Syed Taimoor

• Conducting risk assessments for third-party entities by using tool and manual process. • Development of cybersecurity policies, procedures, and standards. • Compiled quarterly and annual reports to support decision-making in management meetings. • Planning and executing phishing campaigns using a simulations tool. • Leveraged GRC tools to manage and automate governance activities, enhancing policy enforcement and risk management.

• Developed cybersecurity policies and procedures in line with regulatory frameworks & International standards. • Conducted organization-level risk assessments to determine suitable security measures. • Facilitating the creation and execution of Business Continuity Planning, including testing. • Performed Maturity assessment against NIST 800-53 standard. • Developed Minimum Baseline Security Standard (MBSS).

• Maintained company-wide compliance with industry standards (ISO 27001). • ISO 27001, SAMA & NCA-ECC framework implementation Projects across different organizations. • IT Security Audits (ISO 27001, NCA ECC and PCI DSS.) for Government and Private organizations. •• Developed Data Classification Framework for various clients. • Developed Cybersecurity strategy for various clients. • Provided support in development of BCP framework.

• Vulnerability Assessment of Network devices. • Work with other IT groups, to maintain and implement IT security procedures. • Review and provide recommendations on Technical Security Standards and Systems baseline Security Requirements. • Management of Internal PKI Infrastructure

• Email, Web & VPN log Analysis • Management of GFI End Point Security to protect end system through the implementation of security policies. • Ensuring that the company meets certain security standards (HIPAA, NIST, ISO, MU) or any other standard imposed by US Government) to protect PHI (Patient Health Information) and other sensitive information. • Vulnerability assessment of network devices. • ISO 27001 Internal Auditor • Devising policies & procedures • Revision of existing policies and procedures