Summary
Overview
Work History
Education
Skills
Software
Certification
Timeline
Generic

SALEH AlWAYILI

CISM | CISSP | PMP | ISO 27001 LA | ITIL

Summary

Experienced cyber security manager with more than 11 years of work experience. Excellent reputation for resolving problems, improving customer satisfaction, and driving overall operational improvements. Change agent with extensive IT/Cyber security expertise , achieving exceptional results while bridging the gap between technical experts and company executives.

My demonstrated technical , business management and leadership skills qualified me to improve cyber security alignment with business and ensure their effectiveness in terms of people, process and technology.

Overview

14
14
years of professional experience
6
6
years of post-secondary education
6
6
Certifications
2
2
Languages

Work History

Cyber Security Group Enablement &  Performance Management Manager

stc
07.2020 - Current

Responsibilities:

  • Manage collaboration effort within stc group subsidiaries to improve overall cyber security maturity level and enhance security posture for each subsidiary.
  • Manage cybersecurity performance management reporting including control effectiveness measurement with defined KPIs and metrics over required reporting cycle.

Achievements:

  • 91% satisfaction rate for enablement provided services to stc group subsidiaries.
  • 16+ CS CEO meetings with 10+ CEOs were organized and conducted to align with business.
  • 2 Cybersecurity events , 20+ sessions were organized with international speakers and 10+ CISO , VPs and GM to synergize CS across stc Group.
  • 1000+ KPIs to measure CS capabilities within stc group.
  • 140+ KPI reviewed , developed and modified with 3 months series of alignment and discussion session with 50+ KPIs stakeholders.
  • CS Controls Effectiveness capabilities developed with 3+ domains assessed with related framework , tools and processes.
  • 11 CS profiles for stc group to optimize cost , building strategic alliance and get better support.
  • 10+ Executive letters & Reports written to Group CEO , Subsidiaries CEO and other executives.
  • Resolved conflicts and negotiated mutually beneficial agreements between parties.

Information Security Manager (Project Role)

Tamkeen Technologies 
04.2020 - 07.2020
  • Project based role with Ministry of Sports (MoS) team to implement Information Security Management System (ISMS) based on ISO 27001 and manage Information security programs and projects.
  • Achievements:
  • Top 20 CS controls Gap assessment completed using control framework (CIS) to prioritize the investment and gain much value with less cost.
  • 6 CS projects (AIM , PAM, Vulnerability Scanner , Patch Management, SIEM, WAF) were introduced to bridge CS gap with full details were planned ahead starting from business case , RFP , vendors negotiation and selection , to projects milestones with high level plan.

Cyber Security  Head

National Company for Mechnical Systems
05.2015 - 04.2020

Responsibilities:

  • Manage cyber security team to deliver cyber security services with its related technologies as per agreed service level.
  • Develop & execute information security strategic plan in alignment with business strategy and goals.
  • Review, communicate & enforce information security polices and implement them where possible.
  • Manage cyber security projects to deliver cyber security value to business and ensure effective value realization in operation.
  • Information security risks assessment and management.

Achievements:

  • Achieved 82% of SAFE strategy execution (20 strategic initiatives/projects) within first 2 years despite lack of resources and reduction of current cyber security resources by 50%.
  • 37 cyber security risks Identified and assessed; 30 of them mitigated within 1 year ; using risk management framework.
  • Earned ISO 27001:2013 certificate to get external assurance and enhance internal processes within company.
  • Arranged ICT business continuity and disaster recovery plan within 2 months and 90% of local effort that fulfill most of ISO 22301 requirements.
  • ZERO major incident; resulting from effective cyber security controls implementation.
  • 50% Improvement of ICT & Cyber security Operations effectiveness by implementation of ITIL Incident , Change , Request , Access Managements processes using automated services desk tool delivered using agile adaptive project management methodology to match rapid business requirements changes.
  • 26 policies and procedures were developed as per business requirements.
  • 50% Increase in project delivery effectiveness and efficiency in terms of cost and time by promoting project management best practices starting with business case , then project charter , project plan and ends up with project final report that aligned with strategic road map.
  • 6+ workshops conducted , 8+ video and posters in English & Arabic languages (as LMS content) developed for cyber security awareness training.
  • 60% cost reduction in implementation while maintaining quality of 5+ projects.
  • Establish Cyber security Executive Committee (CEC) with 8+ members where 12+ meetings are facilitated to effectively manage cyber security risks and issues.
  • 70% reduction of malicious activities , spam emails & viruses by delivery of 9 next-generation cyber security Solutions’ (technical controls) effectively.
  • 10+ technical controls implemented; strengthen cyber security posture (i.e Firewalls , SIEM , vulnerabilities Management , ..etc).
  • 17 ICT goals defined aligned with 17 enterprise goals; 31 initiatives/projects arranged to achieve them within new 3-years ICT strategic plan based on COBIT framework.

