Ensuring that Surfboard Products, services and infrastructure remain secure and that processes meet globally recognized standards such as PCI DSS, PCI PIN, ISO 27001, GDPR, NIST and CIS Controls. Align, update, and implement global benchmarks continuously..Planning, developing and implementing security policies, protocols, and procedures as Head of Compliance. Providing advice and instructions on how to ensure Data Protection, Data Security, Privacy etc..Controlling budgets for security operations and monitor expenses. Developing and Monitoring security KPIS..Ensuring that entity meets all regulatory requirements in all the jurisdictions such as the UK, Europe and Asia - including security, PCI, data protection, data localisation etc..Ensuring VAPT activities are conducted periodically for cloud platform. Working with internal teams to prioritizing mitigation strategies. Facilitating internal and external audits..Responding to the client questionnaires and assessment checklist, resolving client queries related to information security..Monitoring risk throughout the company portfolios, facilitating internals sessions between various teams..Working with the DevOps team to integrate security tools and create and improve an automated security process within SDLC..Conducting regular information security training and awareness sessions..

As a Lead Consultant I am responsible for leading successful end-to-end delivery of various Governance, Risk, and Compliance (GRC) engagements for clients, ensuring projects are completed according to agreed terms. I specialize in developing and implementing GRC programs, including pre-consultation, gap assessments, and roadmaps. I am experienced in presenting technical issues to various information security frameworks, and leading project meetings with C-level executives. I also support team development by regularly reviewing KRAS and KPls, and providing guidance on goal-setting exercises. Additionally, I actively contribute to the sales process by responding to RFIS and RFPS, supporting sales meetings, and identifying new business opportunities. I am also skilled in delivering information security awareness training and conducting PCI DSS implementation workshops. Furthermore, I work closely with the Quality Assurance team to ensure all deliverables meet standards, and have a strong understanding of on-premise and cloud-based infrastructures, and have experience in designing PCl-compliant infrastructures on various cloud service providers..Skills: Threat & Vulnerability Management, IT Audit Risk Assessment, Third Party Risk Management (TPRM), Risk Management, ITGC, Cloud Computing and Customer Service..

As a Senior Associate Consultant, have extensive experience in performing Governance, Risk, and Compliance (GRC) related audits for various regulatory projects such as PCI DSS, PCI PIN, ISO 27001, CSF, System Audit Report, and more. My responsibilities include executing and managing audits, including the management of audit plans, gap assessments, remediation, review of documentation and evidence, process evaluations, and client interviews. I have a strong ability to document assessment results and compose clear and comprehensive assessment reports for key clients and other stakeholders. I am skilled in identifying and designing various compliance requirements for clients and detecting potential security weaknesses through control assessments, and driving them to closure within agreed timelines. I also have experience collaborating with the project management office, quality management, and other key delivery team members to ensure customer satisfaction and timely delivery.Skills: Risk Management, Training, GRC, ITGC, Payment Card Industry Data Security Standard (PCI DSS) ISO 27001, PCI PIN..

As a Associate Consultant, have extensive experience in delivering and managing compliance assessments for various regulatory projects such as PCI QSA, ISO 27001, System Audit Report and more. My responsibilities include: Delivery and management of assessments, including audit plan management, review of documentation and evidence, process evaluations, and client interviews. Educating clients on various compliance activities and interpreting the requirements for them Collaborating with the project management office, quality management, and other key delivery team members to ensure customer satisfaction and timely delivery..

As an IT & Information Security Engineer, have extensive experience in managing compliance for regulatory such as ISO 27001, System Audits and more. I am responsible for conducting Internal Audit and ensuring compliance on regular basis, management of external assessments, including audit plan management, collection and submission of documentation and evidence..