Head of Cybersecurity Audits, Internal Audit Division, Arab National Bank

Additional Info

Job title of nominated professional (or team name)Head of Cybersecurity Audits
Company (where nominated professional or team is working)Arab National Bank
Company size (employees)5,000 to 9,999
CountrySaudi Arabia
Headquarters RegionMiddle East


Muhammad Tariq Ahmed Khan is Head of Cybersecurity Audit, Internal Audit Division, Arab National Bank, Riyadh. He is a “Subject Matter Expert” in Technology and Cybersecurity Audits. He has more than 21 years’ experience in the Banking industry, in areas such as IT, Information Security, and IT Audit. He has a solid understanding and application of Risk-Based Audit methodology, ISMS (ISO 27001), ISO 22301, NIST and COBIT, IT & Information Security regulatory compliance. To his credit, Khan also has sound technical knowledge (as evident by his pertinent professional certifications) in various IT platforms and IT project management – with experience in Disaster Recovery and Business Continuity Management.

He currently holds several professional certifications such as:
• Certified Data Privacy Solutions Engineer (CDPSE)
• Certified Ethical Hacker v10 – CEH
• Certified ISO 27001 ISMS – Lead Auditor
• Certified ISO 22301 Business Continuity – Lead Auditor
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information System Security Professional (CISSP)
• Project Management Professional (PMP)
• Certified Digital Forensics Engineer (CDFE)

His published articles in the cybersecurity field were greatly appreciated by the audiences. Some of the most prominent articles published by Tariq were on the following topics:

• Artificial Intelligence in Cybersecurity operations
• Cybersecurity Internal Audit Considerations
• Data Privacy

Tariq is well known “Speaker” and has spoken at various international seminars and conferences.


1- His business, technology and cyber security background has made him as a strategic “holistic” thinker and has inspired, not only, the top management, but also, the employees of the organization. The candidate has proved to be a persistent leader to others and helping individuals become leaders in their own right. As a result, cyber security conscious culture is being inspired by the organization and people choose to move in the same direction.

2- Based on the cyber security audit recommendations and explanation provided by the candidate, the board and top management have changed their views that while the Technology is the enabler to business yet cyber security is the overarching business operations protection program. Resultantly, obtaining an effective cyber security budget is not the constant battle now.

3- His contribution in the form of – cost-effective yet practical audit recommendations - has made him distinguished in Cyber Security Audit domain. Further, his value added recommendations have persuaded the top executives on investing in cyber security technologies that supports business objectives.