Ziad Tarish

Leading and Delivering

• Led and delivered large-scale consulting engagements in IT Risk Management, Cybersecurity, Internal Audit, Business Continuity Management, Technology & BCM Governance (Strategy, Policy, SOPs, Process, etc.), Technology & BCM Maturity Assessment, and Regulatory Compliance for large private-sector enterprises, banking, and government clients, ensuring projects met contractual, regulatory, and strategic objectives.
• Produced and presented high-quality client deliverables, including detailed risk assessment reports, risk registers, maturity gap analyses, business continuity programs, governance frameworks, and regulatory compliance reports, tailored to meet both international best practices and regulatory requirements.

Business Development

• Directed end-to-end project lifecycles, including bidding cycle, proposal development, budget planning, resource allocation, team supervision, quality assurance, and stakeholder management; served as the primary client interface, leading kick-off meetings, steering committees, and executive-level discussions.
• Drove business development through competitive proposal preparation and bidding, strong client relationships, and thought leadership initiatives, while overseeing high-impact deliverables such as enterprise risk assessments, ITGC reviews, cybersecurity maturity assessments, BCMS programs, and regulatory compliance.

• Collaborate effectively with key stakeholders to produce and deliver comprehensive reports and documentation on Business Continuity Management (BCM) and IT Risk Management to leaders, senior management, and regulatory authorities such as SAMA.

Business Continuity Management:

• Take charge of the BCM team, fostering development, empowerment, and coaching of team members to ensure their capabilities align with the necessary standards, contributing to the successful achievement of BCM team objectives.
• Supervise day-to-day operations of the BCM, steering business continuity efforts and ensuring the ongoing relevance of BCM documents in alignment with evolving business requirements.
• Represent the department during both internal and external BCM audits, ensuring compliance with established standards and facilitating seamless audit processes.
• Lead and facilitate exercising and testing activities, coupled with a meticulous review of reports and lessons learned from these exercises, contributing to continuous improvement initiatives.
• Conduct thorough analyses of Business Impact Assessments (BIA) and Threat and Risk Assessments (TRA) outcomes to identify and address business continuity requirements across various departments.
• Take responsibility for the periodic review and enhancement of BCM Plans and operating procedures, ensuring alignment with industry best practices.

IT Risk Management:

• Apply analytical skills to assess IT systems and address data processing issues, identifying risks and proposing improvements in computer systems and IT-enabled business processes, in alignments with Enterprise Risk Management Framework.
• Collaborate closely with risk champions to plan and develop work program timelines, conduct risk assessments, and create planning documents that align with organizational objectives.
• Contribute to HALA's efforts in strengthening internal IT controls, working towards improving overall IT and business performance.
• Demonstrate a deep understanding of complex information systems and applications, applying this knowledge to address specific situations within HALA.
• Evaluate employees' IT risk awareness, providing necessary training to enhance their capabilities and contribute to a more robust IT risk management framework.

Digital and Technology Risk Assessment

• Have extensive experience in identifying, assessing, and mitigating potential risks related to technology, business continuity, and cybersecurity processes, applications, and assets.
• Worked with a diverse range of clients in both the public and private sectors, including financial services and other industries, to provide comprehensive risk assessments, which resulted in reducing their exposure to potential threats and protecting their valuable assets.

Technology and Security Internal Audit

• Expert in technology, business continuity, and cybersecurity risk-based audit to ensure internal controls operate effectively and efficiently, including planning and scoping audit projects, analyzing data, and conducting testing of controls' design and effectiveness, resulting in identifying areas of weakness in the systems and processes of auditable entities, and providing recommendations for improvement in documented audit reports.

Compliance Review

• Experienced in conducting compliance reviews with relevant regulations, standards, and best practices such as SAMA CSF, SAMA BCMF, SAMA ITGOVF, NCA ECC, NCA CSCC, ISO 20000, ISO 27001, ISO 22301, Tadawul Technical Requirements, and the Sarbanes–Oxley Act (SOX), resulting in improved awareness, maturity, and readiness in regulatory compliance, mitigating risks, and enhancing operational efficiency.

Reporting

• Prepared and presented comprehensive reports to senior management and other stakeholders on technology risks and audit findings, resulting in delivering high-quality results for clients, earning their trust, and receiving positive feedback.

Team Management

• Worked both independently and as part of a team, depending on the project's scope and requirements. In light of this, I have managed consultants on a variety of projects, provided guidance to team members, reviewed their work, and ensured project objectives were met on time and within budget.

• ITGC Audit: Performed IT General Controls Audits on IT systems including applications, operating systems, databases, and supporting IT infrastructure for various industrial clients in Saudi Arabia.
• IT Risk Assessment: Performed Risk Assessment for multiple banks and companies across various industry sectors as per regulatory compliance.
• Information Security Compliance Audits: Performed Information Security Technical Requirements compliance review for multiple clients in Saudi Arabia in the scope of Information Security, Cybersecurity, Business Continuity, and Technical Connectivity.
• Business Analysis: Performed current state analysis, gathered business requirements and developed business and system requirements for a customized system for a government entity.
• Internal Support: Provide internal support to the management team by developing Proposals based on RFPs, Create various types of documents, presentations, and templates with the best designs based on my extensive experience as a graphic designer.

• Examine internal IT controls by performing ITGC assessment for a various client in KSA.
• Perform IT Disaster Recovery review of existing IT DR Plan and DR Site based on the recognized standards, such as ISO 22301 and ISO 27001.
• Evaluating and identifying the organizational requirements, concurrently recommending IT infrastructure requirements and upgrade.
• Providing global technology vision and leadership to the IT department for formulating, evaluating and implementing IT Service, policies and procedures.

• Manage the technology services that meet operational requirements, and provide a technical support on the organization level.
• Responsible of planning, creating, editing and publishing information on Company Websites and social media accounts as a Web Content Admin.
• Designing and preparation the Services Proposals for the new clients, which reflects the quality of the company's services.