Jamil Ahmed

🚀 Projects

Things I've built and contributed to, sorted by date.

OT/ICS Cybersecurity Governance Revamp Initiative

📅 Nov 2025

Spearheaded the end-to-end redesign of the OT cybersecurity governance framework for a global leader in the oil & gas industry. Developed and implemented a holistic OT Cybersecurity Management System (CSMS), integrating requirements from IEC 62443, NIST CSF 2.0, Shell DEP, and ISO 27001/22301. Authored critical governance documents including Cybersecurity SoA, specifications, procedures, and guidelines. Implemented a continuous monitoring and assurance program with traceable KPIs/KRIs across three lines of defense. Closed all LoD2 findings and established a validated governance structure for Levels 0–3.5 infrastructure, ensuring audit readiness.

ISA/IEC 62443 NIST CSF 2.0 ISO 27001 CSMS OT/ICS Cybersecurity GRC Compliance

OT/ICS Cybersecurity Patch Management Framework – PCD Governance Enhancement

📅 Sep 2025

Contributed to a cybersecurity governance enhancement initiative for a major oil & gas company's Process Control Domain (PCD). Redesigned patch management specification, procedure, and guideline to align with ISA/IEC 62443-2-3. Developed comprehensive lifecycle guidelines covering identification through deployment and verification. Established a risk-based patch prioritization framework and a formal Patch Management Committee. Implemented compensating controls for legacy systems and created measurable KPIs for patch management effectiveness.

ISA/IEC 62443 Patch Management OT/ICS Cybersecurity Vulnerability Management Risk Assessment Change Management

Cybersecurity Compliance Assessment and Roadmap – Highspeed Railway

📅 May 2025

Conducted a comprehensive assessment of Operational Technology Cybersecurity Controls (OTCC-1:2022) compliance for High-speed Railway critical infrastructure. Evaluated security measures against Saudi Arabia's NCA standards (ECC, OTCC, CSCC, TCC, OSMACC) and mapped controls to ISA/IEC 62443 and NIST. Identified gaps in network segmentation, vulnerability management, and incident response. Enhanced cybersecurity posture by ensuring adherence to OTCC governance, defense, and resilience domains.

NCA Standards OTCC ISA/IEC 62443 NIST OT/ICS Cybersecurity Compliance Network Segmentation

Petrochemicals Facility Security Architecture Assessment for IT, ICS/OT

📅 Apr 2025

Conducted a comprehensive security architecture assessment for a major global petrochemical facility including a Mixed Feed Cracker (MFC) and downstream polymer units. Reviewed deployed IT/ICS systems, physical security controls, and asset inventories. Assessed networks, software, and systems for compatibility, scalability, and lifecycle risk. Compared facility cybersecurity posture against Aramco standards (SACS, SAEP, SAES) to identify conflicts and gaps. Examined ERP/IT/OT readiness and Digital Strategy alignment with security requirements.

OT/ICS Security ICS Assessment Aramco Standards Security Architecture IT/OT Convergence Compliance

IT Cybersecurity Governance, Risk and Compliance Assessments

📅 Jan 2025

Conducted a comprehensive cybersecurity GRC assessment to evaluate security program maturity, identify gaps, and ensure alignment with regulatory requirements. Performed gap analyses against NIST CSF, ISO 27001, and CIS Controls. Developed risk assessment methodologies to identify and evaluate threats to critical assets. Reviewed security policies, governance structures, and technical controls. Presented findings and strategic roadmaps to executive leadership.

GRC NIST CSF ISO 27001 CIS Controls Risk Assessment Security Audit Executive Reporting

Enterprise Risk Assessment using NIST CSF & ISO 27001

📅 Nov 2024

Conducted an enterprise-wide risk assessment leveraging NIST Cybersecurity Framework and ISO 27001 to evaluate security posture, identify vulnerabilities, and develop a prioritized remediation roadmap.

NIST CSF ISO 27001 Risk Assessment GRC Compliance

Information Security Audit – Leading Trading Company in KSA (FY 2024)

📅 Nov 2024

Conducted a full-scope information security audit for a leading trading company in Saudi Arabia, evaluating security controls, compliance posture, and risk exposure across IT infrastructure and business processes.

Information Security Security Audit GRC ISO 27001 Risk Assessment

Information Security Review

📅 Feb 2024

Conducted a comprehensive IT security audit and vulnerability assessment across web servers, ERP servers, database servers, IVR servers, email servers, VPN servers, and network devices (routers, switches, firewalls, access points). Performed hardware capacity review and evaluated BCP/DRP solutions.

Vulnerability Assessment Security Audit Network Security BCP/DRP Infrastructure Review

IT Control Assurance and ISMS Readiness

📅 Feb 2024

Led IT control assurance and ISMS readiness assessment to evaluate the design and operating effectiveness of security controls and prepare the organization for ISO 27001 certification.

ISMS ISO 27001 IT Audit Control Assurance GRC

ISMS Implementation – Leading Firm in KSA

📅 May 2023

Led end-to-end implementation of an Information Security Management System (ISMS) aligned with ISO/IEC 27001:2022 for a leading firm in Saudi Arabia, covering policy development, risk treatment, and certification readiness.

ISMS ISO 27001 GRC Risk Treatment Security Policy

Information Security Audits – Financial and Power Sectors

📅 Jan 2023

Performed information security audits for multiple clients in the financial and power sectors, evaluating compliance, control effectiveness, and security maturity against industry standards.

Security Audit ISO 27001 GRC Financial Sector Critical Infrastructure

Dockerize a Java Web Application using docker-compose

📅 Jan 2022

Deployed a Java application stack (Nginx, Tomcat, MySQL) using docker-compose, containerizing the full web application for consistent and portable deployment across environments.

Docker Docker Compose Nginx Tomcat MySQL Containerization

Deployed Java Application on AWS 3-Tier Architecture

📅 Dec 2021

Deployed a scalable, highly available, and secured Java application on AWS using a 3-tier architecture, providing public internet access with proper network segmentation and security controls.

AWS Amazon EC2 3-Tier Architecture Cloud Security High Availability

Lambda Function for Weekly EC2 AMI Backup

📅 Jul 2021

Built an AWS Lambda function to create weekly EC2 AMI backups of all instances running in the US-east-1 region and automatically delete AMIs older than 30 days, reducing storage costs and ensuring recovery point availability.

AWS Lambda Amazon EC2 AWS IAM Backup Automation Python

Travel Booking Site – Containerization and CI/CD

📅 Apr 2021

Containerized a travel booking website with Docker and Docker Compose. Wrote unit and integration tests with RSpec, Capybara, and Selenium. Deployed to AWS cloud with Terraform and authored a Jenkinsfile to build, test, and deploy the application automatically.

Docker Docker Compose Terraform Jenkins CI/CD RSpec Selenium Amazon S3

BMI Calculator – Kubernetes on Oracle Cloud

📅 Jan 2021

Built a React Hooks BMI calculator app with 7-day LocalStorage persistence and containerized it for deployment on Oracle Cloud using Kubernetes. Used Jenkins for CI/CD to automate the build, test, and deploy pipeline.

Kubernetes Oracle Cloud React Docker Jenkins CI/CD Linux

Explore California – Kubernetes on AWS EKS

📅 May 2020

Migrated the Explore California site from AWS VMs into containers via Kubernetes. Used Make to automate Docker startup and authored a Helm chart for local deployment with Kind. Deployed to AWS Elastic Kubernetes Service (EKS) using AWS Elastic Container Registry (ECR).

Kubernetes Amazon EKS AWS ECR Helm Docker AWS

Impact Assessment – ILO Capacity Building Workshops

📅 Oct 2011

Conducted an impact assessment of ILO Capacity Building Workshops for constituents and humanitarian community on Job-Centered Crises Recovery & Decent Work, for the International Labour Organization.

Impact Assessment Research Data Analysis Reporting

TAF Madrassah Baseline Study – The Asia Foundation

📅 Aug 2011

Led baseline study for The Asia Foundation's TAF Madrassah project, designing data collection methodology, managing field research, and compiling findings for organizational reporting.

Baseline Study Research Data Collection Reporting

EoP Evaluation – Activating Media in Combating Child Labour (ILO)

📅 Aug 2011

Conducted End-of-Project evaluation for the ILO initiative 'Activating Media in Combating Child Labour', assessing program effectiveness and documenting outcomes for the International Labour Organization.

Program Evaluation Research Data Analysis ILO Standards

Mid-Term Evaluation – Pakistan TB ACSM Interventions (Mercy Corps)

📅 Jun 2011

Conducted training for data collection and mid-term evaluation of ACSM interventions across all provinces of Pakistan for Mercy Corps International and The Global Fund Consolidated Program TB component.

Mid-Term Evaluation Data Collection Field Research Public Health

Effectiveness of SMS as a Marketing Tool (MBA Dissertation)

📅 Feb 2011

MBA dissertation investigating the effectiveness of Short Message Service (SMS) as a marketing tool from a consumer perspective. Presented at the 3rd International Applied Business Research Conference, IIUI, Islamabad.

Research Marketing Consumer Behaviour Data Analysis Academic Writing

Relationship Marketing Plan – Digital Logic, Islamabad

📅 Jul 2010

Developed a comprehensive relationship marketing plan for Digital Logic, Islamabad, outlining strategies to build long-term client relationships and improve customer retention.

Marketing Strategy Relationship Marketing Business Development