Acting IT Manager

National Company of Mechincal Systems
02.2013 - 05.2015

Achievements:

  • Creating 1st NCMS IT team ; improve their capabilities by 7+ training courses ; hiring 3 IT employees provided services that satisfied 86% of IT customers.
  • 100% working ICT infrastructure services by effective Data Center project commissioning.
  • 10,000+ services tickets are full-filled; 1000+ hours are saved ; by implementation and development of effective automated service ticketing solution.

Cyber Security Engineer

National Company of Mechincal Systems
02.2013 - 05.2015

Achievements:

  • Zero downtime due to security incident with effective implementation and configuration of security technical controls e.g UTM firewall , endpoint protection systems , and hardened DC GPO.
  • Protecting 10+ information systems from loss as result of disaster with offsite DR and effective backup system as part of DR plan.

Systems / Cybersecurity Engineer

Jubail Petrochemical (SABIC & ExxonMobil Joint Venture) 
05.2010 - 01.2013


Achievements:

  • Zero data breaches due to effective OT with endpoint protection systems , GPO and strict access management.
  • 48 hours project delivery; success in leading team to complete “Upgrading Honeywell Unix-Based Control System” within strict time limit.
  • Manage 1M+ SAR projects; upgrading & rolling out customized process control workstations & server into production as per business requirement.
  • Saved 25,000,000+ SAR; by effective and quick problem and incident resolution of OT and ICS systems issues.

Education

Bachelor of Science - Computer Engineering

King Fahd University of Petroleum And Minerals 
Dhahran
06.2004 - 02.2010

Skills

Customer Service

undefined

Software

GRC: Frameworks  , Standards and Regulations , Saudi NSA Regulations , ISO 27001 , ITIL , COBIT , TOGAF , PCI DSS, ISO 22301 , ISO 20000 and SAMA CSF , Cyber security Awareness: LMS ; NetConsent ; InfoShield ; PhishMe ; Penetration Testing

IT Security Operation : UTM Firewall ; Email Security ; Fortinet ; SonicWall ; Mcafee ; Tenable Nessus;  Rapid7 ; Safetica ; Lansweeper ; Microsoft ; PAM ; IAM; Patch Management; DLP ; Encryption

Threats Intelligence : TIB ; VirusTotal ; BrightSight ; Saudi CERT ; DarkReading ; ComputerWeekly ; TechTarget and other

Security Incidents Detection & Response : SIEM; LogRhythm ; AlienVault ; EDR ; UEBA ; ManageEngine

System Integration: Implementation of CIS controls

Certification

ISO 27001 Lead Auditor by PECB 

Timeline

Cyber Security Group Enablement &  Performance Management Manager

stc
07.2020 - Current

Information Security Manager (Project Role)

Tamkeen Technologies 
04.2020 - 07.2020

ISO 27001 Lead Auditor by PECB 

12-2019

Certified Information Security Manager 

10-2019

Project Management Professional (PMP)

01-2019

ITIL Foundation Certificate  in IT Services Management

08-2018

Certified Information Systems Security Professional (CISSP)

