Mohammed Alsarhan

- Develop the strategy for cybersecurity and ensure it is aligned with the corporate strategy and NCA strategy.

-develop cybersecurity polices, standards and process to be aligned with the NCA and ISO Cybersecurity standard.

-comply with NCA ECC, CCC and CSCC.

- Establish and implement Cybersecurity Risk Management Program to be aligned with the corporate ERM and NCA Cybersecurity Risk Policy

- implement ISO/IEC 27001to to maintain and continually improve an information security management system (ISMS).

-Implement ISO 27701 to maintain and continually improve a privacy information management system (PIMS).

-Leading one of the Cyber Security GRC groups. The main role is to establish information security governance, Risk and Compliance to be aligned with the organization objectives.

-Develop Cyber Security strategies including strategic principles, guidelines, and objectives in some cases specific measures in order to mitigate risk associated with cybersecurity.

- Outline and define necessary policy and regulatory measures and clearly define roles and responsibilities.

- comply with NCA ECC and Critical Systems Cybersecurity Controls

-Define and set the goals for awareness campaigns that inculcate changes in the behavior and working patterns of users.

-Develop rigorous, definition for cyber security metrics.

-develop KPIs that have targets, specific timeframes for achieving goals, and be relevant to the business outcomes.

-Devolving Cyber Security policies, standards, procedures, guideline and documenting the direction and goals for the Cyber Security program.

- Defining workflows and structures that establish responsibilities and accountability.

-developing Cyber Security Risk Framework that identify rank, and respond to risk as defined by organizational directives

- Managing Cyber Security risk to an acceptable level to meet organizational goals.

-Defining Metrics, KPIs and monitoring processes to ensure compliance and report on control effectiveness.

-Implementing NIST Cyber Security Framework 1.1 that focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes.

- Implementing NIST Special Publication 800-53 that provides a catalog of security and privacy controls for federal information systems to protect organizational operations including mission, functions, image, and reputation, assets and individuals.

-Integrating the Capability Maturity Model Integration (CMMI) to provide sets of best practices to drive business performance through building key capabilities.

-Performing Cyber Security Maturity Assessment based on NIST CSF and provide quantitively numerical score in which driven by CMMI.

- Working as Cyber Security analyst who is responsible for monitoring, analyzing, and detecting and handling cyber security incidents.

- Utilizing advanced security tools and techniques including SIEM, anti-malware, IPS, network performance monitoring.

- Responding to security events and threat cases, manage and monitor security incidents to closure, isolate systems to contain threats and deploy mitigation.

- deploying and administrating security tools and technology including F5 Application security manager (ASM), FireEye Web Malware protection system (MPS) and Intrusion Prevention Systems (IPS).

- Creating and executing incident response plans, processes and procedures and performing root cause evaluations to significant incidents.

- Responding to security events and threat cases, manage and monitor security incidents to closure