Karthikeyan Ganesan
Dubai,United Arab Emirates
Summary
With 19 years of experience in Information Security and IT GRC, specializing in conducting comprehensive risk assessments, evaluating internal controls, and ensuring compliance with a wide range of regulatory frameworks, including NESA, PCI DSS, ADHICS, GDPR, SAMA, and the Central Bank of Bahrain (CBB).
Solid background in IT audits, privacy assessments, third-party risk evaluations, and business continuity reviews, delivering actionable insights to improve risk management and control effectiveness.
Proven track record in implementing and auditing international standards and frameworks including ISO 27001, ISO 27701, COBIT, ITIL, and ISO 9001 to strengthen information security governance.
Adept at developing, reviewing, and enhancing IT policies and procedures to align with audit findings, business objectives, and evolving regulatory requirements.
Overview
20
20
years of professional experience
1
1
Certification
Work history
GRC and Privacy Specialist
Damac Properties
Dubai
09.2024 - 05.2025
Senior Information security consultant
Paramount computer systems @ Emirates Global Aluminium
Dubai, U.A.E
05.2022 - 09.2024
Assistant Manager (IT Audits & Advisory short term role)
KPMG
Bahrain
07.2021 - 02.2022
IT GRC Consultant
Gulf International Bank (GIB)
Bahrain
07.2019 - 06.2021
IT GRC Consultant
ADIB
Abu Dhabi
08.2018 - 07.2019
Information Security Risk assessment Consultant
Wipro Limited
Bangalore, India
10.2017 - 08.2018
IT GRC | Process Improvement | Quality Consulting
Tech Mahindra| DP World | L&T | Onward | Infosys | Cognizant | Zylog | NNCPL
Chennai | Bengaluru | UAE
11.2005 - 08.2017
Education
B.E. - Industrial Engineering
College of Engineering, Guindy, Anna University
Diploma in Mechanical Engineering - undefined
Central Polytechnic, Directorate of Technical Education
Skills
- Governance, Risk, and Compliance (GRC)
- Cybersecurity and Information Security Management
- Policy and Procedure Development
- Data Privacy Management (GDPR, ISO 27701)
- IT Audit & Third-Party Risk Assessment
- Framework Implementation: ISO 27001, NESA, SAMA, PCI DSS, ADHICS, GDPR, COBIT, ITIL, ISO 9001, CMMI
- Business Continuity and Disaster Recovery Planning (ISO 22301)
- Risk and Controls Self-Assessment (RCSA) & Controls Testing
- Project Management and Process Improvement
- Security Awareness and Training Programs
Certification
- Certified Information Systems Auditor (CISA)
- Lead Auditor for BCMS ISO 22301:2019 (BSI)
- ISO 27701 & GDPR Certified Lead Implementer Professional (BSI)
- Internal Quality Auditor for ISO 27001, ISO 9001, ISO 20000
- NCEMA Business Continuity Lead Auditor
- ITIL Intermediate Certified
- CSQA (Certified Software Quality Analyst)
Key Responsibilities and Initiatives
- Designed and implemented robust IT Governance, Risk, and Compliance (GRC) frameworks tailored to industry needs, ensuring alignment with regulatory requirements from authorities such as the Saudi Central Bank (SAMA), Central Bank of Bahrain (CBB), UAE’s NESA and ADHICS, GDPR, etc.
- Developed and maintained Cybersecurity, IT governance, Data privacy, and Business continuity management frameworks and policies in compliance with international and regional standards, including ISO 27001, ISO 27701, and ISO 22301.
- Led IT security risk assessments, IT audits, third-party/vendor evaluations, and control testing, addressing sector-specific threats and enhancing the organization’s security posture.
- Delivered full-cycle Data Privacy Management engagements, including Data Privacy Impact Assessments (DPIAs), with a focus on compliance in regulated environments across various industries.
- Managed internal, external, and regulatory audits; conducted business impact analyses, disaster recovery drills, and developed BCP/DR plans to ensure operational continuity and audit readiness.
- Defined and tracked IT governance KPIs and conducted enterprise-wide security awareness programs to align security initiatives with business objectives and foster a culture of compliance.
Accomplishments
- Successfully implemented GRC programs for several customers from different domains such as Banking, Insurance, Automotive, Government, Manufacturing and logistics.
- Spearheaded the ISO 27001 certification program for multiple clients.
- Drove enhanced security controls projects to safeguard sensitive data for multiple clients.
- Conducted over 100 third-party information security and risk assessments.
Timeline
GRC and Privacy Specialist
Damac Properties
09.2024 - 05.2025
Senior Information security consultant
Paramount computer systems @ Emirates Global Aluminium
05.2022 - 09.2024
Assistant Manager (IT Audits & Advisory short term role)
KPMG
07.2021 - 02.2022
IT GRC Consultant
Gulf International Bank (GIB)
07.2019 - 06.2021
IT GRC Consultant
ADIB
08.2018 - 07.2019
Information Security Risk assessment Consultant
Wipro Limited
10.2017 - 08.2018
IT GRC | Process Improvement | Quality Consulting
Tech Mahindra| DP World | L&T | Onward | Infosys | Cognizant | Zylog | NNCPL
11.2005 - 08.2017
B.E. - Industrial Engineering
College of Engineering, Guindy, Anna University
Diploma in Mechanical Engineering - undefined
Central Polytechnic, Directorate of Technical Education
Similar Profiles
NZAR HAMA RASHEDNZAR HAMA RASHED
Senior Quantity Surveyor at DAMAC Properties, DAMAC Hills Community projectSenior Quantity Surveyor at DAMAC Properties, DAMAC Hills Community project
Morris MwangangiMorris Mwangangi
Administration Manager at Damac Properties Company LLCAdministration Manager at Damac Properties Company LLC
Regan SserwanjaRegan Sserwanja
Receptionist at Damac PropertiesReceptionist at Damac Properties
Ahmed Nabil GaafarAhmed Nabil Gaafar
Senior Relationship Manager at DAMAC PropertiesSenior Relationship Manager at DAMAC Properties
Fiza KhanFiza Khan
Accounts manager at Nabeel Construction PVT. LTDAccounts manager at Nabeel Construction PVT. LTD