IQBAL MOHAMMED

· Engagement manager and project delivery lead for cybersecurity projects:

~ Developed the Technical and commercial Proposal and presentations w.r.t client requirements.

~ Actively participated and engaged on engagement letter for the project engagement with clients.

~ Actively participated and engaged on project scope of work (SOW) and Master service agreement.

~ Developed the project charter, project plan and kick-off meeting presentation.

~ Developed the weekly project status report for client status meeting.

~ Actively engaged with senior management in the project status tracking report and supported in their decision by developing the project status reports.

~ Performed project management and team management activities for on-time delivery of the tasks.

~ Drive and lead the Cybersecurity Maturity Assessment (CMA) as per industry best practices (NCA, NIST and ISO 27001 ISMS) and presented & delivered the CMA report to the stakeholders.

~ Drive and lead the NCA: ECC, CSCC, DCC, TCC, CCC, OSMACC, SAMA CSF and ISO/IEC 27001 ISMS and TISAX standards implementation and compliances assessment. Developed, presented & delivered the compliance dashboard and reports to the stakeholders.

~ Drive and lead the development of Cybersecurity Strategy and Target Operating Model (TOM).

~ Drive and lead Cybersecurity risk assessment as per SAMA CSF, NCA: ECC, CSCC, DCC, TCC, CCC, OSMACC and ISO/IEC 27001 ISMS standards.

~ Drive and lead the development, enhancement and review of Job description for Cybersecurity workforce as per industry best practices (NCA, NIST and ISO 27001)

~ Create, review, and enhanced the documentations as per SAMA CSF, NCA, NIST and ISO 27001 standards.

~ Performed cyber security risk assessment on a scope of information technology systems &/ business process. Scheduling, conducting, and tracking risk assessment activities with the stakeholders.

~ Developed threat & vulnerability database, risk control sheet, risk register and risk report.

~ Review and approval of risk report with stakeholders.

~ Preparation for a senior management and stakeholders presentation monthly, for the high-level progress, risk identified and related enterprise recommendation as applicable.

~ Actively participated and engaged on ISMS implementation and certification accreditation.

~ Developed and reviewed the policies, procedure, standard, ISMS management review, cybersecurity committee Charter, Training plan/materials and Statement of Applicability (SOA), Master list of documents and policies compliance review activity plan & checklist.

~ Actively participated and engaged on tabletop exercise (TTX) and supported senior management in delivering the cyber crisis-ransomware report.

~ Developed the cybersecurity KPI and KRIs measurement matrix based on cybersecurity risk landscape mapping SAMA, ISO 27001 and NCA framework.

~ Developed ISMS Internal Audit program, Audit report, Action plan for any observations raised during the Pre-certification audit and External Certification Audit Support

~ Developed Cybersecurity awareness and trainings program plans / materials / records to minimize information security incidents.

• Client#1: Princess Noura University (PNU)
• Client#2: Ministry of Defense, Riyadh Saudi Air Force (RSAF)
• Maintained integrated management system (NIST SP.800-53 R4, ISO 27001, NCA ECC, CSCC and ISO 22301) certification accreditation status for the client.
• Conducted IT Security Audit at client site w.r.t ISO27001, ISO 22301 certification.
• Information security audit management (external and internal audits). Develop and rollout of annual Information security roadmap and audits plans.
• Developed NIST, ISMS and BCMS policies, standards, procedures, and guidelines to ensure the protection of confidential, integrity and availability of information.
• Developed and conducted developed formal process system for business impact analysis, business continuity plan and test, IT security incident and changes management, etc.
• Identifying and exploring new security trends and performing quality review, RFP, vendor evaluation, cost benefit analysis of latest security tools in the market.
• Information security metrics reporting to support key decision makers.
• Project lead for all IT security projects Key projects: IT Risk management, ISMS management review program, IT security incident management and compliance management.
• IT business continuity plan (BCP) drill test, Tabletop exercise (TTX), report results and follow-up action points.
• Information security controls assessment for to meet the company requirements.
• IT security audit management (external and internal audits)
• IT security audit, assessment, and compliance management for information security controls.
• Information security awareness and trainings program plans/ records to minimize information security incidents.
• Developed and lead information system audit (data center, firewall, routers, wi-fi, network and remote access control, active directory, servers, antivirus compliance, privileged users access control, etc.) management.

