Raghad Alenazy

Cybersecurity & GRC Specialist with hands-on experience in developing and implementing NCA-compliant cybersecurity policies, conducting risk assessments, and ensuring governance alignment. Certified in GRCP, GRCA, IPMP, and ISO/IEC 27001:2022 Lead Auditor. Skilled in policy lifecycle management, compliance audits, designing governance models, regulatory reporting, and building integrated GRC frameworks.

Proven ability to support regulatory inquiries, contribute to awareness programs, define KPIs, and ensure organizational cybersecurity readiness through metrics and compliance initiatives.

Cybersecurity Specialist - Marfud

(2024-11 - 2025-11)

• Developed and managed NCA-compliant cybersecurity policies and procedures.
• Contributed to defining annual information security objectives aligned with enterprise strategy.
• Conducted enterprise risk assessments and supported GRC program development.
• Created internal cybersecurity compliance reports aligned with regulatory expectations from entities such as SAMA and NCA.
• Worked closely with compliance functions to identify and close gaps based on regulatory needs.
• Designed IS KPIs and metrics to support tracking of governance activities.
• Delivered training materials and awareness content for internal cybersecurity programs.
• Participated in building a strong security governance framework within the organization.

Awareness Specialist - Cyber She

(2024-09 - 2024-11)

volunteer

• Produced awareness content, including a video on breach response and a National Day thread on Saudi cybersecurity achievements.
• Supported public engagement and digital awareness aligned with national cybersecurity goals.

Cybersecurity Intern - Jeddah Municipality

(2022-06 - 2022-08)

• Operated foundational security tools such as SIEM (Splunk), EDR, WAF, and DLP.
• Performed basic threat analysis using sandbox environments, Wireshark, and MITRE ATT&CK.
• Monitored security alerts and supported the SOC team in log review and initial incident triage.
• Assisted in drafting cybersecurity policies aligned with NCA and ISO 27001 requirements.
• Participated in basic risk assessment exercises and internal policy compliance reviews.
• Created awareness posters and materials as part of the organization's cybersecurity training program.

Bachelor - Cybersecurity - Jeddah International College (2019-06 - 2024-05)