About
Information Security Consultant with over 3 years of hands-on experience in GRC and SOC operations within an enterprise environment. Experienced in ISO/IEC 27001:2022 ISMS, including risk assessments, internal audits, control testing (ToD/ToE), and documentation. Strong hands-on exposure to vulnerability management using OpenVAS, patch management using ManageEngine Endpoint Central, root cause analysis (RCA), SIEM monitoring, incident handling, SOC 2 Type 2 compliance support, third-party risk management (TPRM), asset management, and business continuity and disaster recovery activities. Experienced in supporting GDPR and HIPAA-aligned security and privacy controls, with foundational knowledge of CCPA.
Skills & Expertise (26)
Work Experience
Consultant – Information Security (GRC, SOC & Compliance)
Delta Technology and Management Services
Nov 2022 - Oct 2025
Managed the end-to-end vulnerability management lifecycle across Linux and Windows environments using OpenVAS (GVMD/GSA). Handled feed synchronization, scan configuration, scheduling, and execution. Analyzed scan results, validated false positives, and classified vulnerabilities using CVSS scoring. Performed root cause analysis (RCA) for recurring and critical vulnerabilities. Identified mitigation strategies and mapped vulnerabilities to business impact. Coordinated remediation with infrastructure and application teams. Managed patch management activities using ManageEngine Endpoint Central, including deployment and validation. Conducted re-scans to verify remediation effectiveness and maintained vulnerability trackers for audits and reporting. Performed continuous SIEM monitoring and alert triage using Microsoft Sentinel, Microsoft Defender, Wazuh SIEM, and Zabbix. Investigated incidents related to failed sign-ins, risky sign-ins, impossible travel scenarios, anomalous logins, and privileged access misuse. Analyzed Azure Entra ID (Azure AD) logs including Sign-In, Audit, and Risky Sign-Ins. Handled incidents end-to-end, including alert validation, evidence collection, timeline analysis, RCA, and reporting. Prepared structured incident reports aligned with organizational incident response procedures. Conducted risk assessments, identified mitigation strategies, and monitored risk remediation. Ensured compliance with laws, regulations, standards, and organizational policies. Worked on ISO/IEC 27001:2022 ISMS implementation, maintenance, and continual improvement. Participated in audits, reviews, and assurance activities, addressing control gaps and non-conformities. Performed internal audits, including evidence collection and control testing (ToD/ToE). Developed and maintained policies, procedures, SOPs, and governance frameworks. Supported SOC 2 Type 2 compliance activities, including control mapping, evidence collection, and gap tracking. Supported GDPR and HIPAA-aligned security and privacy controls, with awareness of CCPA requirements. Executed Third-Party Risk Management (TPRM) activities, including vendor assessments, questionnaires, risk scoring, and remediation tracking. Prepared GRC reports, dashboards, and metrics, and monitored GRC performance. Delivered training and awareness sessions on GRC and information security best practices. Collaborated with stakeholders to support GRC initiatives across teams. Supported Business Continuity Planning (BCP) and Disaster Recovery (DR) activities. Performed Disaster Recovery tabletop simulations to validate escalation flow, communication plans, and RTO/RPO objectives. Documented observations, gaps, and improvement actions.
Education
B.Sc. Forensic Science with Computer Science - RBVRR Women’s College
2020 - 2023 · Afghanistan
Intermediate (BiPC) - Villa Marie Junior College
2018 - 2020 · Afghanistan
Post Graduate Program in Cybersecurity - Great Lakes University
- 2023 · Afghanistan
CBSE – Class X - Rishi Public School
- 2018 · Afghanistan