05-2018

Lean Six Sigma Green Belt

01-2016

Cyber Security  Head

National Company for Mechnical Systems
05.2015 - 04.2020

Acting IT Manager

National Company of Mechincal Systems
02.2013 - 05.2015

Cyber Security Engineer

National Company of Mechincal Systems
02.2013 - 05.2015

Systems / Cybersecurity Engineer

Jubail Petrochemical (SABIC & ExxonMobil Joint Venture) 
05.2010 - 01.2013

Bachelor of Science - Computer Engineering

King Fahd University of Petroleum And Minerals 
06.2004 - 02.2010

Similar Profiles

  • Essam Almogherah

    Essam AlmogherahEssam Almogherah

    Tamayouz Program Management Section Manager at STCTamayouz Program Management Section Manager at STC

  • Nawar Zaid Aldajani

    Nawar Zaid AldajaniNawar Zaid Aldajani

    Investment Unit Quality & GRC Director at stcInvestment Unit Quality & GRC Director at stc

  • Ibrahim Abdulaziz Al-Mashhadi

    Ibrahim Abdulaziz Al-MashhadiIbrahim Abdulaziz Al-Mashhadi

    Business Analyst at STCBusiness Analyst at STC

  • Mohammad R. Ayad

    Mohammad R. AyadMohammad R. Ayad

    Senior Quality Assurance Engineer at StcSenior Quality Assurance Engineer at Stc

  • Neeraj Garg

    Neeraj GargNeeraj Garg

    <ul><li>Company Overview: Group Company of PUIG, Spain</li><li>Team Leadership & Process Excellence: Organised the transformation of the Finance & Accounts function, establishing performance-driven goals, and embedding a culture of accountability and continuous improvement. Drove operational efficiency through process redesigns, SOP implementation and optimal resource deployment, leading to measurable improvements in turnaround time and accuracy.</li><li>Strategic Partnering with CXOs: Acted as a key advisor to the CEO, CFO, and other CXOs on business planning, pricing strategies, and business model pivots to support scale-up and profitability. Contributed to investor communications with data-backed insights to enhance stakeholder confidence and secure strategic funding.</li><li>Cross-Functional & Global Stakeholder Management: Functioned as the strategic finance business partner to cross-functional heads and the PUIG global finance team, aligning local execution with global financial strategies and compliance requirements.</li><li>ERP Transformation & System Automation: Led end-to-end ERP reimplementation to address system gaps, enforce role-based controls, and automate core finance processes—resulting in enhanced data accuracy, faster reporting and improved internal controls.</li><li>Costing, Inventory & Profitability Optimization: Designed and implemented plant-level costing models to ensure accurate COGS determination. Improved inventory management across pricing, consumption tracking, and aging analysis—enabling better working capital control and cost efficiency.</li><li>Manufacturing Finance & Statutory Compliance: Supervised end-to-end accounting for manufacturing operations and ensured full statutory compliance.</li><li>Financial Reporting, MIS & Profitability Analytics: Delivered accurate and timely monthly MIS reports, including P&L, Balance Sheet and KPI dashboards with deep-dive variance analysis across stores, business verticals, and geographies. Supported board-level decision-making through insightful presentations on financial health and business performance.</li><li>Budgeting, Forecasting & Business Planning: Led the Annual Operating Plan (AOP) and rolling forecasts, ensuring alignment with strategic objectives and market dynamics. Monitored key financial metrics to enable business decisions and proactive cost management.</li><li>Statutory, Internal & Tax Audit Management: Finalized standalone and consolidated financials under Ind AS and IFRS, ensured timely group reporting and compliance with international standards. Delivered clean and timely closures of statutory, tax, and internal audits in coordination with Big 4 auditors. Strengthened audit readiness through pre-audit diagnostics and rectification of recurring control gaps.</li><li>Regulatory Compliance & Risk Management: Ensured end-to-end compliance which includes ROC, RBI, FEMA, Income Tax, GST, Transfer Pricing, DTAA, and Customs. Reviewed cross-border contracts and transactions to ensure arm’s length pricing, accurate TDS application, and proper documentation under Transfer Pricing regulations.</li><li>Commercial Negotiation & Contract Governance: Led commercial negotiations and structured deals with vendors and franchisees. Reviewed key business contracts to ensure financial viability, risk protection, and compliance with regulatory standards.