Ziad Tarish

• Collaborate effectively with key stakeholders to produce and deliver comprehensive reports and documentation on Business Continuity Management (BCM) and IT Risk Management to leaders, senior management, and regulatory authorities such as SAMA.

Business Continuity Management:

• Take charge of the BCM team, fostering development, empowerment, and coaching of team members to ensure their capabilities align with the necessary standards, contributing to the successful achievement of BCM team objectives.
• Supervise day-to-day operations of the BCM, steering business continuity efforts and ensuring the ongoing relevance of BCM documents in alignment with evolving business requirements.
• Represent the department during both internal and external BCM audits, ensuring compliance with established standards and facilitating seamless audit processes.
• Lead and facilitate exercising and testing activities, coupled with a meticulous review of reports and lessons learned from these exercises, contributing to continuous improvement initiatives.
• Conduct thorough analyses of Business Impact Assessments (BIA) and Threat and Risk Assessments (TRA) outcomes to identify and address business continuity requirements across various departments.
• Take responsibility for the periodic review and enhancement of BCM Plans and operating procedures, ensuring alignment with industry best practices.

IT Risk Management:

• Apply analytical skills to assess IT systems and address data processing issues, identifying risks and proposing improvements in computer systems and IT-enabled business processes, in alignments with Enterprise Risk Management Framework.
• Collaborate closely with risk champions to plan and develop work program timelines, conduct risk assessments, and create planning documents that align with organizational objectives.
• Contribute to HALA's efforts in strengthening internal IT controls, working towards improving overall IT and business performance.
• Demonstrate a deep understanding of complex information systems and applications, applying this knowledge to address specific situations within HALA.
• Evaluate employees' IT risk awareness, providing necessary training to enhance their capabilities and contribute to a more robust IT risk management framework.

• Digital and Technology Risk Assessment: Have extensive experience in identifying, assessing, and mitigating potential risks related to technology, business continuity, and cybersecurity processes applications, and assets. Worked with a diverse range of clients in both public and private sectors, including financial services and other industries, to provide comprehensive risk assessments which resulting in reduce their exposure to potential threats and protect their valuable assets.
• Technology and Security Internal Audit: Expert in technology, business continuity, and cybersecurity risk-based audit to ensure internal controls operate effectively and efficiently. This includes planning and scoping audit projects, analyzing data, and conducting testing of controls' design and effectiveness, resulting in identifying areas of weakness in the systems and processes of auditable entities and providing recommendations for improvement in documented audit reports.
• Compliance Review: Experienced in conducting compliance reviews with relevant regulations, standards, and best practices such as SAMA CSF, SAMA BCMF, SAMA ITGOVF, NCA ECC, NCA CSCC, ISO 20000, ISO 27001, ISO22301, Tadawul Technical Requirements, and Sarbanes–Oxley Act (SOX) resulting in improved awareness, maturity, and readiness in regulatory compliance, mitigating risks, and enhancing operational efficiency.
• Reporting: Prepared and presented comprehensive reports to senior management and other stakeholders on technology risks and audit findings, resulting in delivering high-quality results for clients, earning their trust and positive feedback.
• Team Management: Worked both independently and as part of a team, depending on the project's scope and requirements. In light of this, I have managed consultants on a variety of projects and provided guidance to team members, reviewed their work, and ensured project objectives were met on time and within budget.

• ITGC Audit: Performed IT General Controls Audits on IT systems including applications, operating systems, databases, and supporting IT infrastructure for various industrial clients in Saudi Arabia.
• IT Risk Assessment: Performed Risk Assessment for multiple banks and companies across various industry sectors as per regulatory compliance.
• Information Security Compliance Audits: Performed Information Security Technical Requirements compliance review for multiple clients in Saudi Arabia in the scope of Information Security, Cybersecurity, Business Continuity, and Technical Connectivity.
• Business Analysis: Performed current state analysis, gathered business requirements and developed business and system requirements for a customized system for a government entity.
• Internal Support: Provide internal support to the management team by developing Proposals based on RFPs, Create various types of documents, presentations, and templates with the best designs based on my extensive experience as a graphic designer.

• Examine internal IT controls by performing ITGC assessment for a various client in KSA.
• Perform IT Disaster Recovery review of existing IT DR Plan and DR Site based on the recognized standards, such as ISO 22301 and ISO 27001.
• Evaluating and identifying the organizational requirements, concurrently recommending IT infrastructure requirements and upgrade.
• Providing global technology vision and leadership to the IT department for formulating, evaluating and implementing IT Service, policies and procedures.

• Manage the technology services that meet operational requirements, and provide a technical support on the organization level.
• Responsible of planning, creating, editing and publishing information on Company Websites and social media accounts as a Web Content Admin.
• Designing and preparation the Services Proposals for the new clients, which reflects the quality of the company's services.