Mahmud Al Dabbagh

• Provided guidance to clients on regulatory compliance, including but not limited to: NIA, QCSF, PDPPL, ISO 22301, ISO 27001, and ISO 27701
• Conducted gap assessments to identify areas of non-compliance and developed remediation plans to address identified issues.
• Conducted security audits to identify vulnerabilities.
• Educated and trained users on information security policies and procedures.
• Conducted full end-to-end information security training campaigns
• Conducted risk assessments to identify vulnerabilities and developed mitigation strategies to improve the overall security posture of the organization.
• Developed and implemented security policies and procedures in alignment with industry standards and best practices.
• Developed plans to safeguard computer files against modification, destruction, or disclosure.
• Demonstrated strong organizational and time management skills while managing multiple projects.
• Monitored use of data files and regulated access to protect secure information.
• Drafted security reports and metrics to track security performance and strategize improvements.
• Built Data Privacy and governance frameworks for organizations
• Conducted Business impact Analysis in the journey of building a robust Business Continuity Management System (and based on ISO 22301).
• Conducted Data Privacy Impact Assessments in the journey of building organizations' Privacy program based on national and International Frameworks (including PDDPL and ISO 27701)
• Prepared strategic plans end-to-end for IT departments in organizations developing the full scope including measurable KPIs, projects and department activities for the planned timelines.

Provide Professional Training to client organizations on using security & productivity software and applications from Microsoft and to adopt the required and provided technology by the company, these include: AIP, MFA, OneDrive and other 365 tools.