Summary
Work History
Education
Skills
Accomplishments
Certification
Timeline
Generic

Mahy Ahmed P.Eng

Toronto,ON

Summary

Diligent Information Security Manager with robust 17 years experience in managing information security frameworks. Successfully led initiatives to enhance data protection policies and mitigate security risks. Demonstrated expertise in threat analysis and incident response.

Expertise in integrating Artificial Intelligence into enterprise security, risk, and governance programs. Proven experience designing AI-driven security frameworks, ransomware risk detection strategies, and cyber risk operating models aligned with regulatory and business objectives.

Work History

Information Security Manager

Grant Thornton LLP
Toronto, ON
06.2021 - Current
  • Defined, tracked, and analyzed key performance indicators to measure operational efficiency, quality, and goal achievement.
  • Conducted team performance assessments to evaluate collaboration, skill effectiveness, and productivity, driving continuous improvement.
  • Own strategic security roadmap, investment planning, and annual operating budgets supporting firm-wide risk reduction initiatives.
  • Built and scaled OSINT and Digital Forensics Lab, expanding investigative and threat-hunting capabilities across national engagements.
  • Translated AI-driven threat intelligence into actionable risk metrics for executive and board-level reporting.
  • Direct red-team and penetration testing programs, ensuring executive visibility into systemic risk and remediation progress.
  • Embedded AppSec controls into CI/CD pipelines, accelerating secure releases and reducing high-risk findings in production.
  • Increased remediation velocity by 40% through operating-model redesign and automation.
  • Accelerated business approvals by embedding security engineering into digital-delivery pipelines.
  • Produced board-level cyber risk dashboards linking threats to financial exposure and regulatory consequences.
  • Ensured AI security practices aligned with financial services regulations (FFIEC, GLBA, PCI DSS, NYDFS Cybersecurity Regulation) and AI risk frameworks (NIST AI RMF, OWASP LLM Top 10, MITRE ATLAS).
  • Defined policies and guardrails for secure and compliant AI adoption across the organization.
  • Maintained service-level excellence during organizational transitions through workforce stabilization and process maturity.
  • Matured the firm’s risk governance using the Three Lines of Defense (3LOD) model, improving accountability and visibility across business functions.
  • Built and led an OSINT and Digital Forensics Lab supporting cybercrime investigations, threat hunting, and incident response.
  • Direct in-house penetration testing and red-team activities, proactively identifying and mitigating critical vulnerabilities.
  • Managed security Event Management using SIEM platforms within a SOC, monitoring, correlating, and responding to threats while tracking security KPIs for performance optimization.
  • Applied cybersecurity CSF frameworks to assess SOC operations, improve incident response effectiveness, and align team performance with organizational security objectives.
  • Lead multi-team strategic security projects, overseeing scope, delivery, budget, and stakeholder engagement.
  • Strengthen the vulnerability management program by establishing standardized scanning, prioritization, and remediation workflows.
  • Led reliability standards compliance audits and investigations, including monitoring, whistleblower intake, evidence analysis, breach determinations, and mitigation plan oversight in accordance with regulatory and administrative law requirements.

Security Consultant

Rosettasein Inc.
03.2017 - 05.2021
  • Directed IT and cybersecurity operations, including strategic planning, budgeting, and technical leadership.
  • Provided cybersecurity consulting to global clients, including German-based Rosettasein Consulting.
  • Architected AWS security solutions leveraging Security Hub, GuardDuty, CloudTrail, Inspector, and Config.
  • Ensured cloud and on-prem security controls met HIPAA and HITECH compliance requirements.
  • Delivered security architecture guidance, firewall support, endpoint security optimization, and cloud service hardening.

Senior Data Centre Security Engineer

Egyptian Ministry of Finance
06.2009 - 11.2015
  • Implemented cybersecurity standards across ministry business units and led high-impact risk assessments.
  • Designed enterprise security architecture for data centres, PKI-DR environments, and national-level email platforms.
  • Integrated Palo Alto and McAfee Stonegate firewalls within the national data centre infrastructure.
  • Conducted vulnerability assessments and executed mitigation strategies, improving national cybersecurity posture.

Education

Mini-MBA -

Al Mentor

Master of Science - Criminal Justice (Cyber Crime Investigations & Cybersecurity)

Boston University

Diploma in Criminal Justice - undefined

Boston University

Cyber Criminal Specialist - undefined

Humber College

Bachelor of Science - Electrical Engineering

Professional Engineers Ontario

Skills

  • Cyber Security Strategy & Roadmaps
  • AI Security & Risk Operating Model
  • Secure and compliant AI adoption
  • Governance, Risk & Compliance (GRC)
  • Enterprise Risk Management
  • Budget & Vendor Management
  • Talent Development & Succession Planning
  • Executive Reporting & Board Presentations

Accomplishments

  • EC-Council Cybersecurity Career Mentor
  • EC-Council Ethical Hackers Hall of Fame Winner (2025)

Certification

  • Chief Information Security Officer (CISO) Training
  • Certified Information Security Manager (CISM)
  • Professional (CISSP) Training
  • Certified Ethical Hacking v8 (CEH)-Hall of fame 2025
  • Certified Cloud Security Professional (CCSP)- Training
  • ITIL Foundation v3
  • OSINT Investigations- Office of Juvenile Justice and Delinquency Prevention (OJJDP)
  • Dark Web investigations- Office of Juvenile Justice and Delinquency Prevention (OJJDP)
  • IoT Cyber crime investigations- Office of Juvenile Justice and Delinquency Prevention (OJJDP)
  • Block Chain Forensics and Dark Web investigations-Office of Juvenile Justice and Delinquency Prevention (OJJDP)
  • Crypto Currency and Financial Crime Investigations-Office of Juvenile Justice and Delinquency Prevention (OJJDP)
  • Microsoft Certified: Azure Solutions Architect Expert
  • Microsoft Certified: Cybersecurity Architect Expert
  • Certified Network Defense Architect (CNDA)
  • Rapid 7 Academy- Insight training
  • Qualys Web app testing
  • Burp suite Testing

Timeline

Information Security Manager

Grant Thornton LLP
06.2021 - Current

Security Consultant

Rosettasein Inc.
03.2017 - 05.2021

Senior Data Centre Security Engineer

Egyptian Ministry of Finance
06.2009 - 11.2015

Master of Science - Criminal Justice (Cyber Crime Investigations & Cybersecurity)

Boston University

Diploma in Criminal Justice - undefined

Boston University

Cyber Criminal Specialist - undefined

Humber College

Bachelor of Science - Electrical Engineering

Professional Engineers Ontario

Mini-MBA -

Al Mentor

Similar Profiles

  • Sridhar MargapuriSridhar Margapuri

    Senior Manager – Information Security (Enterprise Security Lead – AI SaaS Platform) at Provenir India Pvt LtdSenior Manager – Information Security (Enterprise Security Lead – AI SaaS Platform) at Provenir India Pvt Ltd

  • MOBOLAJI ADEYOOLAMOBOLAJI ADEYOOLA

    Information Security Manager at Wema BankInformation Security Manager at Wema Bank

  • Prawez SamaniPrawez Samani

    Information Security Manager at TeleperformanceInformation Security Manager at Teleperformance

  • SAI KRISHNA P GSAI KRISHNA P G

    Information Security Manager at Indian Air ForceInformation Security Manager at Indian Air Force

CREATE PROFILE
Mahy Ahmed P.Eng