</li><li>Treasury & External Commercial Borrowing (ECB): Managed fund planning and liquidity management including ECB drawdowns, bank negotiations, and interest optimization. Improved working capital cycles through proactive cash flow forecasting and receivables control.</li><li>Internal Controls & Governance Framework: Led organization-wide reviews of internal control systems, identified process gaps, and redesigned or implemented over 40 SOPs and IFCs. Established a governance structure for financial discipline, risk mitigation, and policy compliance across departments.</li></ul> at Kama Ayurveda Pvt. Ltd. & PUIG India Pvt. Ltd.<ul><li>Company Overview: Group Company of PUIG, Spain</li><li>Team Leadership & Process Excellence: Organised the transformation of the Finance & Accounts function, establishing performance-driven goals, and embedding a culture of accountability and continuous improvement. Drove operational efficiency through process redesigns, SOP implementation and optimal resource deployment, leading to measurable improvements in turnaround time and accuracy.</li><li>Strategic Partnering with CXOs: Acted as a key advisor to the CEO, CFO, and other CXOs on business planning, pricing strategies, and business model pivots to support scale-up and profitability. Contributed to investor communications with data-backed insights to enhance stakeholder confidence and secure strategic funding.</li><li>Cross-Functional & Global Stakeholder Management: Functioned as the strategic finance business partner to cross-functional heads and the PUIG global finance team, aligning local execution with global financial strategies and compliance requirements.</li><li>ERP Transformation & System Automation: Led end-to-end ERP reimplementation to address system gaps, enforce role-based controls, and automate core finance processes—resulting in enhanced data accuracy, faster reporting and improved internal controls.</li><li>Costing, Inventory & Profitability Optimization: Designed and implemented plant-level costing models to ensure accurate COGS determination. Improved inventory management across pricing, consumption tracking, and aging analysis—enabling better working capital control and cost efficiency.</li><li>Manufacturing Finance & Statutory Compliance: Supervised end-to-end accounting for manufacturing operations and ensured full statutory compliance.</li><li>Financial Reporting, MIS & Profitability Analytics: Delivered accurate and timely monthly MIS reports, including P&L, Balance Sheet and KPI dashboards with deep-dive variance analysis across stores, business verticals, and geographies. Supported board-level decision-making through insightful presentations on financial health and business performance.</li><li>Budgeting, Forecasting & Business Planning: Led the Annual Operating Plan (AOP) and rolling forecasts, ensuring alignment with strategic objectives and market dynamics. Monitored key financial metrics to enable business decisions and proactive cost management.</li><li>Statutory, Internal & Tax Audit Management: Finalized standalone and consolidated financials under Ind AS and IFRS, ensured timely group reporting and compliance with international standards. Delivered clean and timely closures of statutory, tax, and internal audits in coordination with Big 4 auditors. Strengthened audit readiness through pre-audit diagnostics and rectification of recurring control gaps.</li><li>Regulatory Compliance & Risk Management: Ensured end-to-end compliance which includes ROC, RBI, FEMA, Income Tax, GST, Transfer Pricing, DTAA, and Customs. Reviewed cross-border contracts and transactions to ensure arm’s length pricing, accurate TDS application, and proper documentation under Transfer Pricing regulations.</li><li>Commercial Negotiation & Contract Governance: Led commercial negotiations and structured deals with vendors and franchisees. Reviewed key business contracts to ensure financial viability, risk protection, and compliance with regulatory standards.</li><li>Treasury & External Commercial Borrowing (ECB): Managed fund planning and liquidity management including ECB drawdowns, bank negotiations, and interest optimization. Improved working capital cycles through proactive cash flow forecasting and receivables control.</li><li>Internal Controls & Governance Framework: Led organization-wide reviews of internal control systems, identified process gaps, and redesigned or implemented over 40 SOPs and IFCs. Established a governance structure for financial discipline, risk mitigation, and policy compliance across departments.</li></ul> at Kama Ayurveda Pvt. Ltd. & PUIG India Pvt. Ltd.

CREATE PROFILE
SALEH AlWAYILICISM | CISSP | PMP | ISO 27001 LA | ITIL