IT Risk Advisory Consultant | Cybersecurity GRC Specialist

Delivering SAMA CSF/MVC/CTI, NCA ECC/DCC, and ITGC assessments for financial, government, and defense-sector clients including Aramco Digital, American Express, and IMCTC

Get In Touch View My Research

About Me

Aziz Alghamdi

Who I Am

I am an IT Risk Advisory Consultant at Dr. Mohamed Al-Amri & Co. (BDO), based in Riyadh, Saudi Arabia. I deliver risk-based compliance engagements for some of Saudi Arabia's most high-profile organizations — including Aramco Digital, American Express (AESA), Saudi Public Security, and IMCTC — spanning SAMA CSF/MVC/CTI, NCA ECC/DCC, and ITGC frameworks.

My work includes producing Risk & Control Matrices (RCMs), leading audit walkthroughs, identifying risk owners, coordinating stakeholder meetings, and authoring 40+ bilingual cybersecurity policy and procedure documents. I specialize in translating complex regulatory requirements into actionable compliance roadmaps that organizations can actually follow.

I combine deep GRC expertise with a strong technical foundation in software development, penetration testing, and AI-assisted tooling — including a live GRC Automation Platform I built to accelerate policy drafting and control mapping. My academic background combines computer science with cybersecurity specialization and criminal justice, providing a comprehensive perspective on digital security challenges.

GRC Consulting
SAMA CSF / MVC / CTI
NCA ECC & DCC
ITGC Assessments
Risk & Control Matrices
Gap Analysis
Policy Development
Bilingual (AR/EN)
Try Interactive Learning

Interactive Cybersecurity Learning

Hands-on training for the next generation of security professionals

Immerse yourself in our cutting-edge cybersecurity training environment featuring practical challenges, realistic scenarios, and guided exercises designed by security experts. Whether you're a beginner looking to build fundamental skills or an experienced professional wanting to sharpen your expertise, our interactive platform provides the perfect learning environment.

5+ Practice Labs
20 Skill Paths
24/7 Access

Hands-On Labs

Practice in real-world environments with guided instructions

Defense Simulations

Test your skills against realistic attack scenarios

Concept Challenges

Reinforce learning through interactive knowledge checks

Progress Tracking

Monitor your skill development and improvement

Launch Interactive Platform
No download required. Works on all devices.
Interactive Cybersecurity Learning Platform
Learn by doing.
Command Line
Live Coding
Network Labs

Professional Experience

April 2026 - Present

IT Risk Advisory Consultant

Dr. Mohamed Al-Amri & Co. — BDO | Riyadh, Saudi Arabia

Conducting risk-based compliance engagements for major Saudi entities across financial, telecom, and energy sectors.

  • Conducting SAMA MVC & CSF compliance assessment for American Express (AESA); supported team knowledge transfer on CTI assessment methodology
  • Assigned to classified Aramco Digital audit: identifying risk owners, coordinating stakeholder walkthroughs, and documenting control evidence across secure infrastructure
  • Driving end-to-end cybersecurity and data privacy review for upsource by STC, including scoping, control testing, and gap reporting
  • Producing Risk & Control Matrices (RCMs) for multiple engagements, translating technical findings into executive-level compliance reports
  • Performing IT General Controls (ITGC) assessments covering access management, change management, and IT operations controls
  • Evaluating organizational security posture against NCA ECC/DCC, CIS Controls, and Cyber Resilience Framework (CRF)
  • Participating in business continuity and disaster recovery (BC/DR) drills, observing failover and system switchover procedures
November 2025 - February 2026

Cybersecurity GRC Specialist

Sensus | Riyadh, Saudi Arabia

Delivered end-to-end GRC engagements for high-profile financial, government, and military clients across Saudi Arabia.

  • Delivered full SAMA Cybersecurity Framework assessment for MedGulf Insurance, covering all domains end-to-end
  • Led NCA ECC & DCC assessments for Saudi Public Security and Islamic Military Counter Terrorism Coalition (IMCTC)
  • Authored and reviewed 40+ cybersecurity policies, procedures, and standards for IMCTC covering governance, access control, incident response, and data classification
  • Wrote 4-8 bilingual (Arabic/English) security policy documents for Saudi Public Security aligned to NCA regulatory standards
  • Delivered cybersecurity awareness program for King Abdulaziz Arabian Horse Center at Dirab
  • Designed KPI tracking system to measure employee compliance progress and performance across client engagements
  • Created comprehensive audit reports and bilingual compliance documentation adhering to Saudi regulatory standards
  • Managed client communications and stakeholder engagement, presenting findings to C-level executives and technical teams

Education

August 2021 - May 2025

Bachelor of Science in Computer Science

University of Colorado at Colorado Springs

Cybersecurity Specialization · Criminal Justice Minor · GPA: 3.1/4.0

  • Member of Mountain Lions Cyber Club
  • Participant in National Cyber League competitions
  • Colorado Springs, Colorado, United States
August 2018 - June 2019

High School Diploma

September High School

  • Boulder, Colorado, United States

Research

My research focuses on the intersection of cybersecurity, digital forensics, and criminal justice, aiming to develop more effective methods for investigating and preventing cybercrime.

