Digital Cloud Controls (DCC)
  • PDPL Compliance & Data Privacy Governance
  • Government & Semi-Government Compliance Readiness
Governance, Risk & Compliance
  • Cybersecurity Governance Models
  • Risk Assessment & Risk Treatment
  • ISO 27001 / ISO 27005 / ISO 31000
  • Gap Analysis & Maturity Assessments
  • Audit Preparation & Regulatory Reporting
  • Policy, Procedure & Control Development
GRC Tools & Platforms
  • Enterprise GRC Platforms (Risk Registers, Control Mapping, Compliance Dashboards)
  • Evidence Management & Audit Tracking
  • Compliance Metrics & KPI/KRI Reporting
  • Control Framework Mapping (NCA ↔ ISO)
Security Operations (Supporting Background)
  • SOC Operations & Incident Handling
  • NOC Monitoring & Troubleshooting
  • Firewall & Access Control Management
  • Incident Documentation & RCA
Business Resilience
  • Business Impact Analysis (BIA)
  • Business Continuity Management (BCM)
  • Disaster Recovery & Emergency Planning
Professional Skills
  • Client & Stakeholder Engagement
  • Regulatory Interpretation
  • Executive & Management Reporting
  • Documentation & Compliance Writing
  • Cross-functional Collaboration

Websites

Certification

  • ISO/IEC 27001 Lead Implementer
  • ISO 31000 Lead Risk Manager
  • EJPT v2
  • ICCA

PUBLICATIONS

Detection Vulnerabilities in the Code for Code Guard Based Machine Learning, Journal of Cyber Security, 2024

Languages

English
Fluent
Arabic
Native

References

References available upon request.

Timeline

Cybersecurity GRC Consultant

Advanced Controls
01.2024 - 01.2026

Cybersecurity Engineer – SOC/NOC

Ministry of Housing – Mumarah
01.2023 - 01.2024

Cyber Security Trainee

King Saud University
01.2021 - 01.2022

Diploma - Technical Support

Bachelor’s Degree - Cybersecurity

Similar Profiles

Create profile
Joory Alolayan