Summary
Overview
Work History
Education
Skills
Certification
Workshopstrainingattended
Timeline
Generic
Hatem Alamri

Hatem Alamri

Madinah

Summary

With 16+ years of cybersecurity management experience, I have successfully guided cybersecurity programs, implemented ISO 27001 ISMS, and managed GRC frameworks to ensure robust governance, risk, and compliance across organizations. I excel in overseeing NCA controls auditing, developing security strategies aligned with business objectives, and ensuring compliance with Saudi NCA Controls and standards. Holding a Master's Degree in Cybersecurity, my track record showcases optimized security operations, successful management of large-scale projects, and enhanced risk management practices that safeguard organizational assets.

Overview

17
17
years of professional experience
3
3
Certification

Work History

Cybersecurity Director

Taibah University
01.2020 - Current
  • Team Leadership & Resource Management: Supervised and directed a team of cybersecurity professionals, effectively assigning tasks based on expertise and priority. Allocated resources across cybersecurity roles to ensure optimal coverage and performance.
  • Vulnerability Management & Remediation: Led efforts to identify, assess, and remediate cybersecurity vulnerabilities, ensuring timely mitigation and continuous improvement of security posture.
  • Cybersecurity Strategy & Policy Development: Collaborated with key stakeholders to design, implement, and update cybersecurity policies and procedures, ensuring alignment with the organization’s cybersecurity strategy and overall business objectives.
  • Risk Assessment & Mitigation: Conducted comprehensive cybersecurity risk assessments, collaborating with cross-functional teams to implement and maintain a robust risk management framework that effectively mitigates risk and addresses privacy concerns.
  • Governance & Compliance: Ensured cybersecurity policies, processes, and controls complied with regulatory requirements and industry standards. Led the development of documentation and procedures to support compliance and risk mitigation.
  • Cybersecurity Advocacy & Awareness: Promoted cybersecurity awareness across all organizational levels, educating senior leadership on the strategic value of cybersecurity in achieving business goals. Actively advocated for the integration of cybersecurity within broader business strategies.
  • Incident Management & Third-Party Communication: Managed cybersecurity incidents, coordinating with internal and external stakeholders, including legal and regulatory bodies, to ensure effective incident response and compliance with reporting requirements.
  • Continuous Improvement: Led regular reviews of cybersecurity controls and their effectiveness, aligning them with the organization’s strategic goals and emerging threats. Ensured policies and documentation remained current and reflective of evolving cybersecurity challenges.
  • Cybersecurity Talent Acquisition: Identified and recruited top-tier cybersecurity talent, ensuring the team was equipped with the necessary skills and resources to meet the organization’s security objectives.
  • Business Continuity & Cyber Resilience: Oversaw the integration of cybersecurity into the organization’s business continuity planning, ensuring critical infrastructure was protected against potential disruptions.
  • Stakeholder Collaboration: Worked closely with internal stakeholders and third-party partners to identify evolving cybersecurity needs, ensuring the organization’s cybersecurity strategy is future-ready.

Cybersecurity Operations Manager

Taibah University
12.2017 - 12.2019
  • Oversaw the day-to-day management of cybersecurity operations, ensuring the protection of university’s digital assets, networks, and systems from cyber threats and vulnerabilities.
  • Led the response to cybersecurity incidents, coordinating with internal teams to identify, contain, and remediate threats. Managed the analysis of security events to enhance proactive threat detection and response strategies.
  • Managed the continuous monitoring of security systems, including SIEM (Security Information and Event Management) tools, to detect, analyze, and respond to potential security incidents and anomalies.
  • Supervised and optimized the operations of the university's Security Operations Center (SOC), ensuring efficient incident detection, triage, escalation, and response in alignment with university policies.
  • Maintained accurate records of security incidents, vulnerabilities, and remediation actions. Produced detailed reports on security events, risk assessments, and operational performance for senior management and compliance purposes.

