Meet Sanjay Jha

A personal portfolio showcasing my journey and value offerings in the governance, risk, and compliance (GRC) domain of IT, Security, and Data Privacy.

My story

Extensive Leadership Experience: A science graduate (1989) and a visionary leader with decades of global work experience, including leadership roles within Governance, Risk Management, and Compliance (GRC).

Delivery-Oriented & Global Reach: Sanjay is a delivery-oriented professional with rich experience in a cross-border environment and has demonstrated his leadership values while servicing clients across America, Europe, Asia Pacific, and the Middle East, embracing challenges as opportunities for growth.

My Value Offerings

Helping you navigate governance, risk, and compliance with clarity.

Governance

Establish resilient governance across 3 lines of defence based on the globally accepted principles and frameworks.

Establish a Risk Management Program based on the globally accepted principles and frameworks.

A Program to ensure compliance with the requirements of the legal and regulatory frameworks.

Risk Management

Compliance

As a GRC transformation leader, Sanjay can provide the following value offering:

1) Establish or transform a governance and risk management framework to serve the board and executive members with an integrated view of enterprise risk exposure from three lines of defence perspectives.

2) Establish or transform an information security function based on the globally accepted frameworks.

3) Establish or transform a data privacy function based on the local and global data protection laws & regs.

4) Establish Centre of Excellence (COE) for security, privacy, governance, risk management, and compliance.

5) Support merger and acquisition by standardizing governance IT, cybersecurity, data privacy and BCP/DRP.

6) Establish the management system for ITSM, ISMS, BCMS, PIMS, and AI (AIMS – in progress).

7) Control financial reporting risks by building risk governance and oversight through Internal Controls over Financial Reporting (ICFR) using IT General Controls (ITGC) derived from COSO, COBIT, and NIST CSF.

8) Design a robust risk control framework for service organizations to assure the client organizations by using COSO, COBIT, ITGC, SSAE 18 /ISAE 3402 for SOC compliance readiness (SOC 1, Type 1 and Type 2).

9) Establish an internal audit program for IT, security, data privacy, and BCP using ITGC Controls.

10) Support executive management in digital forensic investigations.

Implementation of the
Data Protection Laws and Regulations

Developed an Integrated Data Privacy Program in accordance with the GDPR and Personal Data Protection Laws and Regulations of KSA, UAE (including ADGM and DIFC), Oman, Jordan, and Lebanon.

To support this Privacy Prgoram, a Privacy Framework was developed using ISO standards such as ISO/IEC 27701:2025, ISO/IEC 29100:2024 Privacy Framework; and the globally accepted framework such as NIST Privacy Framework.

Privacy

Implementation of the Personal Information Management System (PIMS) based on ISO 27701:2025 and Data Protection Laws and Regulations.

Implemented Personal Information Management System (PIMS) based on the Oman Personal Data Protection Law, its Executive Regulation, and ISO/IEC 27701:2025.

PIMS

Implementation of the Security Governance based on ISO 27001, NIST, CIS, OWASP, SOX, SSAE 18, ISAE 3402, and ITGC (IT General Controls).

Implemented the information security management system in accordance with the UAE Information Assurance (IA) Standard.

Security

Build GRC Strategy and ensure Security-by-Design (SbD) and
Privacy-by-Design (PbD) in Digital Transformation.

Ensure Security-by-Design and Privacy-by-Design in all Digital Transformation and Technological Innovations.

Digital

Transformation

Independent Assurance Services

for Top Management

Direct engagement by and reporting to the C-Suite.

KSA Personal Data Protection Law 2021
(Amended 2023)

Developed an integrated Data Privacy Program around KSA Personal Data Protection Law and Regulations based on SDAIA and NDGP Knowledge Center, NIST Privacy Framework, and ISO/IEC 29100:2024 – Privacy Framework.

