KHWAJA NAVEED RASHEED
Senior Cybersecurity Leader (GRC & Security Architecture)
Riyadh
Summary
Visionary Cybersecurity and GRC leader with 20+ years of experience architecting security solutions and driving governance across BFSI, Petrochemical, Utility, and Telecom sectors. Accomplished in Security Architecture (SABSA, Zero Trust) and GRC frameworks (SAMA, NCA, ISO 27001), achieving top-tier compliance (SAMA CSF maturity ~4.0, 98% NCA). Renowned for:
- Security Architecture Integration: Aligning technical solutions (SABSA, Cloud, IAM) with business objectives.
- GRC Strategy & Implementation: Developing frameworks, policies, and risk models that meet or exceed regulatory requirements.
- Enterprise-Wide Transformation: Leading cross-functional teams and implementing large-scale GRC Archer solutions, saving millions in external consultancy costs.
- Risk Management & Threat Modeling: Conducting 300+ risk assessments using STRIDE, DREAD, and CIS Controls to strengthen incident response and resilience.
- Cybersecurity Culture & Leadership: Spearheading security awareness programs (e.g., October Cybersecurity Month) to embed a “security-first” mindset.
Overview
22
22
years of professional experience
19
19
Certifications
Work History
Cybersecurity Director
Tawuniya Insurance
12.2023 - Current
- Cyber Security Governance, Risk, and Compliance (GRC), Cybersecurity Leadership: Spearheaded the development and implementation of cybersecurity policies, frameworks, and guidelines, ensuring compliance with national laws and aligning initiatives with organizational objectives
- Strategic Risk Management: Established a comprehensive cybersecurity risk management approach, including system-wide risk management functions and third-party security frameworks to mitigate risks effectively
- Project Management: Successfully managed GRC Archer Suite projects, designing workflows and authoring Business Requirement Documents (BRDs) to enhance compliance, governance, and risk management processes
- Cybersecurity Awareness Initiatives: Launched impactful awareness programs, including October Awareness Month events, significantly enhancing the organization's security posture and fostering a culture of cybersecurity awareness
- Professional Services Support: Played a critical role in providing security insights during bidding phases, delivering effective security solutions and strategic recommendations
- Cyber Security Governance & TPRM: Led cybersecurity governance initiatives, ensuring compliance with industry standards
- Implemented a robust Third-Party Risk Management (TPRM) framework, streamlining approval processes for cloud services and outsourcing, and ensuring regulatory compliance
- Team Capability Development & Innovative Awareness Programs: Developed and supervised cybersecurity awareness programs across all levels of the organization, including interactive workshops, gamified learning experiences, and simulations, which significantly boosted employee engagement and cultivated a strong security-first culture.
Cybersecurity Manager
BUPA Arabia, Healthcare Insurance
Jeddah
07.2022 - 12.2023
- Governance, Risk, and Compliance (GRC), Driven Security Architecture Development: Led the integration of SABSA frameworks into BUPA Arabia's security architecture, enhancing the alignment of security initiatives with business goals
- Collaborated with KPMG consultants to develop and refine a SABSA-based Security Architecture, significantly boosting compliance and risk mitigation capabilities
- Comprehensive Security Strategy Formulation: Spearheaded the development of an extensive security plan addressing specific threats, vulnerabilities, and risks to BUPA Arabia’s assets
- Regularly updated the security architecture to adapt to new and evolving threats, ensuring robust defense mechanisms
- Advanced Threat Modeling and Risk Assessment: Conducted sophisticated threat modeling to identify potential security challenges
- Executed over 100 project-based risk assessments and 200+ risk reviews using methodologies like STRIDE, DREAD, CIS Controls, and OWASP Top 10
- Technical and Administrative Control Implementation: Designed and implemented a comprehensive suite of technical and administrative controls, fortifying defenses against identified threats and substantially reducing risk exposure
- Crisis Readiness and Incident Response: Developed and executed 12 innovative crisis readiness strategies, enhancing workforce preparedness and minimizing downtime during crises, resulting in improved employee morale and bolstered company reputation
- Strategic Cybersecurity Planning: Contributed to the creation of a risk-based three-year Cyber Security Strategy, outlining 40 initiatives across 10 programs to enhance cybersecurity defenses and align with enterprise-wide strategic goals
- Change Management Leadership: Played a key role in Change Management as a member of the Change Advisory Board (CAB), providing critical insights for change initiatives
- Actively engaged with cross-functional stakeholders to conduct risk reviews and facilitate decision-making through the BMC Remedy Change Management Portal
- Project Leadership in OTP Mechanism Implementation: Successfully led the implementation of a One-Time Password (OTP) mechanism, aligning with Minimum Verification Controls guidelines to secure high-risk transactions
- Development of Risk-Based Transaction Assessment: Pioneered the development of a comprehensive list of risky transactions derived from detailed assessments, enhancing the company's capability to identify and mitigate threats in real-time
- Compliance Management: Ensured adherence to regulatory standards set by SAMA, NCA, CCHI, and Aramco CCC, actively engaging in the compliance management function.
