Khwaja Naveed
Cyber Security GRC Professional
PROFILE SUMMARY
Career Summary and Specialties:
Information Security Governance, Risk, and Compliance (GRC) specialist with 20 years in the BFSI, Petrochemical, Utility, and Telecom sectors. Expertise in cybersecurity programs, threat analysis, risk mitigation, Information Security Management, Privacy Management, Project Management, and Cyber Security Architecture.
Certifications and Compliance:
I am certified in CISSP, CISM, RMP, CRISC, ISO 31000:2018, CIPT, PMP, CISA, PCIP, CDPSE, CEH v8, Business Continuity (BS-25999-1/2), ITIL v4 Foundation. Proficient in regulatory compliance with ISO/IEC 27001:2022, ISO/IEC 27002:2022, PCI DSS, and Saudi Arabian regulations such as the Saudi Arabian Monetary Authority (SAMA) Cyber Security Framework (CSF), National Cybersecurity Authority (NCA) standards, and regulations of the Council of Cooperative Health Insurance (CCHI). In addition, I am well-versed with the Personal Data Protection Law (PDPL) requirements, ensuring strict adherence to data privacy and protection norms in the organizations I work with.
Education and Career Trajectory:
Holding Bachelor's and Master's degrees in Computer Science with Cyber Security, I've held critical roles at BUPA Arabia, Saudi National Bank, Versatile Solutions, SAMBA Bank, and SABIC. Contributed to organizations like the Gulf International Bank and Saudi Electricity Company.
Personal Development and Social Responsibility:
Completed courses on Communication Skills, Management & Leadership Skills, and Analytical and Interpersonal Skills. Actively volunteering with The Citizens Foundation, aiding underprivileged students in Pakistan, and contributing to disaster and humanitarian relief efforts in KSA and Pakistan.
Professional Associations:
Member of IRM, IAPP, BCS, AIRMIC, CIISec, APM, ISACA, ISC2, PMI, IEEE, FAIR Institute, PECB, ACFE, EC-Council, ISSA, BICSI, AMACOM, KPI Institute, and OWASP Leaders. Aiming to drive impactful transformations in the field of Information Security.
PROFESSIONAL CERTIFICATIONS
Risk Management:
RMP – Risk Management Professional, PMI USA
CRISC – Certified in Risk and Information Systems Control, ISACA USA
ISO 31000:2018 - Enterprise Risk Management from ERM31000 Training and Consulting, USA
PECB Certified ISO 27005 Lead Risk Manager, Canada
CISRM - Certified Information Systems Risk Manager, Mile2, USA, (Training)
Project Management:
PMP – Project Management Professional, PMI USA
Information Security Management:
CISSP – Certified Information Systems Security Professional, ISC2 USA
CISM – Certified Information Security Manager, ISACA USA
Auditing and Compliance:
CISA – Certified Information Systems Auditor, ISACA USA
PCIP – Payment Card Industry Professional, PCI USA
ISMS ISO 27001 Master Implementer status from IT Governance, UK
Privacy and Data Protection:
CDPSE – Certified Data Privacy Solutions Engineer, ISACA USA
Ethical Hacking:
CEH v8 - Certified Ethical Hacker Program (CEH v8)
Business Continuity:
Business Continuity (BS-25999-1/2) - Kingswell Business Continuity
IT Service Management:
ITIL v4 Foundation
KPI Management:
Certified KPI Professional