1. Conduct interviews with key stakeholders across critical business units including IT, HR, Accounting, and Legal to gather detailed information about existing security practices, policies, and procedures.2. Perform tabletop reviews to quickly assess potential weaknesses and vulnerabilities in systems, processes, networks, and applications, identifying areas that may pose risks to the organisation.3. Review and assess the effectiveness of current security controls, including defensive measures, security configurations, access controls, and user permissions, to ensure they align with industry best practices and regulatory requirements.4. Analyse the organisation's incident response procedures and capabilities to ensure they are robust and effective in mitigating security threats. Evaluate physical security controls, if applicable, to ensure the protection of critical infrastructure and data assets.5. Collaborate with cybersecurity and governance teams to assess the due diligence process and third-party assessment procedures for vendors, focussing on their cybersecurity practices, regulatory compliance, and alignment with industry standards including; ISO 27001, ISO 22301, PCI DSS, NDPA. Conduct thorough evaluations of vendor qualifications, credentials, data handling procedures, and business continuity plans, ensuring they meet organisational standards and regulatory requirements.6. Document all findings, including identified vulnerabilities, weaknesses, and areas of concern, with detailed evidence and supporting documentation. 7. Provide comprehensive reports with prioritisedrecommendations for remediation, ensuring that all stakeholders have a clear understanding of the risks and necessary corrective actions.

• Develop and execute audit plans to assess the effectiveness of IT controls• Evaluate the design and operating effectiveness of IT security controls.• Monitor the implementation of corrective action plans• Ensure compliance with industry standards and regulatory requirements including (NIST,ISO 27001, GDPR etc.)• Develop security awareness programs to improve employee security knowledge.• Perform regular IT security risk assessment and develop mitigation plans.• Audit Third-party vendor’s ISMS.

• Assisted in conducting IT risk assessments and developing strategies to mitigate risks.• Supported the implementation of security policies and procedures.