Cybersecurity GRC & ISMS (ISO27001) Manager

Taibah University
01.2012 - 04.2015
  • Governance, Risk, and Compliance (GRC) Leadership: Directed the university’s cybersecurity Governance, Risk, and Compliance (GRC) program, ensuring alignment with best practices, regulatory requirements, and strategic goals.
  • ISO 27001 Implementation & Management: Led the implementation and ongoing management of the Information Security Management System (ISMS) based on the ISO 27001 standard. Ensured the university’s information security policies, procedures, and controls were compliant with ISO 27001 requirements.
  • Risk Assessment & Risk Management: Managed the identification, assessment, and evaluation of cybersecurity risks to university assets, data, and systems. Developed and implemented risk management strategies to reduce potential impacts and ensure compliance with internal and external standards.
  • Policy Development & Compliance Assurance: Developed, reviewed, and updated information security policies, procedures, and controls in line with ISO 27001 and other relevant standards. Ensured adherence to university policies, national regulations, and international compliance frameworks.
  • Internal & External Audits: Coordinated internal and external audits of the ISMS and GRC program, ensuring that controls were effective, documented, and adhered to throughout the organization. Led preparation efforts for ISO 27001 certification audits and ensured successful certification renewal.
  • Cybersecurity Awareness & Training: Promoted awareness of information security best practices across university departments. Developed and delivered tailored training programs for staff, faculty, and students to enhance understanding of risk management, information security, and compliance obligations.
  • Risk Treatment Plans & Remediation: Worked closely with departments to develop risk treatment plans and coordinate remediation actions for identified vulnerabilities and non-compliance issues. Monitored the effectiveness of remediation efforts and ensured timely resolution of risks.
  • Compliance Reporting & Documentation: Managed the documentation and reporting of GRC activities, ensuring that the university’s leadership and relevant stakeholders were informed of compliance status, risk management activities, and audit results.
  • Third-Party Risk Management: Collaborated with university departments and external vendors to assess and mitigate risks associated with third-party service providers, ensuring that contractual agreements incorporated appropriate cybersecurity and compliance requirements.
  • Incident Response & Compliance Coordination: Worked in tandem with incident response teams to ensure that information security incidents were handled in compliance with established GRC policies. Conducted post-incident reviews to identify lessons learned and enhance future compliance strategies.
  • Continuous Improvement of GRC & ISMS: Led initiatives to continuously improve the GRC program and ISMS, incorporating lessons learned from audits, incidents, and changing regulatory requirements. Regularly reviewed and updated risk management processes and security controls.
  • Security Metrics & Performance Monitoring: Developed and implemented key performance indicators (KPIs) and metrics to measure the effectiveness of the GRC program, providing regular reports to senior management on progress, challenges, and achievements.
  • Regulatory & Legal Compliance: Ensured that the university’s cybersecurity practices met regulatory requirements, including data protection laws (e.g., GDPR), industry standards, and any applicable government regulations related to information security.
  • Collaboration with IT & Legal Teams: Worked closely with the IT department, legal, and compliance teams to ensure that the university’s cybersecurity controls were integrated into the broader organizational risk management and compliance framework.
  • Business Continuity & Disaster Recovery: Supported the integration of information security controls into the university’s business continuity and disaster recovery plans, ensuring that the university could maintain operations in the event of a cybersecurity incident or breach.
  • Strategic Cybersecurity Oversight: Provided strategic oversight and guidance to university leadership on cybersecurity risk and compliance issues, helping to ensure that cybersecurity considerations were integrated into the university’s overall governance and strategic decision-making processes.

Information Security Infrastructure Project Lead

Taiba University
05.2010 - 12.2011
  • Led the planning, design, and implementation of critical information security infrastructure projects, ensuring that solutions were delivered on time, within budget, and aligned with organizational security requirements.
  • Coordinated closely with IT, cybersecurity, and business units to understand security requirements and translate them into technical solutions. Ensured that all stakeholders were aligned and informed throughout the project lifecycle.
  • Led the evaluation, selection, and deployment of security technologies and tools, including firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS), encryption tools, and secure access solutions to strengthen the organization's security infrastructure.
  • Developed and managed detailed project plans and roadmaps, setting clear milestones, timelines, and deliverables to ensure the successful execution of infrastructure security initiatives.
  • Oversaw relationships with third-party vendors and service providers, ensuring they met the security requirements and compliance standards for infrastructure projects. Managed contracts, service level agreements (SLAs), and vendor performance.

