Khwaja Naveed 

Senior Cybersecurity & GRC Specialist | Strategic Risk Innovator | Certified Security Sage 


Career Summary and Specialties:

Information Security Governance, Risk, and Compliance (GRC) specialist with 20 years in the BFSI, Petrochemical, Utility, and Telecom sectors. Expertise in cybersecurity programs, threat analysis, risk mitigation, Information Security Management, Privacy Management, Project Management, and Cyber Security Architecture.

Certifications and Compliance:

I am certified in CISSP, CISM, RMP, CRISC, ISO 31000:2018, CIPT, PMP, CISA, PCIP, CDPSE, CEH v8, Business Continuity (ISO 20000), ITIL v4 Foundation. Proficient in regulatory compliance with ISO/IEC 27001:2022, ISO/IEC 27002:2022, PCI DSS, and Saudi Arabian regulations such as the Saudi Arabian Monetary Authority (SAMA) Cyber Security Framework (CSF), National Cybersecurity Authority (NCA) standards, and regulations of the Council of Cooperative Health Insurance (CCHI). In addition, I am well-versed with the Personal Data Protection Law (PDPL) requirements, ensuring strict adherence to data privacy and protection norms in the organizations I work with.

Education and Career Trajectory:

Holding Bachelor's and Master's degrees in Cyber Security, I've held critical roles at Tawuniya, BUPA Arabia, Saudi National Bank, SAMBA Bank, SABIC, Gulf International Bank, and Saudi Electricity Company. Contributed to organizations like the SAB Bank, Geidea, Emkan and others.

Personal Development and Social Responsibility:

Completed courses on Communication Skills, Management & Leadership Skills, and Analytical and Interpersonal Skills. Actively volunteering with The Citizens Foundation, aiding underprivileged students in Pakistan, and contributing to disaster and humanitarian relief efforts in KSA and Pakistan.

Professional Associations:

Member of IRM, IAPP, BCS, AIRMIC, CIISec, APM, ISACA, ISC2, PMI, IEEE, FAIR Institute, PECB, ACFE, EC-Council, ISSA, BICSI, AMACOM, KPI Institute, and OWASP Leaders. Aiming to drive impactful transformations in the field of Information Security. 


Risk Management:


Project Management:


Information Security Management:


Auditing and Compliance:


Privacy and Data Protection:


Ethical Hacking:


Business Continuity:


IT Service Management:


KPI Management: