GRC & Cybersecurity Analyst

Majed
Al-Shammari

Governance · Risk · Compliance · Security Operations

GRC & Cybersecurity Analyst focused on enterprise governance, risk management, compliance, and security operations — aligned with NCA ECC and ISO/IEC 27001.

Majed Al-Shammari
95+ CSC Members
1350+ Community Reach
11+ Certifications
4 GRC Cases

About

Enterprise governance
with operational depth.

GRC & Cybersecurity Analyst with a B.Sc. in Information Security from the University of Ha'il. My work sits at the intersection of governance strategy and security operations — translating regulatory frameworks into measurable risk reduction for organisations.

During my co-op at the General Directorate of Cybersecurity, Hail Municipality, I built a Cyber Risk Management Portal aligned with NCA ECC, conducted risk assessments, maintained risk registers, and ran vulnerability scans in a live government environment.

I lead the Cybersecurity Club at the University of Ha'il and serve as University Ambassador at Tuwaiq Club — building community, running security awareness programmes, and connecting students with the broader industry.

Focus
GRC · Risk Management · Compliance · Security Operations
Frameworks
NCA ECC · ISO/IEC 27001 · NIST RMF · SAMA
Tooling
Splunk · ELK Stack · Nessus · Burp Suite · Wireshark · Nmap · Metasploit · Volatility
Languages
Arabic — Native · English — Professional
Location
Riyadh / Hail, Saudi Arabia

Experience & Leadership

Where the work happened.

GRC Analyst — Co-op Training

Jun 2025 – Jan 2026

General Directorate of Cybersecurity · Hail Municipality

  • Built a Cyber Risk Management Portal (CRMP) to centralise NCA ECC compliance workflows and provide real-time risk visibility across the organisation.
  • Conducted end-to-end risk assessments and maintained the organisational risk register in alignment with national cybersecurity governance requirements.
  • Executed Nessus vulnerability scans and produced findings reports to support remediation prioritisation.
  • Contributed to governance documentation and policy alignment with national cybersecurity directives.
NCA ECC GRC Risk Assessment Vulnerability Management

President, Cybersecurity Club (CSC)

Aug 2025 – Present

University of Ha'il

  • Lead strategy and operations for a 95+ member community advancing practical cybersecurity education.
  • Secured an 80% INE partnership discount, expanding professional training access for all members.
  • Produced and hosted a 10-episode cybersecurity series covering GRC, SOC operations, and security awareness.
Leadership Community Security Education

Leader & University Ambassador

May 2026 – Present

Tuwaiq Club · Tuwaiq Academy

  • Represent the University of Hail in strategic collaboration with Tuwaiq Academy, engaging a 1350+ member technical network.
  • Presented formal collaboration framework to university leadership, securing institutional partnership.
Strategy Partnerships

Selected Work

Featured engagements.

01  ·  FLAGSHIP PROJECT

Cyber Risk Management Platform v2

A full-stack GRC platform built and deployed during co-op at Hail Municipality. Evolved from a basic risk register into an enterprise-grade system with Role-Based Access Control, automated NCA ECC mapping, a 5×5 risk heatmap, audit logging, and one-click executive PDF reports. Presented to the University President and official delegations at the Hail International Rally 2026.

RBAC 3-tier access
5×5 Risk heatmap
NCA ECC auto-map
PDF Exec reports
Audit Full log trail
GRC Platform NCA ECC RBAC Risk Heatmap Audit Logging PHP · MySQL · Chart.js
02

OT Security Workshop

Delivered a structured workshop on ICS/SCADA environments, the Purdue Model, and operational technology threats to 100+ students — addressing a critical gap in IT/OT security understanding and raising awareness of industrial cybersecurity risks.

ICS/SCADA OT Security Risk Awareness
03

AI in Cybersecurity

Delivered a session on AI-driven threat detection, evolving defence strategies, and the role of machine learning in modern security operations — building analytical literacy and strategic awareness among the next generation of security professionals.

