About
Cyber Security & GRC Analyst with 1.6+ years of experience in ISO/IEC 27001:2022 (ISMS) internal audit support, risk assessments, and compliance documentation aligned with PDPL (KSA), NCA ECC, and SWIFT CSP. Skilled in control testing support, evidence collection/validation, CAPA tracking, remediation follow-ups, and risk register maintenance. Also bring 3+ years of Application Support experience, supporting business users, handling incidents, troubleshooting, and coordinating with cross-functional teams to ensure stable operations. Experienced in running KnowBe4 security awareness/phishing simulations and monitoring endpoint alerts using Trend Micro Vision One.
Skills & Expertise (17)
Work Experience
Application Support Engineer
Nityo Infotech
Present - Present
Managed incidents and service requests, ensuring timely resolution and clear stakeholder communication. Troubleshot application and backend issues; collaborated with teams for root cause analysis and documented fixes to prevent recurrence. Supported production stability via monitoring and operational checks; contributed to continuous improvement and knowledge base updates.
Cyber Security & GRC Analyst
TechnoVal Information Systems
Nov 2024 - Present
Supported enterprise GRC initiatives by coordinating control owners and maintaining compliance documentation for audit readiness. Assisted internal audits aligned with ISO 27001:2022, SWIFT CSP, NCA ECC, and PDPL (KSA) by collecting, validating, and organizing evidence. Tracked and followed up 25+ audit findings (CAPA) with stakeholders; ensured remediation actions were documented and progressed to closure. Maintained evidence repositories and audit trackers; ensured completeness, version control, and timely availability for auditors. Supported risk assessments across 8 departments by updating the risk register, capturing threats/vulnerabilities, and monitoring mitigation plans. Conducted cybersecurity onboarding sessions for all new joiners, covering phishing awareness, social engineering, password security, MFA, data protection, and incident reporting procedures. Assigned mandatory security training modules to new employees through the awareness platform and ensured timely completion. Created awareness content including presentations, newsletters, bulletins, posters, and quick user guides for all staff levels. Planned and executed phishing simulations for 900+ employees every month using KnowBe4; monitored metrics (open/click/credential) and shared targeted improvement actions. Supported mandatory security awareness Computer based training campaigns; assisted with communications and completion tracking. Created and distributed security bulletins/newsletters to promote secure behavior and reinforce policy requirements. Delivered sessions on phishing indicators, social engineering tactics, password hygiene, MFA, safe browsing, and secure data handling. Owned the security awareness onboarding process: enrolled users, assigned mandatory modules, tracked completion, sent reminders, and maintained records for audit evidence. Monitored endpoint security alerts, trends, and health using Trend Micro Vision One; escalated suspicious activity per incident handling process. Supported compliance mapping activities for NCA ECC and PDPL requirements through documentation, evidence mapping, and control support. Processed approvals for Local Admin, VPN, USB, and WhatsApp access in line with security policies; maintained approvals for audit reference.
Education
Bachelor of Science (B.Sc.) — Computers - Yogi Vemana University
- · Afghanistan
Certifications
ISO/IEC 27001:2022 – ISMS Foundation
· 2026