Issued pursuant to Royal Decree No. (M/19) dated 09/02/1443 AH corresponding to 16/09/2021 G

Amended pursuant to Royal Decree No. (M/148) dated 05/09/1444 AH corresponding to 27/03/2023 G

UAE Personal Data Protection Law 2021

Developed an integrated Data Privacy Program around UAE Personal Data Protection Law based on NIST Privacy Framework, and ISO/IEC 29100:2024 – Privacy Framework

Federal Decree by Law No. (45) of 2021 Concerning the Protection of Personal Data

Oman Personal Data Protection Law 2022

Developed an integrated Data Privacy Program around Oman Personal Data Protection Law and its Executive Regulation based on NIST Privacy Framework, and ISO/IEC 29100:2024 – Privacy Framework.

Developed Privacy Information Management System (PIMS) based on ISO/IEC 27701:2025.

Royal Decree 6/2022 Promulgating the Personal Data Protection Law

Executive Regulation of the Personal Data Protection Law (Ministerial Decision No. 2024/34)

ADGM Data Protection Regulation 2021

Developed an integrated Data Privacy Program around ADGM Data Protection Regulations 2021 based on NIST Privacy Framework, and ISO/IEC 29100:2024 – Privacy Framework.

ADGM Data Protection Regulation 2021

DIFC Data Protection Law

Developed an integrated Data Privacy Program around DIFC Data Protection Law DIFC Law No. 5 of 2020 and Data Protection Regulations 2023 based on NIST Privacy Framework, and ISO/IEC 29100:2024 – Privacy Framework

DIFC Law No. 5 of 2020 - DIFC Amendment Law DIFC Law No. 1 of 2025

Management System

Helping you navigate governance, risk, and compliance with clarity.

Information Security Management System (ISMS)

Helping you navigate governance, risk, and compliance with clarity.

IT Service Management
(ITSM)

Helping you navigate governance, risk, and compliance with clarity.

Personal Information Management System (PIMS)

Helping you navigate governance, risk, and compliance with clarity.

Business Continuity Management System
(BCMS)

Helping you navigate governance, risk, and compliance with clarity.

Artificial Intelligence Management System
(AIMS)

Helping you navigate governance, risk, and compliance with clarity.

Enterprise Risk Management

Helping you navigate governance, risk, and compliance with clarity.

Risk Management

Helping you navigate governance, risk, and compliance with clarity.

Technology Risk Management

Helping you navigate governance, risk, and compliance with clarity.

˜ ISO 31000

˜ ISO 27005

˜ COSO

˜ COBIT.

Sections below are Under Construction

Risk Assessment

Identifying and analyzing risks to protect your business.

Compliance

Ensuring your processes meet regulatory standards.

Crafting clear policies tailored to your organization's needs.

Policy Development

Governance

Helping you navigate governance, risk, and compliance with clarity.

˜ Establish Resilient Governance (COSO)

˜ Establish Resilient Governance (COBIT)

˜ IT Governance (ITSMF, ISO 20000)

˜ Security Governance (NIST, ISO 27001)

˜ Privacy Governance (NIST, ISO 27701)

˜ AI Governance (NIST CSF, ISO 42001)

˜ Establish KPI based Governance

˜ Governance-as-a-Service

˜ Policy Development

˜ Policy Objectives,

˜ Define KPIs and SLAs

˜ Define Roles and Responsibilities (R&R)

˜ FISMA, UAE IAS, SAMA

˜ ISMS, PISM, ITSM, BCMS, AIMS

Risk Management

Helping you navigate governance, risk, and compliance with clarity.

˜ Technology Risk Management

˜ Data Privacy Risk Management

˜ Data Privacy Assessments – PTA, LIA, PIA, HRPA, DPIA, TIA.

˜ Business Continuity

˜ Disaster Recovery Planning

˜ Risk Controls Self-Assessments (RCSA)

˜ Peer Review

˜ ISO 31000, ISO 27005, COSO, and COBIT.

Compliance

Helping you navigate governance, risk, and compliance with clarity.

˜ Data Protection Law and Regulation

˜ Data Privacy Regulatory Compliance

˜ SOX, SSAE 18, ISAE 3402

˜ ISMS

˜ PIMS

˜ BCMS

˜ ITSM

˜ AIMS

˜ UAE IAR /IAS

˜ Internal Audits,

˜ Gap Assessment,

˜ Readiness Review

˜ Maturity Assessments

˜ Cyber Security Readiness Review

˜ ISO Audit Readiness Review

˜ Regulatory Audit Readiness Review