Information Security Auditor/Consultant

Conducted PCI DSS assessments and provided design of security documentation, enabling clients to meet regulatory requirements. Collaborate with QSA teams to define compliance scope and streamline segmentation efforts. Assist clients through compliance validation processes while overseeing remediation planning. Facilitate policy development in line with data protection standards and assist in maintaining ongoing adherence.

• Led PCI DSS assessment projects, managing compliance readiness, gap analysis, and remediation planning.
• Created and maintained detailed PCI project plans, tracking tasks, responsibilities, and deadlines.
• Collaborated with IT, security, and engineering teams to mitigate security risks and ensure compliance.
• Delivered tailored guidance on SAQs and ROC documentation, resulting in smoother audit readiness.
• Built client-specific PCI DSS compliance roadmaps for risk management and sustained security maturity.
• Enhanced assessment boundary definitions by advising on network segmentation, reducing audit scope.

Third-Party Risk & Compliance Manager

Developed third-party risk governance frameworks to implement consistent vendor evaluation practices. Oversaw the execution of due diligence procedures for suppliers, aligning practices with regulatory standards. Maintained continuous risk monitoring protocols to track compliance across vendor lifecycles. Assessed risk exposure based on criticality and data sensitivity to streamline decision-making processes.

• Prioritised supplier reviews using a tiered risk model, resulting in a 30% increase in assessment efficiency.
• Instituted TPRM programme to strengthen supplier risk identification and mitigation strategies.
• Conducted assessments of vendor controls, improving data protection alignment with industry regulations.
• Established KRIs and KPIs to boost visibility into third-party security performance and compliance trends.
• Led vendor audits and compliance checks for timely assessment of control gaps and corrective actions.

Governance Risk & Compliance Analyst

Defined information security policies and standards in alignment with ISO, NIST, and CIS frameworks. Performed IT risk assessments to locate vulnerabilities across systems and applications. Supported vendor evaluations by contributing to third-party control reviews. Collaborated with internal teams to implement risk mitigation strategies.

• Built organisation's risk management framework by developing structured compliance protocols.
• Participated in designing security awareness initiatives to improve employee understanding of policies and compliance responsibilities, fostering a culture of accountability.
• Formulated incident response plans, maximising readiness to address cybersecurity events.
• Coordinated with stakeholders to devise risk treatment plans, reducing exposure to key threats.
• Regulated third-party assessment workflows, resulting in faster detection of control deficiencies.
• Maintained reporting on compliance progress and remediation efforts, boosting audit preparedness.

Master of Science (MSc) in International Health Management

Imperial College Business School