Cyber Security Architect
Saudi National Bank, SNB
01.2022 - 07.2022
- Security Architecture Development: Integrated SABSA frameworks, enhancing alignment between security initiatives and business goals
- Advanced Threat Modeling: Conducted over 100 project-based risk assessments and 200+ risk reviews using STRIDE, DREAD, CIS Controls, and OWASP Top 10
- Change Management: Key member of the Change Advisory Board (CAB), providing critical insights within the BMC Remedy Change Management Portal
- Crisis Readiness: Developed 12 crisis readiness strategies, minimizing downtime during crises and improving response capabilities
- Audit Management: Handled multiple internal and external audits, ensuring compliance and effective remediation
- Strategic Alignment: Delivered tailored cybersecurity strategies, ensuring alignment with client-specific goals and industry standards.
Principal Consultant
12.2019 - 12.2021
- Placed by VERSOS in SAMBA Bank, Riyadh, (10,000+ users' environment)
- Risk Assessment Leadership: Orchestrated comprehensive risk assessments using asset and scenario-based qualitative approaches in line with ISO 27005:2018, employing the OCTAVE Allegro methodology
- This involved a deep understanding of the bank’s assets and potential threat scenarios, ensuring a thorough and effective risk management approach
- Information Security Policy Alignment: Aligned Information Security risk management policies and procedures with stringent regulatory and compliance standards
- Ensured bank-wide adherence, contributing to a robust and compliant security posture
- Change Management and Risk Scrutiny: Played a pivotal role in the change management committee, rigorously scrutinizing Information Security Risks across various domains, including project management, application development, new product launches, and outsourcing
- This ensured that all changes within the bank were assessed for potential security risks
- Security Reviews and Vendor Management: Conducted meticulous reviews of requirement definitions, outsourcing arrangements, and vendor contracts to confirm compliance with stringent information security requirements, safeguarding the bank’s interests and data integrity
- Zero Trust Architecture Implementation: Drove the implementation and enforcement of the Zero Trust Architecture model, significantly enhancing the security of corporate information systems, networks, and data against emergent threats
- Strategic Contributions to CISO's Office: Co-developed the Information Security Framework, annual plans, strategies, and roadmaps with the CISO's office, aligning them with the bank's business goals and enhancing the overall strategic approach to information security
- GRC Process Integration with RSA Archer: Led the integration of internal Information Security GRC processes within RSA Archer, improving automation and efficiency in risk management workflows, and enabling more effective risk monitoring and reporting
- Embedding Security in Business Processes: Championed the incorporation of Information Security risk management practices into core business operations, significantly enhancing the bank’s overall security posture and awareness
- Team Management and Mentorship: Managed and mentored the Risk Management team, promoting a culture of continuous improvement, professional growth, and adherence to best practices in risk management
- Collaboration with IT for Asset Management: Worked closely with the IT department to establish a unified information assets register, streamlining asset management and bolstering compliance reporting
- Active Policy Enforcement and Strategic Input: Engaged proactively in assessing and mitigating deviations from Information Security policies, providing strategic recommendations to the CISO for continuous policy improvement and enforcement
- Comprehensive Security Reviews and Compliance: Ensured thorough Information Security reviews across all bank entities, upholding impeccable standards and systematically addressing any identified issues
- Risk Review Coordination and Communication: Coordinated the execution and communication of periodic risk reviews, ensuring alignment with stakeholders and compliance with regulatory expectations, thereby maintaining a consistently high standard of risk management.