AI Security Threat Detection Security Strategy
04

AI-Powered Spam Detection — Graduation Research

Led a comparative study evaluating three machine learning methodologies across 193,850 emails — achieving 98.47% classification accuracy with a 1.37% false positive rate using Bidirectional LSTM. Delivered evidence-based deployment recommendations for enterprise email security infrastructure.

Machine Learning NLP 98.47% Accuracy

Certifications

Professional credentials.

ISO/IEC 27001:2022 Lead Auditor

ISO/IEC 27001:2022

Lead Auditor · Mastermind · Valid 2026–2029

GRCP

GRCP®

Governance, Risk & Compliance Professional

GRCA

GRCA®

Governance, Risk & Compliance Auditor

ITGRC

ITGRC®

Information Technology GRC · OCEG

IRMP

IRMP®

Information Risk Management Professional

eCIRv2

eCIRv2

Certified Incident Responder

eCDFP

eCDFP

Certified Digital Forensics Professional

eCTHPv3

eCTHPv3

Certified Threat Hunting Professional

eEDA

eEDA

Enterprise Defense Administrator

SC-900

SC-900

Microsoft Security, Compliance & Identity

eJPT

eJPT

Junior Penetration Tester · eLearnSecurity


Recognition

Awards & honours.

Certificate of Appreciation — CSC Leadership

College of Computer Science & Engineering · University of Ha'il

May 2026

Recognised for outstanding leadership as President of the Cybersecurity Club during the 2025/2026 academic year, supporting student activities, initiatives, and technical community engagement.

Leadership Recognition Award

Tuwaiq Academy

May 2026

Received for representing the University of Hail during the official Tuwaiq Club launch event in Riyadh.

Certificate of Appreciation — OT Security Workshop

University of Ha'il

Apr 2026

Recognised for conducting a workshop on Operational Technology Security and protection strategies for the College of Computer Science & Engineering.

Certificate of Appreciation — Hail International Rally

University of Ha'il · Office of the University President

Feb 2026

Awarded for presenting the Cyber Risk Management Portal (CRMP) to the University President and official delegations at the Hail International Rally 2026.

Recognition by the President of the University of Ha'il

University of Ha'il

Nov 2025

Personally recognised by the University President for representing the Cybersecurity Club during Global Entrepreneurship Week 2025 and for leadership contributions to university initiatives.


Recommendations

Professional references.

Dr. Ali Alferaidi

Professor
Information Security Department
University of Ha'il

View Recommendation

Dr. Diaa Uliyan

Associate Professor
Information Security Department
University of Ha'il

View Recommendation

Dr. Shahid Alam

Assistant Professor
Information Security Department
University of Ha'il

View Recommendation


Technical GRC Case Studies

From exploitation to compliance.

Each case study follows a full GRC lifecycle — Evidence collection, Root Cause Analysis, NCA ECC mapping, Risk Register, and Policy Clause — derived from real-world attack scenarios in controlled lab environments.

Assessment Tooling
Wireshark · Nmap · Burp Suite · Metasploit · Splunk · ELK Stack · Nessus · Volatility
Up next
CASE — 002

Unauthenticated Database Exposure

MongoDB instance exposed without authentication, allowing direct data exfiltration. GRC analysis mapping to NCA ECC data protection and secure configuration controls.

MongoDB Data Exposure ECC-2-10 In Progress
CASE — 003

Active Directory Privilege Escalation

Kerberoasting and weak service account policies enabling domain compromise. Mapped to IAM governance failures and third-party risk controls.

Active Directory Kerberoasting ECC-2-6 Upcoming
CASE — 004

Cloud Misconfiguration & Data Leak

Publicly accessible storage bucket exposing sensitive organisational data. Analysis covers cloud governance gaps and PDPL compliance implications.

Cloud Security PDPL ECC-2-12 Upcoming

Contact

Let's connect.