Rebecca Ahmed

• Collaborated with cross-functional teams to develop comprehensive security strategies, addressing unique business needs while maintaining a strong defense posture.
• Enhanced security measures by conducting comprehensive risk assessments and implementing strategic plans.
• Established strong security culture within organization by promoting collaboration between departments and fostering environment of continuous improvement.
• Developed robust security policies and procedures, ensuring adherence to industry best practices and regulatory requirements.
• Championed adoption of emerging cybersecurity trends such as zero-trust frameworks to stay ahead of threat actors'' tactics and enforcing secure by design principle.
• Implemented processes to understand impact to data and systems. Leading to organizational wide awareness of risk based decisions reducing overall risk impact.
• Conducted regular security audits to identify gaps in compliance and initiated corrective actions, reducing potential risks.
• Conducted regular reviews of existing risk management practices, recommending improvements as needed.
• Promoted enterprise-level risk management practices and helped instill strong culture focused on protective policies and procedures.
• Conducted comprehensive vendor risk assessments to evaluate security posture and recommended effective mitigation strategies to reduce supply chain risks

Acted as Cyber Risk & Assurance Manager, overseeing and managing various responsibilities

• Implemented industry-best cybersecurity governance frameworks, policies, and procedures.
• Established cybersecurity governance structures that outline roles, responsibilities, and decision-making processes. Ensured clear lines of accountability and communication channels were established.
• Lead compliance audits, ensuring adherence to relevant cybersecurity regulations, standards, and frameworks.
• Developed risk management strategies and regularly monitoring and updating risk management plans to address emerging threats.
• Develop and implement cybersecurity policies, procedures, and guidelines that align with organization's governance frameworks. Ensure policies are communicated effectively to all relevant stakeholders and are consistently enforced.
• Delivered Security Awareness and Training program to educate employees and stakeholders on cybersecurity governance principles and best practices, promoting culture of cybersecurity awareness while ensuring adherence to governance frameworks and policies.
• Developed effective strategies for managing vendor relations, maintaining compliance, and enhancing overall security.
• Provided reports and updates to senior management and relevant stakeholders on cybersecurity governance activities, compliance status, and risk posture. Ensured clear communication to achieve understanding and support for cybersecurity governance initiatives.
• Enhanced cybersecurity governance frameworks, policies, and procedures through continuous evaluation. Adapted governance practices proactively by staying updated on emerging cybersecurity trends, technologies, and regulatory changes.
• Aligned and integrated cybersecurity governance efforts by collaborating with cross-functional teams from Cloud, Infrastructure, Legal,
  Enterprise and Procurement.
• Developed strong partnerships with key stakeholders to facilitate collaboration and ensure backing for cybersecurity governance initiatives.
• Participated in various professional development activities including attending conferences and engaging in industry forums to ensure up-to-date knowledge of evolving cybersecurity landscape.

• Working with KPMG as a Lead Security specialist to assist with projects for Private entities, Federal and Defense agencies
• Working alongside various stakeholders from the business ensuring implementation of security governance, controls and policies are consistent in line with the applicable security framework
• Conducting Risk assessments to evaluate and assess risks using NIST SP 800-30 and ISO 31000.
• Developed and maintained relationships with customers and suppliers through account development.
• Provided expert guidance on regulatory requirements, ensuring that clients maintained full compliance with industry standards.
• Championed culture of continuous learning through regular training sessions, workshops, and knowledge-sharing initiatives aimed at enhancing staff competencies within GRC domain.
• Offered strategic advice on matters pertaining to corporate governance principles aimed at fostering transparency within stakeholder engagements.
• Conducted thorough audits and identified areas for improvement, leading to enhanced internal controls and risk management practices.
• Developed comprehensive risk management plan, minimizing potential disruptions to business operations.
• Played an instrumental role in helping organizations establish robust governance structures that facilitated decision-making processes while minimizing risks associated with non-compliance instances.

• Working with Ionize as GRC Consultant conducting Cyber security audits, gap analysis of information security risks, using different controls, security framework and standards as per client needs and requirements.
• Championed culture of continuous learning through regular training sessions, workshops, and knowledge-sharing initiatives aimed at enhancing staff competencies within GRC domain.
• Delivered detailed reports on audit findings, providing actionable insights for clients to strengthen their internal control systems.
• Managed project timelines effectively, ensuring all scheduled deliverables were completed accurately and within stipulated timeframes.
• Served as key point of contact for clients and internal stakeholders, providing expert guidance on all aspects of cybersecurity risk management.
• Conducted security audits to identify vulnerabilities.
• Performed risk analyses to identify appropriate security countermeasures.

