About Me

Learn more about my background, education, and professional certifications in information security and compliance.

Portfolio - Professional Information Security Services
Professional Background

I'm an Information Security Consultant with 10+ years of experience delivering PCI DSS v4.0.1 compliance, IT Audit, and GRC programs across fintech, cloud, and regulated sectors. My career is focused on securing PCI-DSS Compliance roles, IT Audit positions, and IT Audit, Risk & Compliance roles.

Known for delivering precision-driven security audits, third-party risk frameworks, and GRC strategiesto mitigate exposure and enhance operational resilience. I have a proven record of leading multi-stakeholder compliance projects, streamlining risk management processes, and developing actionable security roadmaps.

I have a solid history of advancing cybersecurity maturity and audit readiness through collaborative leadership, expert advisory, and meticulous control assessments. Experienced in guiding organizations through PCI DSS certification and v4.0.1 transitions, ISO 27001 frameworks, NIST CSF, GDPR, and COBIT adoption.

Education

Master of Science (MSc) in International Health Management

Imperial College Business School

Bachelor of Business Administration (BBA) in Accounting & Finance

Valley View University

Certifications
  • CompletedCertified in Cybersecurity (CC) – ISC²
  • CompletedCertified Information Systems Auditor (CISA)
  • CompletedCertified Information Security Manager (CISM)
  • CompletedPCI Professional (PCIP) - PCI Security Standards Council
  • CompletedPCI DSS v4.0.1 Implementation Specialist - PCI Academy
  • CompletedPCI DSS for Service Providers - Specialized Training
  • CompletedNetwork Segmentation for PCI DSS - Advanced Course
  • CompletedPCI DSS Security Assessment Specialist - PCI Academy
  • In ProgressCertified in Risk and Information Systems Control (CRISC)
  • In ProgressPMP | DORA | PCIP | QSA | ISO 27001 Auditor
Policy Development & Governance Experience

I specialise in developing comprehensive security policy frameworks that align with international standards and regulatory requirements. My approach ensures policies are practical, enforceable, and support business objectives.

Enterprise Security Policy Framework Development

Global Financial Services Corporation • 2021 • 6 months

Developed comprehensive security policy framework aligned with ISO 27001, NIST CSF, and regulatory requirements to establish clear governance and compliance standards across the organisation.

Key Achievements:
  • • Created 25+ security policies covering all ISO 27001 control domains
  • • Implemented automated policy acknowledgment system (95% completion)
  • • Reduced policy exceptions by 40% through improved design
  • • Passed external ISO 27001 audit with zero policy-related findings
Methodologies Used:
  • • Gap analysis against ISO 27001 and NIST CSF requirements
  • • Policy hierarchy development (policies, standards, procedures)
  • • Stakeholder workshops and interviews
  • • Policy exception management process development

Integrated GRC Framework Implementation

European Healthcare Provider • 2020 • 9 months

Designed and implemented integrated GRC framework to streamline compliance activities, enhance risk visibility, and improve security governance across operations in multiple countries.

Key Outcomes:
  • • Reduced compliance assessment effort by 35%
  • • Improved executive risk visibility through real-time dashboards
  • • Reduced compliance gap resolution time by 50%
  • • Successfully implemented across 12 countries
Framework Components:
  • • Integrated control framework (GDPR, HIPAA, NIS2)
  • • Risk register and assessment methodology
  • • Compliance monitoring and reporting processes
  • • Governance committees and escalation paths

Core Competencies

  • • ISO 27001 policy framework development
  • • NIST CSF governance implementation
  • • Regulatory compliance policy alignment
  • • Policy lifecycle management systems
  • • Multi-jurisdictional compliance frameworks

Implementation Approach

  • • Comprehensive stakeholder engagement
  • • Gap analysis and requirements mapping
  • • Risk-based policy prioritisation
  • • Automated compliance tracking integration
  • • Continuous improvement processes
Professional Affiliations
ISACA (Information Systems Audit and Control Association)
ISC² (International Information System Security Certification Consortium)
PMI (Project Management Institute)