Osama Bin Faiz

CEO

Dubai, United Arab Emirates7 yrs 3 mos experience

Most Likely To SwitchHighly Stable

Key Highlights

Over $45 million in order bookings for APMEA geography
Expertise in GRC transformation and Data Privacy engagements
Proven track record in cybersecurity presales activities

Stackforce AI infers this person is a Cybersecurity and GRC specialist with extensive experience in Data Privacy and Risk Management.

Contact

osama.faiz.iitkgp@gmail.com LinkedIn

Skills

Core Skills

Cybersecurity Risk AdvisoryGrc ManagementData PrivacyRisk ManagementDevsecopsGovernance, Risk & Compliance

Other Skills

Analytical SkillsBuild Strong RelationshipsClient RelationsCloud ComputingCommunicationComputer Networks with SecurityCyber Risk ManagementCybersecurityCybersecurity StrategyData ClassificationData Protection Impact AssessmentDocumentationESGGeneral Data Protection Regulation (GDPR)ISO 27001

About

A result-driven consultant with 5+ years of experience in the information security domain. Over 5 years, I have proactively delivered GRC transformation programs and Data Privacy engagements for multiple clients, along with leading & managing cybersecurity-related presales activities for the APMEA geography (Asia-Pacific, Middle East, and Australia). I am a dedicated individual with a good academic and professional background who can work in high-pressure environments. My current skill sets and expertise are captured as follows: Specialties: Cybersecurity Risk Advisory, Technology Consulting, and Go-to-Market Strategies Focus Areas: Data Privacy, IT Risk Management, Third-Party Risk Management, Regulatory Compliance, Policy Management, Contract Reviews, and Cybersecurity Maturity Assessments Tools & Technologies: ServiceNow, Archer, OneTrust, Securiti, and RiskRecon Industry Sectors Served: BFSI, Petrochemical, Pharmaceutical, Technology, Media, and Telecom

Experience

Wipro

4 roles

Cyber Security Specialist + GTM Lead (APMEA)

Sep 2025 – Present · 6 mos

Facilitating the advancement of GRC and Data Privacy program for a multinational telecommunications firm based in Dubai, UAE along with managing cybersecurity presales for APMEA (Asia-Pacific, Middle East and Australia) region.
Primary responsibilities include:
1. Conducting Data Privacy Impact Assessments
2. Creating Records of Processing Activities
3. Developing Asset Inventory
4. Building Archer-based Privacy Management solution
5. Enhancing overall GRC Management Program
6. Facilitating business development by converting potential opportunities into deals

Cybersecurity Risk AdvisoryData PrivacyGRC ManagementPresales

Senior Cybersecurity Consultant - Strategy & Risk

Apr 2024 – Sep 2025 · 1 yr 5 mos

Developed understanding about multiple business processes and functions such as Internal Business Operations, Wealth Management, Retail Banking, Application Upgrades/Deployments, HR functions, Customer Support, Vendor Management, etc.
Performed in total 130+ assessments related to Data Protection Impact, Third-Party Data Privacy, Transfer Impact, Data Quality & Legitimate Interest based on regulations like EU GDPR, DIFC DPL, Malaysian PDPA, Singapore PDPL, etc. for a multinational bank
Conducted tabletop interview sessions with business process heads, application owners, and vendors and guided them in creating Records of Processing Activities (RoPA), Privacy Notices, Policy Documents, etc.
Assessed security & privacy procedures, identified control deficiencies, recommended mitigations to address those gaps, and generated assessment reports as part of gap assessment exercises
Guided clients on the identification, design, and implementation of data protection and privacy controls
Reviewed privacy, security, and governance clauses during third-party contract reviews
Facilitated the execution of an internal ISO 27001-based audit program for an Indian International Airport
Enhanced end-to-end Supply Chain Risk Management process flow, supplier tiering approach, and continuous threat monitoring based on the NIST framework for a Europe-based engineering services firm
Achieved order booking quantum of $19.5 million in FY25 for the APMEA geography

Data Protection Impact AssessmentThird-Party Data PrivacyISO 27001Policy ManagementData PrivacyRisk Management

Cybersecurity Consultant - Strategy & Risk

Jun 2022 – Mar 2024 · 1 yr 9 mos

Orchestrated execution of vendor risk assessment program for an Indian client
Prepared recommendations and future roadmap based on NDMO & KSA PDPL for a chemical manufacturing firm by analyzing policies and procedures related to Data Management, Governance, and Classification
Designed record retention & data classification process and best practices for a Middle East firm
Designed an end-to-end workflow of Inherent Risk Assessment, Control Gap Assessment, Third-party Cyber Risk Management, and Issue Management for a US-based multinational bank
Spearheaded pre-sales activities in the APMEA unit for 120+ potential clients by drafting proposal responses to RFPs & RFIs, building pricing strategies, and leading bid defenses
Achieved order booking quantum of $10 million in FY24 and $15 million in FY23 for APMEA geography
Created marketing collaterals such as POVs, Slipsheets, and Talk-books on topics like PCI-DSS 4.0, NIS 2 Directive, Essential Eight, CDR Framework, FedRAMP, SAMA CSF, APRA CPS, India’s DPDB 2022, etc.