Team Lead
Global Cyber Security
03.2018 - 11.2019
- Placed by Wipro in Saudi Basic Industries Corporation (SABIC), Saudi Arabia (25,000+ users' environment)
- Governance and Compliance Program Leadership: Championed the execution of comprehensive governance and compliance programs under the guidance of the Head of Information Security Governance
- Led strategic implementation across the enterprise, ensuring alignment with industry best practices and regulatory requirements
- KRI and KPI Development and Management: Developed and sustained enterprise-wide Information Security Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs)
- Drove continuous performance improvement through regular monitoring and analysis of these metrics
- Third-Party Risk Management Initiatives: Orchestrated Third-Party Risk Management (TPRM) initiatives, effectively mitigating risks associated with external vendors
- Enhanced overall security resilience by implementing robust vendor risk assessment and management processes
- Optimization of RSA Archer GRC Process Flows: Played a crucial role in refining RSA Archer GRC process flows, optimizing risk and compliance management processes
- Ensured efficient and effective risk governance and compliance monitoring across the organization
- Information Security Training and Awareness: Pioneered the design and delivery of comprehensive Information Security training and awareness programs
- Significantly elevated the security acumen within the organization, fostering a culture of security mindfulness and compliance
- Change Management and Security Integration: Actively participated in Change Management activities, focusing on the seamless integration of security controls with business processes
- Ensured that transitions and updates maintained high-security standards without disrupting business operations
- Collaboration for Security Control Integration: Collaborated extensively with process owners to embed Information Security controls into systems and processes
- Utilized in-depth risk and control knowledge to strengthen and fortify the organization’s security framework
- Information Security Control Documentation Management: Managed the periodic review and update of Information Security control documentation
- Addressed a range of systems, including Cloud Computing, Software-Defined Networking (SDN), Network Functions Virtualization (NFV), and Operational Technology (OT), bolstering governance and compliance
- Reporting and Decision Support: Produced and presented insightful status reports and dashboards on Information Security Governance, Risk, and Compliance
- These reports informed and guided senior management decisions, clearly showing the organization’s security posture.
Information Security Risk Services Consultant
02.2018 - 03.2018
- Placed by Wipro Arabia in Gulf International Bank, Bahrain (2,000+ users' environment)
- Gap Assessment for PCI DSS Compliance: Led the gap assessment process, meticulously comparing the bank's current security measures against the requirements of PCI DSS version 3.2.1
- This process was crucial in identifying areas where the bank's cybersecurity practices needed enhancement to meet the stringent standards of PCI DSS
- Adherence to Best Practices: Followed industry best practices in conducting the gap assessment
- This involved a detailed analysis of security policies, procedures, and technical controls in place, identifying discrepancies and recommending necessary changes to achieve full compliance
- Risk Analysis and Mitigation Planning: Conducted a comprehensive risk analysis based on the findings of the gap assessment
- This helped in prioritizing the risks associated with any non-compliance areas and formulating a strategic risk mitigation plan
- Collaboration and Reporting: Worked in close collaboration with various internal teams, including IT and security departments, to ensure a thorough and accurate assessment
- Regularly reported findings and progress to senior management, ensuring transparency and informed decision-making
- Strategic Recommendations for Compliance: Provided strategic recommendations based on the gap analysis, guiding the bank on implementing effective measures to meet PCI DSS standards
- This included advising on enhancing security controls, updating policies, and improving security awareness across the organization.