Information Security Specialist

QASSIM UNIVERSITY
05.2006 - 04.2010
  • Antivirus Administration & Endpoint Security: Managed the deployment, configuration, and maintenance of antivirus software across the organization's endpoints. Ensured continuous protection against malware, ransomware, and other cyber threats, while optimizing system performance and minimizing false positives.
  • System Administration & Security for Microsoft Environments: Administered and secured Microsoft-based systems, including servers, workstations, and applications. Implemented security configurations, patch management, and system hardening to safeguard against vulnerabilities in Windows environments.
  • Active Directory Security & Access Management: Oversaw the security of Active Directory (AD) infrastructure, including user access controls, group policy management, and role-based access management. Conducted regular audits of AD permissions to ensure compliance with organizational security policies and minimize the risk of unauthorized access.
  • Security Policy Implementation & Enforcement: Implemented and enforced security policies across organizational systems, ensuring consistency and alignment with organizational security standards. Configured group policies, security settings, and restrictions to prevent security breaches and ensure compliance.
  • Patch Management & Vulnerability Remediation: Managed the patch management process for all Microsoft systems and endpoint security solutions, ensuring that critical updates and security patches were applied in a timely manner to minimize vulnerabilities and enhance system security.
  • Log Management & Security Monitoring: Utilized security tools to monitor system logs, antivirus alerts, and Active Directory events, identifying anomalies and potential threats. Collaborated with the IT team to take preventive and corrective actions based on monitoring results.
  • Backup & Disaster Recovery Planning: Assisted in the configuration and management of backup systems for critical data and systems. Ensured security measures were in place for the recovery of data in the event of a security incident or system failure.


  • Collaboration with IT & Security Teams: Worked closely with IT and security teams to identify security gaps and implement proactive security measures. Provided technical expertise in securing IT infrastructure and systems, ensuring compliance with organizational security strategies.


Education

Master degree in computer Network Security -

Liverpool John Moores University
Liverpool, United Kingdom
11.2016

Computer Engineering - undefined

Umm Al-Qura University
Makkah, Saudi Arabia
05.2005

Skills

  • ISO 27001 Implementation and Audit
  • Risk Management Frameworks
  • Vulnerability Management
  • CyberSecurity Incident Management
  • CyberSecurity Governance
  • cybersecurity Strategic Planning
  • Compliance Management(NCA , ISO27001 , NIST)

Certification

  • Implementing the NIST Standards using COBIT 5, 12/2017, Present, GR696000007HA
  • CPTE Certified, 11/2017, Present, 753600
  • CompTIA Security + Certified, 06/2011, Present, COMP001020268059

Workshopstrainingattended

  • CISM Certified training Course (2014)
  • Certified information Security management
  • Penetration Testing Engineering Course CPTE (2017)
  • Practical Course Mile 2 Lab \ Kali Linux \ Metasploit
  • LA : Lead auditor Security ISO 27001 (2012)
  • Information security management Systems Auditor
  • Change Management for Engineering Projects (2017)
  • Saudi Council of Engineers
  • Security principles Course (2011)
  • ITs2 Academy
  • Forensics Incident Response IR (2014)
  • Forensics Incident Response IR in Window systems environment
  • Active directory : backup and Disaster recovery (2013)
  • Backup and Disaster recovery for DSN , Domain Controller , DHCP services
  • Kasper Endpoint Security and management (Advance ) (2013)
  • Kaspersky LAB Technical Courses # KL002.10 / KL202.10 / KL302.10
  • Kaspersky Security for Virtualization (2014)
  • Kaspersky LAB Technical Courses # KL014.11

Timeline

Cybersecurity Director

Taibah University
01.2020 - Current

Cybersecurity Operations Manager

Taibah University
12.2017 - 12.2019

Cybersecurity GRC & ISMS (ISO27001) Manager

Taibah University
01.2012 - 04.2015

Information Security Infrastructure Project Lead

Taiba University
05.2010 - 12.2011

Information Security Specialist

QASSIM UNIVERSITY
05.2006 - 04.2010

Computer Engineering - undefined

Umm Al-Qura University
  • Implementing the NIST Standards using COBIT 5, 12/2017, Present, GR696000007HA
  • CPTE Certified, 11/2017, Present, 753600
  • CompTIA Security + Certified, 06/2011, Present, COMP001020268059

Master degree in computer Network Security -

Liverpool John Moores University

Similar Profiles

  • Mostafa Fayad

    Mostafa FayadMostafa Fayad

    Associate Professor of Removable Prosthodontics at Taibah UniversityAssociate Professor of Removable Prosthodontics at Taibah University

    View Profile
  • Dr.Mohammed Farsi

    Dr.Mohammed FarsiDr.Mohammed Farsi

    Assistant Professor of Computer Science at Taibah UniversityAssistant Professor of Computer Science at Taibah University

    View Profile
  • Abdulrhman Alzhrani

    Abdulrhman AlzhraniAbdulrhman Alzhrani

    Network Engineer at Taibah UniversityNetwork Engineer at Taibah University

    View Profile
Hatem Alamri