• Maintained integrated management system (ISO 27001, ISO 22301, ISO 20000) certification accreditation status.
• Developed and implemented integrated management system (IMS) policies, standards, and procedures to ensure the protection of confidential, integrity and availability of information.
• Developed and conducted developed formal process system for business impact analysis, business continuity plan and test, IT security incident management, IT changes management, IT service catalogue, IT service improvement plan, IT customer satisfaction survey etc.
• Project lead for all IT security projects Key projects: IT Risk management, IMS management review program, Vulnerability assessments and penetration tests (VAPT), IT security incident management, SIEM management, legal and compliance management.
• Data classification, Rights management, and Data leakage prevention program.
• IT business continuity plan (BCP) drill test, report results and follow-up action points.
• Information security controls audit and assessment on vendor site for to meet the company outsourcing requirements.
• IT security audit management (external and internal audits)
• IT security audit, assessment and compliance management for firewall, routers, antivirus, wi-fi, data center, active directory, servers, and system security patches, privileged user access control, etc.
• Information security awareness and trainings and phishing campaign to minimize information security incidents.
• Subscribed to information security forums/bulletins/tips to be updated in latest information security and cyber security threats.

• Analysed functional requirements to ensure compliance with information security and software quality standards.
• Executed product certification across various platforms, including Windows and UNIX.
• Developed and reviewed test plans, conditions, scenarios, and cases using HP Quality Center.
• Conducted multiple testing types, such as functional, regression, installation, and stress testing.
• Tracked issues and generated reports using RTC tool for effective resolution management.
• Managed virtual machines on VMware ESX servers while supporting system activities.
• Configured operating systems and databases for lab machines alongside MS virtual and cluster setups.
• Facilitated product training sessions and team meetings, delivering formal reports and minutes of meetings.

• As an Information Security Manager at Almarai, I am responsible to lead the information security team, achieving tactical and strategic information security and business objectives.
• Maintained ISO27001 (Information Security Management System) certification accreditation status.
• Developed and implemented Information security policies standards and procedures.
• Project Manager for all IT security projects. Key Projects: Managed the integration of IT security and infrastructure controls and aligned information security policy, standards, procedures for Almarai new acquisition companies.
• IT Risk management, ISMS management review program, Vulnerability assessments and penetration tests (VAPT), IT security incident management, SIEM management, legal and compliance management, Information Security Awareness and Training.
• IT disaster recovery (DR) drill test, report results and follow-up action points.
• Information security audit management (external and internal audits). Develop and rollout of annual Information security audits plans.
• IT Security Infrastructure Implementation and Management (Internet security and Email Anti-spam Gateway, Enterprise Anti-Virus, Proxy, DLP, SIEM, Endpoint Encryption, Backup & Recovery tool, and Security tools).
• Information System Audit for firewall, routers, Wi-Fi, data center, active directory, servers, antivirus compliance, privileged users access control, UNIX, etc.
• Identifying and exploring new security trends and performing quality review, RFP, vendor evaluation, cost benefit analysis of latest security tools in the market.
• Information security metrics reporting to support key decision makers.

• Analysed functional requirements to ensure project objectives were met.
• Developed and executed comprehensive test plans, scenarios, and cases.
• Conducted functional, regression, and stress testing for diverse applications.
• Maintained bug tracking systems for efficient issue resolution.
• Supported system operations throughout entire project lifecycle.
• Installed software on Windows servers, Solaris, HP-UX, and SUSE environments.
• Configured Active Directory, DNS, DHCP, IIS, and FTP servers.
• Installed operating systems, databases, Citrix applications, and virtual machines on VMware.