Senior Cyber Security Architect
06.2016 - 01.2018
- Placed by Wipro in Saudi Electricity Company (SEC), (Utility Company) (10,000+ users' environment)
- Strategic Cybersecurity Consulting and Advisory: Provided expert consulting and advisory services to senior management on cybersecurity strategies and best practices
- This involved analyzing current security postures and identifying areas for enhancement to mitigate risks and align with industry standards
- Innovative Security Architecture Design: Led the design and architecture of advanced cybersecurity solutions
- My approach focused on integrating cutting-edge technologies and methodologies to fortify the company’s digital assets against evolving cyber threats
- Security Control Transformation: Spearheaded the transformation of security controls, implementing robust and scalable security architectures
- This included developing and integrating comprehensive security measures tailored to the unique needs and challenges of the energy sector
- Cross-Functional Collaboration: Worked closely with various internal teams and external vendors to ensure the seamless implementation of security architectures
- Fostered a collaborative environment to drive the adoption of security best practices across the organization
- Cybersecurity Posture Enhancement: My efforts were pivotal in enhancing the overall cybersecurity posture of IT and OT
- I significantly improved the company's resilience to cyber threats through strategic planning, innovative design, and effective implementation of security controls.
Manager
Sui Southern Gas Company Ltd
12.2005 - 06.2016
- Utility Company) Pakistan (5,000+ users' environment)
- Leadership in Information Security Governance & Compliance: Directed the Information Security Governance & Compliance Unit, ensuring strict adherence to both company policies and prevailing industry standards
- Oversaw the establishment and maintenance of a robust security governance framework.
Project Manager
10.2004 - 12.2005
- Year Contract in Scientechnic - Siemens., UAE (1000+ users' environment)
- Leadership in Information Security Project Delivery: Oversaw the delivery of comprehensive Information Security projects, meticulously ensuring alignment with the diverse business requirements of multiple clients across the UAE
- This involved close coordination with client teams to understand their unique security needs and objectives
- Strategic Network Security Initiatives: Led a team of specialists in the strategic planning and execution of network security initiatives
- Played a key role in significantly enhancing client security postures, implementing advanced security solutions tailored to their specific environments
- Collaboration for Tailored Security Solutions: Fostered collaboration between Network Security teams and client stakeholders
- This involved designing and implementing robust security controls, customized to address each client's specific operational needs and security challenges
- Project Lifecycle Management: Successfully managed the entire project lifecycle from inception to completion
- This included overseeing project planning, execution, and delivery, ensuring that all phases were completed on time, within budget, and to the highest quality and client satisfaction standards
- Client Relationship and Satisfaction: Maintained strong client relationships throughout project engagements, focusing on understanding their specific security requirements and ensuring their satisfaction with the delivered solutions
- Consistently received positive feedback for meeting and exceeding client expectations in terms of security improvements and business alignment
- Team Leadership and Development: Provided leadership and guidance to the network security team, ensuring the development of their technical and project management skills
- Promoted a culture of continuous learning and adaptation to emerging security trends and technologies.
Network Security Engineer
Supernet Ltd
10.2002 - 09.2004
- (Internet and Telecom Service Provider)
- Management of MAN/WAN Network Projects: Orchestrated the management of expansive Metropolitan Area Network (MAN) and Wide Area Network (WAN) projects, delivering secure and reliable networking solutions to a diverse clientele across the country
- Ensured that each project met high standards of security and reliability, catering to the specific needs of different clients
- Network Infrastructure Design and Optimization: Applied a deep understanding of various network technologies to design and optimize network infrastructures
- Focused on ensuring robust security and peak performance, integrating the latest technologies and security practices to enhance network resilience
- Strategic Project Execution: Played a pivotal role in project execution, overseeing each phase from initial design to deployment
