Actively Looking for Work
I am an experienced Information Security Governance, Risk, and Compliance (GRC) professional with over 3 years of expertise supporting organizations in achieving and maintaining compliance with global security standards. My core competencies span ISO 27001, SOC 2, GDPR, third-party risk management (TPRM), internal audits, policy development, risk assessments, and security awareness initiatives.
Currently, I work as an Associate Information Security Engineer II at PowerSchool, where I actively contribute to the GRC function. My responsibilities include:
In parallel, I provide support to the Application Security (AppSec) team in activities related to application penetration testing and security reviews, enhancing overall product security.
Previously, at Accenture, I served as a Technical Security Associate, where I conducted ISO 27001-based internal audits across 80+ client projects, performed ISMS assessments, and helped identify and close security gaps. I ensured compliance with GDPR for projects handling PII and prepared reports for senior leadership, facilitating risk visibility and proactive mitigation. My work also included delivering security awareness sessions for new joiners and during audit cycles.
I am certified as an ISO 27001:2013 ISMS Lead Auditor and am pursuing CISSP (target 2025). I also have working knowledge of tools and frameworks such as HECVAT, CAIQ, SIQ, Kali Linux, and a keen interest in cybersecurity, cloud security, ethical hacking, and penetration testing.
In addition to technical skills, I am adept at:
I am passionate about enabling organizations to build secure, resilient, and compliant environments that support both regulatory expectations and business goals. I am seeking new opportunities where I can contribute my skills in GRC, audits, risk management, and security awareness while continuing to grow in the fields of cybersecurity and information security governance.