SHAIKHA AHMED MOHAMMED AL SHEHHI
Cybersecurity Analyst
Profile summary
Cybersecurity Governance & Risk professional with experience leading PCI DSS certification, cloud risk assessments, and third-party security due diligence within enterprise environments. Skilled in managing PCI DSS v4.0 deliverables, developing governance workflows across CRA, DPIA, DPA, and enhancing security documentation and processes. Experienced in SSL/DMARC governance, strengthening visibility across applications and cloud services, and collaborating with auditors, IT teams, and business stakeholders to improve control maturity and ensure alignment with UAE PDPL, ISO 27001, NIST, and enterprise cybersecurity policies.
Career highlights
Ensured PCI DSS v4.0 Compliance: Led PCI DSS v4.0 certification renewals for 5 applications, ensuring compliance with updated security controls for a leading hospitality and entertainment group.
Key skills
Professional experience
Led PCI DSS v4.0 certification renewals for 5 applications in one of the UAE’s leading hospitality and entertainment groups, ensuring compliance with updated security controls Led third party due diligence and vendor onboarding by conducting cloud risk assessments (NDA, DPA, CRA, SOC 2, ISO 27001). - Delivered comprehensive risk assessments and DPIAs for 20+ SaaS vendors, ensuring compliance with ISO 27001, SOC 2, and global security frameworks Developed and maintained SSL and DMARC governance, ensuring certificate lifecycle management and secure email practices. - 2years, monthly Collaborated with cross-functional teams (Legal, Procurement, SOC, WAF, Application Owners, Vendors) to drive security compliance and governance initiatives. Performed periodic web application scanning for critical websites within the organization, OT security assessments, and code reviews to identify and mitigate vulnerabilities. Enhanced enterprise defense by managing endpoint security with CrowdStrike, Forcepoint, Cisco Umbrella, and Arcon PAM
Completed three-month online training covering penetration testing, digital forensics, and network defense fundamentals. Assisted in analyzing simulated cyberattacks and incident response scenarios.
Rotated across multiple teams, including ICT (Security, Networks, Windows/Unix OS, HPC) and ITSS (Helpdesk, Student Affairs, AV support). Gained hands-on exposure to IT operations, troubleshooting, and system administration.