Afthab Sait SF

GRC professional with 13+ years of experience spanning cybersecurity consulting and in-house environments, grounded in a technical foundation of security operations, vulnerability assessment, penetration testing, and incident response, and progressively deepened into enterprise-wide governance, risk, and compliance. In consulting roles, led client engagements, mentored junior consultants, and drove GRC practice delivery across multicultural and cross-functional teams. In in-house roles, operated as an individual contributor owning end-to-end GRC programs, reporting directly to CISO and executive leadership, and driving compliance outcomes across engineering, infrastructure, product, and business units through influence and collaboration rather than direct line management. Proven ability to build and operationalize cyber governance frameworks, standardize IT controls, manage risk lifecycles, and maintain audit readiness across complex, multi-stakeholder environments. Experienced in shaping and approving implementation plans, presenting risk posture and compliance status to board-level and executive stakeholders, and driving cohesion across business and technology functions. Brings strong strategic planning and stakeholder management skills with a track record of uplifting security maturity and elevating organizational security posture across regulated and fast-moving SaaS environments. Deep expertise across ISO 27001, SOC 2, NIST CSF/RMF/800-53, HIPAA, PCI DSS, GDPR, PDPL, DPDP, NESA, ADHICS, Dubai ISR, COBIT, TOGAF, and SABSA, complemented by ISO 31000/27005 for risk management. Certified data privacy practitioner (CIPP/E, CIPM) with hands-on DPO experience. Expanding practice in AI governance aligned to NIST AI RMF, ISO/IEC 42001, MITRE ATLAS, EU AI Act, and UAE AI governance frameworks including CBUAE AI/ML principles for financial institutions. Comfortable working across industries and geographies, including SaaS, enterprise, and regulated sectors.