- Emphasized the strategic integration of security best practices throughout the project lifecycle, ensuring a security-first approach in network solutions
- Collaboration for Tailored Network Solutions: Collaborated closely with cross-functional teams and clients to develop network solutions tailored to specific operational requirements and security standards
- Worked to understand the unique challenges and needs of each client, delivering solutions that were both technically sound and aligned with their business goals
- Client Engagement and Satisfaction: Engaged actively with clients throughout the project process, ensuring their needs and expectations were met
- Focused on building strong relationships and maintaining high levels of client satisfaction by delivering secure and efficient network solutions
- Innovation and Technology Integration: Stayed abreast of emerging network technologies and security trends, integrating innovative solutions into network designs to address evolving security threats and performance requirements
Education
MSc - Computer Science with Cyber Security
Wrexham University
Bachelor of Computer Science - BCS
University of Karachi
Specialization Certificate - Leading People and Teams
University of Michigan (Ross School of Business)
Diploma in Computer Science - DCS
Petroman Training Institute
Advanced Diploma - Networking Technologies
New Horizon Institute
Skills
Leadership & Strategic Management
Certification
CISSP – Certified Information Systems Security Professional, ISC2 USA
Affiliations
- Institute of Risk Management (IRM), UK
- International Association of Privacy Professionals (IAPP), USA
- Chartered Institute of Information Security (CIISec), UK
- Information Systems Audit and Control Association (ISACA), USA
- Information Systems Security Certification Consortium (ISC2), USA
- Factor Analysis of Information Risk (FAIR Institute), USA
- Information Systems Security Association (ISSA), USA
- Association of Project Management (APM), UK
- Project Management Institute (PMI), USA
- American Management Association (AMACOM), USA
- British Computer Society (BCS), UK
- IEEE Computer Society, USA
- Advancing Information Transport Systems (BICSI), USA
- OWASP Leaders, USA
- Association of Insurance and Risk Managers (AIRMIC), UK
- Professional Evaluation and Certification Board (PECB), Canada
- Association of Certified Fraud Examiners (ACFE), USA
- EC-Council, USA
- The KPI Institute, Australia
- The Open Group (TOGAF), USA
- SABSA Institute
Career Overview
Dynamic and visionary Senior Cybersecurity Leader and GRC Expert with over 20 years of international experience transforming cybersecurity frameworks and achieving top-tier compliance across multiple sectors.
Professional Development
Completed courses in Corporate Governance, Leadership, and Analytical Skills., Active mentor with The Citizens Foundation's Rahbar Mentorship Program, supporting underprivileged students., Recognized for contributions to disaster relief efforts during flood operations.
Personal Information
Iqama Status: Resident of Saudi Arabia with transferable IQAMA.
Timeline
Cybersecurity Director
Tawuniya Insurance
12.2023 - Current
Cybersecurity Manager
BUPA Arabia, Healthcare Insurance
07.2022 - 12.2023
Cyber Security Architect
Saudi National Bank, SNB
01.2022 - 07.2022
Principal Consultant
12.2019 - 12.2021
Team Lead
Global Cyber Security
03.2018 - 11.2019
Information Security Risk Services Consultant
02.2018 - 03.2018
Senior Cyber Security Architect
06.2016 - 01.2018
Manager
Sui Southern Gas Company Ltd
12.2005 - 06.2016
Project Manager
10.2004 - 12.2005
Network Security Engineer
Supernet Ltd
10.2002 - 09.2004
Bachelor of Computer Science - BCS
University of Karachi
Specialization Certificate - Leading People and Teams
University of Michigan (Ross School of Business)
Diploma in Computer Science - DCS
Petroman Training Institute
Advanced Diploma - Networking Technologies
New Horizon Institute
MSc - Computer Science with Cyber Security
Wrexham University
Similar Profiles
Ghoson A. AlghosnGhoson A. Alghosn
Key account Relationship at Tawuniya insuranceKey account Relationship at Tawuniya insurance
Nahla AlabdulhadiNahla Alabdulhadi
Key Account and Corporate Delegate - Specialist at Tawuniya InsuranceKey Account and Corporate Delegate - Specialist at Tawuniya Insurance
Majid Al-MutairiMajid Al-Mutairi
Virtualization administrator at Tawuniya InsuranceVirtualization administrator at Tawuniya Insurance
AYIDH ALMUTIRIAYIDH ALMUTIRI
Call Agent at Tawuniya InsuranceCall Agent at Tawuniya Insurance
Mohammed Ali AltamimiMohammed Ali Altamimi
Director of the National Healthcare Strategy Depar at Saudi Health CouncilDirector of the National Healthcare Strategy Depar at Saudi Health Council