Vendor Risk AssessmentData ClassificationPre-sales ActivitiesCybersecurity Risk AdvisoryData Privacy

Summer Intern (WiSE '21)

May 2021 – Jul 2021 · 2 mos · Bengaluru, Karnataka, India

Developed a holistic understanding of the technology and processes involved in the DevSecOps lifecycle
Comprehended the architecture, working mechanism, and integration into the CI/CD
pipeline for the following services:
Static Application Security Testing [SAST]
Software Composition Analysis [SCA]
Dynamic Application Security Testing [DAST (Web)]
API Security Testing / Framework for Application Security Testing [FAST]
Interactive Application Security Testing [IAST]
Runtime Application Self-Protection [RASP]
Mobile Application Security Testing [MAST (Mobile)]
Vulnerability Assessment and Penetration Testing [VAPT (Infrastructure)]
Container Security
Performed secondary research and evaluated more than 30 open-source tools across 9 different services
Created Service Description documents, Tool Evaluation sheets, and Architecture & Process Flow diagrams to streamline the selling process for Pre-Sales and Sales teams

DevSecOpsTool Evaluation

Iit kharagpur - vinod gupta school of management

Placement Coordinator

Sep 2020 – Apr 2022 · 1 yr 7 mos · Kharagpur, West Bengal, India · Hybrid

Facilitated a conducive environment and acted as an interface between the students and the corporate world, thereby ensuring smooth execution of the placement process

Deloitte india (offices of the us)

2 roles

Advisory Analyst (GRC Tech)

Jul 2018 – Jul 2020 · 2 yrs · Hyderabad Area, India · Remote

Developed a customized risk assessment solution in Archer for a major US-based pharmaceutical client (2 Spot Awards + Client Appreciation Award)
Facilitated a US-based healthcare client in maturing their cybersecurity strategy, risk management framework, and access control matrix (1 Spot Award)
Built an operational risk mgmt. solution in Archer for a financial services client that allowed documenting risks in a structured form, running targeted assessments, improved tracking of loss events and monitoring metrics
Implemented ServiceNow’s Security Operations module that allowed client to prioritize security incidents and remediate vulnerabilities in shorter span of time
Designed and configured SOX Compliance Management, Security Risk Management and PCI Management modules on Archer for a music streaming platform client
Built several reports and dashboards that fast-tracked and simplified the decision-making process for the upper management by obtaining real-time reporting
Contributed to firm initiatives like running demos for OOB & Enhanced ServiceNow modules, supporting RFPs, testing online courses on Brainshark tool, etc.
Created detailed training guides for business users and independently conducted training and knowledge transfer sessions

Risk AssessmentCybersecurity StrategyGovernance, Risk & Compliance

Intern (Cybersecurity)

Jan 2018 – May 2018 · 4 mos · Hyderabad Area, India

This project caters to 2 themes that I worked on during my internship at Deloitte USI.
Theme 1: Conducted detailed research work on key trends and technologies that are currently disrupting the healthcare industry and proposed a new market offering in this field where Deloitte could pitch itself.
Theme 2: Documented my learnings and work carried out across 2 different practices of Deloitte USI:
a. GRC (Governance, Risk Management, and Compliance) - Trained in and got acquainted with Governance, Risk, and Compliance (GRC) concepts and tools
b. A&A (Assurance and Analytics) - Trained in and got acquainted with Assurance & Analytics services and technologies

Hewlett packard enterprise

Summer Trainee

May 2016 – Jun 2016 · 1 mo · Noida, Uttar Pradesh, India

Implementation of routing algorithms and managing of different networking devices to ensure a secured communication across a WAN using Cisco Packet Tracer
Awarded ‘Star of the Batch’ by RCPL India for being the batch topper during the Training Period.

Steel authority of india limited

Engineer Intern

Dec 2015 – Jan 2016 · 1 mo · Bokaro Area, India

Learnt the integrated steel-making processes and operations i.e., from the processing of iron ore to saleable steel products
Understood the functionalities of ERP implementation through SAP modules deployed at SAIL