Risk assessment & management
Cyber, operational and third-party risk assessments, with risk registers and treatment plans your leadership can actually act on.
GRC, risk & cyber security consulting in Saudi Arabia.
Independent governance, risk and compliance support from a CISM-certified IT and information security leader based in Dammam, Saudi Arabia. I help organisations assess risk, meet PDPL, ISO 27001 and SABIC CyberTrust requirements, run security audits, and build resilience — practically and without jargon.
Compliance & data protection
Map your obligations to controls and close the gaps — GDPR, HIPAA, PDPL, SOX, PCI-DSS, ISO 27001 and ISO 22301 — and run DPIAs where needed.
Security audits & control testing
Plan and execute internal security audits, then test how well your technical and administrative controls actually work.
Business continuity & resilience
Identify critical processes, assess the impact of disruption, and build practical business continuity and disaster recovery plans.
Security awareness training
Develop and deliver training that changes behaviour — phishing, insider threats, data handling and compliance — for teams and leadership.
Data protection operations
Implement data classification, handling procedures and breach-response plans so protection is operational, not just on paper.
CISM
Certified & credentialed
CISM (ISACA, 2025), ITIL, CCNA and a BSc in Computing & IT — governance grounded in real qualifications.
21+ yrs
Enterprise scale
Leading IT and security for 1,200+ users across 18 sites with a SAR 50M budget — I have run the controls I advise on.
KSA
Local & regulatory fluency
Hands-on with PDPL, SABIC CyberTrust, ISO 27001 and ISO 22301 in the Saudi market and Vision 2030 context.
Let's work together
Tell me about your risk, audit or compliance challenge.
Available for freelance GRC and security engagements across Saudi Arabia and remotely.
Get in touch