• Collaborated with cross-functional teams for the successful implementation of new compliance initiatives.
• Monitored adherence to industry regulations, ensuring timely reporting of any discrepancies or violations.
• Prepared documentation and records for upcoming audits and inspections.
• Served as a subject matter expert on compliance matters, providing guidance and support to colleagues across various departments.
• Developed custom reports to address specific business needs and support decision-making processes.
• Provided actionable insights through detailed analysis of complex datasets, driving business improvements.
• Prepared monthly ad hoc reporting in alignment with client needs.
• Improved company''s risk management strategy by identifying, assessing, and mitigating potential risks related to noncompliance.
• Conducted gap analyses on existing controls systems, recommending improvements where necessary for increased effectiveness in maintaining regulatory compliance.
• Prepared detailed reports on findings from risk assessments, facilitating communication between technical and non-technical stakeholders.
• Coordinated with legal teams to ensure compliance with data privacy regulations such as Privacy Act 1989 or SoCI Act when handling sensitive information.
• Managed relationships with external cybersecurity vendors, ensuring access to expert advice and support when needed.
• Assessed third-party vendors'' compliance with relevant cybersecurity regulations, minimizing the risk of supply chain attacks.
• Presented findings from risk assessments at executive-level meetings, helping inform decisions on security strategy and policy direction.
• Conducted security audits to identify vulnerabilities.
• Enhanced security measures by conducting comprehensive cyber risk assessments and analysis.

• Developed comprehensive documentation to support end-users and facilitate future enhancements.
• Managed multiple projects simultaneously, consistently meeting deadlines while maintaining a high standard of quality workmanship.
• Identified critical issues within existing systems, providing recommendations for resolution and prevention of future problems.
• Identified needed business improvements and determined appropriate systems required to implement solutions.
• Created and maintained standard operating procedures governing system functions and features.
• Facilitated communication between technical and non-technical team members, ensuring project alignment across all parties involved.
• Collected, defined and analyzed business requirements.
• Analyzed security incidents post-resolution, identifying areas for improvement in both technical controls and incident response processes.
• Performed regular reviews of user access rights, minimizing the risk posed by insider threats or compromised accounts.
• Ensured compliance with industry regulations by performing comprehensive audits on existing security policies and procedures.
• Improved stakeholder confidence through preparation and presentation of detailed security reports and improvement plans.
• Collaborated with IT teams to develop comprehensive cybersecurity strategies, reducing risks from external attacks.
• Managed access controls for sensitive information systems, safeguarding data integrity and confidentiality.
• Improved decision-making processes by providing insightful recommendations based on thorough risk analysis.
• Streamlined risk reporting procedures for improved communication with stakeholders and senior management.

Took time off to raise two children

• Collaborated with various departments to ensure accurate security reporting and compliance with regulatory requirements.
• Achieved timely completion of security related audit projects through effective planning, execution, and follow-up procedures.
• Assisted in the development of annual audit plans based on risk assessments and management priorities.
• Collaborated with senior management to address critical areas of concern within the organization, leading to better decision-making and strategic planning.
• Prepared comprehensive reports detailing audit findings, recommendations, and action plans for management review.
• Supported external auditors during annual audits, providing requested documentation and addressing inquiries efficiently.
• Improved overall risk management by assisting in the development and implementation of corporate policies and procedures.
• Conducted regular follow-up audits to monitor progress on corrective actions taken in response to previous findings.
• Evaluated the effectiveness of internal control systems by performing detailed testing and analysis on key security risks findings.

• Supervised operations staff and kept employees compliant with company policies and procedures.
• Empowered employees to take ownership of their responsibilities, leading to increased accountability and improved performance outcomes.
• Conducted regular performance reviews, identifying areas for improvement and developing action plans to address them.
• Led hiring, onboarding and training of new hires to fulfill business requirements.
• Enhanced customer satisfaction by establishing clear communication channels and addressing concerns promptly.
• Established positive and effective communication among unit staff and organization leadership, reducing miscommunications, and missed deadlines.
• Facilitated smooth collaboration between departments through clear communication channels.