Gayad O.

Cyber Security Capability Lead – KPMG Lower Gulf

- Leading the Identity and Access Management Service Offerings across the region (UAE, KSA, Oman, Qatar, Bahrain).

- Currently overseeing the development of a Go-To-Market strategy, budgeting, and team building for IAM service offerings. Within the last 12 months, successfully sold over $3M in projects.

- Leading the sales and delivery of IAM transformation programs, maintaining strong partnerships with technology providers.

- Serving as a subject matter expert for KPMG and clients, providing strategic recommendations on IAM best practices and suitable IAM solutions.

Identity and Access Management for a Defence company (UAE)

- Leading a major Identity and Access Management (IAM) program for a greenfield environment, overseeing architecture design, implementation, and application onboarding across 15 entities.

Privileged Access Management Program for Major Oil and Gas Organization (UAE)

- Leading a privileged access management program, overseeing the design, installation, implementation, and integration with functional and non-functional (downstream) applications across 14 group companies. This includes managing a team of 15+ PAM engineers across different regions.

ITGC (IT General Controls) and OT assessment on Air Traffic Control (ATC) towers (UAE)

- Led a comprehensive risk assessment of IT and OT systems within ATC towers, focused on ensuring regulatory compliance (GCAA, ICAO, UAE IA) and enhancing cybersecurity resilience. Evaluated vulnerabilities, threats, and potential impacts by reviewing critical documentation, conducting stakeholder interviews

- Development (EMEA Region) Supported the development of the EMEA Cyber Strategy by assessing the current maturity level of cyber services, tracking progress across various regions, and reporting findings to Deloitte's country leaders and chiefs of staff. Additionally, played a key role in organizing joint leadership meetings and summits to drive strategic alignment and decision-making. project for a Security Company (Belgium)

- Developed and delivered a Digital Security Business Plan and Security Target Operating Model for the CISO office. This initiative was essential in securing funding to build and expand company-wide security capabilities.

- Led the design phase of the IGA solution implementation (Saviynt). Main activities consisted of gathering of the business requirements for the different use cases and mapping the different user attributes between authorization source, Saviynt, and the target systems, application prioritization, functional and architectural scoping.

- Managed and led the design phase of the role design concept and role setup in the SAP systems (S/4 Hana and Fiori) in alignment with the business requirements. In parallel, conducted SoD (Segregation of Duties) reviews and remediation.

- Designed a role concept and related authorization rights and support in the S/4 HANA migration UAT phase by reviewing, changing and creating the named authorization rights for Deloitte Global.

- Conducted a cyber security maturity and compliance assessment for the different entities within a group in the car sector. Based on the results of the assessment, a target operating model for the group security function, and a detailed implementation roadmap to achieve the target state and enhance the security posture of the group have been developed. The operating model included the proposed governance structure, capabilities to be centralized, capabilities to be decentralized and the creation of center of excellence for the capabilities.

- Leakage Program for Defence company (UAE) Managed the delivery of a data classification program, including the drafting of a group-wide policy aligned with regional regulations, industry-specific standards, and ITAR requirements.

Responsibilities included gathering business requirements, defining use cases, and identifying the organization's critical information assets to ensure the effective deployment of various data protection solutions.

- Program for a major Airport (KSA) Developed and delivered a comprehensive Identity and Access Management (IAM) strategy and roadmap for a KSA-based airports company, as part of a broader Cyber Security program. This initiative was designed to enhance access control measures based on regulatory standards and regulations (NCA), streamline identity management processes, and support the organization's overall security objectives.

- Strategy for the Ministry of Presidential Affairs Supported the delivery of a national security awareness program specifically tailored to different personas within the organization. The program aimed at enhancing the technical knowledge of professionals through customized cyber simulation exercises.