Publication

Forensic Analysis of Cryptocurrency-Based Ransomware Attacks: Criminal Justice and Technical Perspectives

This research explores the challenges law enforcement faces when investigating ransomware attacks that utilize cryptocurrency payments. The study proposes a framework for tracking cryptocurrency transactions while maintaining legal compliance with chain-of-custody requirements for digital evidence.

Published: 2024 Journal of Cybersecurity & Digital Forensics
Read More
Publication

Post-Quantum Cryptography Implementation Challenges: Security Implications for Critical Infrastructure

This research examines the practical challenges of implementing post-quantum cryptographic algorithms in critical infrastructure systems. The study analyzes potential security vulnerabilities during transitional periods and proposes a risk mitigation framework.

Published: 2024
Read More
Publication

Quantum Cryptography: Implications for Digital Evidence in Criminal Investigations

This research explores how the advent of quantum computing will transform digital evidence collection, preservation, and presentation in court. The paper discusses the legal and technical considerations for ensuring the admissibility of digital evidence in a post-quantum cryptographic environment.

Published: 2025 International Journal of Digital Criminology
Read More

Projects

A selection of personal and professional projects demonstrating my technical skills and practical application of cybersecurity and GRC knowledge.

GRC Automation Platform

Built an AI-assisted platform to automate policy drafting, control mapping, and compliance gap analysis workflows — integrating compliance logic for SAMA, NCA ECC/DCC, ISO 27001, and NIST CSF frameworks. Significantly reduces manual documentation effort for GRC engagements.

Python GRC Automation AI-Assisted SAMA / NCA

Interactive Cybersecurity Learning Platform — aziz707.info

Developed an educational platform with 20+ interactive cybersecurity simulations covering SOC analyst training, penetration testing labs, and vulnerability assessment techniques. Includes compliance framework guides for NIST CSF, ISO 27001, CIS Controls, and OWASP. Built with Django backend, React frontend, and Docker deployment.

Python / Django React Docker SOC Training

ApplierPilotAI — AI-Powered Job Matching Platform

Full-stack AI-powered job application platform using Django, React, and PostgreSQL with intelligent job matching achieving 90%+ accuracy using BERT-based NLP models. Deployed with Docker, SSL/TLS encryption, automated CI/CD pipeline, 85%+ test coverage, JWT authentication, and OWASP Top 10 mitigations.

Django / React BERT / NLP Docker PostgreSQL

Digital Forensic Analysis Toolkit

Developed a comprehensive digital forensic toolkit that automates the collection and analysis of volatile and non-volatile data from compromised systems. Incorporates chain-of-custody documentation to ensure evidence admissibility in legal proceedings.

Python Digital Forensics Memory Analysis

Certifications & Skills

Professional certifications and technical skills that complement my academic qualifications and practical experience.

Google Cybersecurity Professional Certificate

Google (via Coursera)

Comprehensive cybersecurity program covering security fundamentals, risk management, network security, Linux/SQL, incident detection and response, and Python automation.

Completed: April 17, 2025

Verify Certificate

CompTIA Security+

CompTIA

Industry-standard certification covering network security, compliance, threats, vulnerabilities, access control, and cryptography.

In Progress

Certified Ethical Hacker (CEH)

EC-Council

Certification covering penetration testing methodologies, attack vectors, hacking tools, and ethical hacking techniques.

In Progress

Foundations of Cybersecurity

Google (via Coursera)

Mastery of cybersecurity fundamentals, security frameworks, and core security concepts.

Completed: April 17, 2025

Verify Certificate

Tools of the Trade: Linux and SQL

Google (via Coursera)

Proficiency in Linux operating system and SQL database security techniques.

Completed: April 17, 2025

Verify Certificate

Sound the Alarm: Detection and Response

Google (via Coursera)

Skills in security incident detection, analysis, and effective response procedures.

Completed: April 17, 2025

Verify Certificate

Automate Cybersecurity Tasks with Python

Google (via Coursera)

Proficiency in developing Python scripts for security automation and analysis.

Completed: April 17, 2025

Verify Certificate

Regulatory Frameworks

Technical Skills

SAMA CSF / MVC / CTI, NCA ECC / DCC / CCC, ISO 27001:2022, NIST CSF 2.0, CIS Controls v8, CST CRF

Security Tools

Technical Skills

Splunk, QRadar (SIEM), Metasploit, Burp Suite, Wireshark, Nmap, OWASP Top 10, MITRE ATT&CK

Development & DevOps

Technical Skills

Python, JavaScript/TypeScript, Django, React, Docker, Kubernetes, AWS, PostgreSQL, REST APIs

Contact Me

I'm open to research collaborations, cybersecurity consulting opportunities, and career conversations in GRC, IT risk, and SOC.

Email

azizcsecj@gmail.com

Phone

+966 50 *** ****

Location

Riyadh, Saudi Arabia

Website

aziz707.info