I find where systems, risk and reality don't match — and fix it.
7+ years in banking technology and regulated environments. This portfolio documents 9 months of intensive, skills-based GRC training — from foundational frameworks to a live AWS cloud deployment.
Designed, deployed and governed a live enterprise-grade GRC platform on AWS. CloudFormation, Lambda, RDS, DynamoDB, CloudTrail, KMS. 22/22 automated tests passed. 49 compliance reports generated.
End-to-end IR programme — policy, response plan, CSIRT structure, live ransomware simulation, stakeholder communications, after-action review and improvement plan.
Comparative breach analysis (Worldcoin Kenya vs MGM Resorts), compliance crisis management under AML + PCI DSS violations, and institutional security policy development.
Quantitative risk analysis (ALE/SLE/ARO), phishing simulation metrics, live Wazuh SIEM deployment, small business risk assessment and M365 project risk register.
GRC framework design, multi-jurisdictional regulatory mapping, CISO leadership analysis, SIEM log analysis and security integration into healthcare business processes.
LinkedIn: Najma Abdi Omar
Multilingual: English · Swahili · Somali · Turkish · Arabic