About
I am an experienced professional with a strong background in risk assessment, security assessment, vendor management, and the development and updating of security policies. Additionally, I have expertise in providing security awareness training and conducting phishing simulation tests to enhance an organization’s cybersecurity posture. My experience includes assessing compliance with industry-standard frameworks such as SEC OCIE, NIST 800-53, and ISO 27001, ensuring that organizations meet the highest security and regulatory standards. I have a proven track record of effectively managing and mitigating risks, enhancing security protocols, and driving compliance efforts to safeguard sensitive information and critical assets. With my comprehensive skills in risk and security management, I am well-equipped to contribute to the protection and resilience of organizations in an ever-evolving cybersecurity landscape.
Skills & Expertise (52)
Work Experience
GRC Analyst
GRAYRADIANT DATA SERVICES PVT LTD
Jun 2022 - Dec 2023
Led end to end phishing simulation campaigns to assess employee awareness and response. Created customised phishing scenarios based on real world threats relevant to each client. Analyzed campaign results to identify vulnerable employees and potential security gaps. Reported findings and provided actionable recommendations to enhance organizational security posture. Developed comprehensive training materials and workshops focused on recognizing and responding to phishing attempts. Delivered video-based training sessions through learning management system (lms). Created and distributed educational newsletters and resources to maintain ongoing awareness. Utilized cybersecurity tools and software to track and evaluate the effectiveness of phishing simulation campaigns. Generated detailed reports summarizing campaign outcomes, including success rates, user engagement, and areas for improvement. Presented findings to clients, offering insights into their security landscape and progress over time.
GRC Associate
GRAYRADIANT DATA SERVICES PVT LTD
Jan 2024 - Present
Conducted security assessments on client's critical business systems and cybersecurity posture based on applicable framework requirements such as SEC Division of Examination, ISO 27001, and NIST 800-53 to identify areas of improvement. Conducted quarterly GRC review meetings to discuss risk management strategies and review key security metrics, ensuring alignment on priorities and action plans. Collaborated with stakeholders to develop/update the security policies and procedures that align with industry best practices and compliance requirements, such as SEC and ISO 27001. Reviewed Vulnerability Scan reports to identify, and prioritize the vulnerabilities, discussing with the technical team for further remediation. Focused on Security, Identity & Access Management, Encryption, Data Loss Prevention, Secure Development, Incident Management, and Security Policy. Executed ITGC testing covering Access Management, Change Management, and IT controls for SOC2 & ISO 277001 audits including evidence collection, gap identification & remediation tracking. Conducted third party risk management by performing due diligence using CIAQ and SIG, and assessing the supporting documentation and other independent audit reports such as SOC 2. Documented key third-party risks identified in a formal report, escalated control gap findings as necessary to management, presented the report, and made recommendations to key technology and business process stakeholders to promote awareness and determine mitigating controls or remediation requirements. Utilized GRC platforms such as ServiceNow and internal tools for risk management, vendor risk evaluations, and reporting workflows. Designed and developed a custom GRC module to automate assessments, categorize risk gaps, and flag high-risk items for remediation. Ensured timely and secure communication of findings. Supported internal and external audits by coordinating evidence collection, validating control documentation, and ensuring timely submission of audit artifacts. Performed control design and operating effectiveness testing for key IT General Controls (ITGCs), including access management, change management, and incident management. Performed ITGC assessments aligned with ISO27001, NIST, COBIT, SOC2 Frameworks. Assisted in SOC 2 readiness assessments aligned with the SOC 2 Trust Services Criteria (Security, Availability, Confidentiality). Reviewed and analyzed third-party SOC 2 reports to evaluate control effectiveness and identify complementary user entity controls. Executed ITGC audits for critical applications, systems, databases to ensure compliance with policies & regulatory requirements. Conducted gap analysis against ISO/IEC 27001 and NIST SP 800-53 to identify control deficiencies and recommend corrective actions. Conducted ITGC access control testing including user provisioning, deprovisioning, privileged access review & periodic recertifications. Assigned risk ratings (High/Medium/Low) to audit observations based on likelihood and impact analysis. Prepared audit summary reports and presented findings to management, highlighting key risks and compliance gaps.
Education
Bachelor of Business Administration (BBA) - Gitam School of Business
2018 - 2021 · Afghanistan
