Azzam Ahmed AA monogram logo Azzam Ahmed Senior Cyber Security GRC Specialist

Riyadh, Saudi Arabia | CRISC - CRTP - ECSA - CEH - RHCSA

Security governance, risk, and architecture review for critical digital environments.

I help organizations identify cyber risk, manage vulnerabilities, review secure architecture, and align IT/OT projects with regulatory requirements, security standards, and business objectives.

Download CV Contact me
Vulnerability Management Security Architecture Application Security Network Security

Professional profile

Risk-based cybersecurity leadership with technical depth.

I am a Senior Cyber Security GRC Specialist with strong experience in comprehensive risk assessments, vulnerability management, regulatory compliance, third-party risk, security audits, and secure architecture reviews for new and ongoing technology projects.

My background combines governance and hands-on technical security across Linux, Windows, Active Directory, web application security, network security, WAF implementation, vulnerability assessment, penetration testing, business continuity, disaster recovery, and operational technology environments.

Expertise

Cybersecurity capabilities aligned to your CV

Core strengths across GRC, technical security, compliance, architecture, and enterprise risk visibility.

01

Cyber Risk Assessment

Assess critical applications, infrastructure, vendors, and business processes by identifying risks, impacts, control gaps, and practical treatment actions.

02

Security Architecture Review

Review new projects, system designs, infrastructure changes, application features, and OT systems before deployment to ensure security alignment.

03

Vulnerability Management

Support scanning governance, finding assignment, risk prioritization, remediation tracking, and vulnerability reporting across enterprise environments.

04

Regulatory Compliance

Facilitate security compliance, evidence review, audit readiness, control mapping, and alignment with internal policies and external regulatory expectations.

05

Third-Party Risk

Evaluate vendor security posture, contracts, compliance evidence, remote access, criticality, data exposure, resilience, and risk treatment actions.

06

IT/OT Security Governance

Implement and enforce controls in IT and OT environments where resilience, availability, segmentation, change control, and compliance are critical.

07

Security Metrics & Reporting

Develop KRIs and Power BI reporting to translate technical findings into clear management insight and decision-ready security dashboards.

08

Application & Network Security

Apply technical experience in application security, WAF, Linux, Windows, Active Directory, network controls, firewall review, and secure configurations.

Additional areas of expertise

Identity & Access Management Windows AD & Linux OS Cloud Security Security Frameworks Security Audits Data Protection Incident Response Incident Handling Business Continuity Disaster Recovery Penetration Testing Programming & Scripting

Career summary

Experience across energy, banking, aviation, education, and hosting.

A timeline built from your updated CV, focused on the strongest cybersecurity and GRC messages.

Dec 2023 - Present

Senior Cybersecurity GRC Consultant

Saudi Energy KSA | Saudi Arabia

  • Perform cybersecurity reviews for new projects, system designs, and architectures before deployment.
  • Conduct risk assessments for critical applications and recommend controls to protect systems and data.
  • Implement and enforce security controls across IT/OT environments and critical infrastructure systems.
  • Lead third-party risk assessments and monitor vendor security compliance.
  • Develop KRIs and periodic Power BI reports for senior management decision-making.
Nov 2021 - Oct 2023

Senior Information Security GRC Consultant

Al Rajhi Bank | Saudi Arabia

  • Conducted risk assessments for more than 65 critical applications and proposed strategic security controls.
  • Reviewed new applications and features to support regulatory approval and secure deployment.
  • Reviewed and approved more than 95 application change requests at the initiation stage.
  • Processed over 3400 requests across firewall, load balancer, IP assignment, VPN, hardware, cloning, and application change activities.
  • Managed over 950 security scan tasks and assigned more than 150 observed findings for remediation.
Feb 2019 - Jul 2021

Cyber Security GRC Specialist

Continental Jet Services | United Arab Emirates

  • Conducted risk assessments for information systems, applications, and processes.
  • Developed mitigation strategies with cross-functional teams and aligned them to standards and regulations.
  • Maintained information security policies, procedures, standards, internal audits, and control assessments.
  • Collaborated with procurement and legal teams to assess vendor contracts and compliance requirements.
Dec 2017 - Aug 2018

Information Security Officer

National Ribat University | Sudan

  • Configured security settings for 14 Linux, Windows, Active Directory, and mail servers.
  • Developed information security plans and established more than five information security policies.
  • Implemented ModSecurity WAF and configured ASA and StormShield firewall protections.
  • Conducted quarterly vulnerability assessments using Nessus and Nmap and performed manual penetration testing.
Mar 2012 - Dec 2017

Linux Servers Administrator & Security

HostUsZone | Sudan

  • Deployed, configured, secured, and maintained Linux web servers using Apache, PHP, MySQL, and cPanel.
  • Applied security patches, configured firewalls, managed access, monitored performance, and maintained backups.
  • Implemented recovery procedures and server hardening practices to improve stability and resilience.

Selected impact

Evidence-based professional highlights

Numbers and accomplishments that communicate seniority and credibility without exposing sensitive information.

65+ Critical applications assessed for cyber risk and security control gaps.
95+ Application change requests reviewed and approved through GRC processes.
3400+ Security-related requests processed across infrastructure, network, VPN, and application areas.
950+ Security scan tasks managed through enterprise GRC tooling.
150+ Observed findings assigned and tracked for remediation.
14 Linux, Windows, Active Directory, and mail servers secured and configured.

Credentials

Risk, offensive security, and infrastructure foundations.

Certifications and education that support both governance leadership and technical review capability.

CRISCRisk and Information Systems Control
CRTPRed Team Professional
ECSASecurity Analyst
CEHEthical Hacker
RHCSALinux Administration
BScComputer Science, University of Gezira
ArabicNative
EnglishAdvanced

Research focus

Cybersecurity research connected to real-world practice.

AI Security Controls

Controls for secure AI systems in regulated organizations, including governance, risk assessment, data protection, model security, monitoring, and accountability.

Critical Infrastructure & Ransomware

Technical and regulatory analysis of incidents affecting critical services, with practical lessons for resilience, incident response, and governance.

OT Cybersecurity Governance

Approaches for aligning operational technology security with risk appetite, regulatory expectations, change control, and business continuity needs.

Contact

Let’s discuss cybersecurity risk, compliance, or secure architecture.

Available for professional inquiries, research collaboration, cybersecurity GRC discussions, and consulting-related conversations.

Me@azzamahmed.com +966 509 233 663 azzamahmed.com Download CV

For production, connect this form to Formspree, Netlify Forms, or your hosting email handler.