Open to opportunities

Daman Daman

@damandaman

Message

Information Security Consultant improving cyber resilience through AppSec, TPRM, and risk governance.

India

Message

What I'm looking for

I’m looking for a role where I can strengthen security posture through application security assessments, third-party risk management, and audit-ready governance—partnering with cross-functional teams to reduce cyber risk and improve resilience.

I’m an Information Security Consultant with almost 5+ years of diverse experience across cybersecurity, risk management, and IT operations. I focus on conducting comprehensive security assessments, implementing defense mechanisms, and managing incident response processes to strengthen cyber resilience.

At Protiviti, I serve as Deputy Manager and lead application security assessments for large-scale systems. I own and maintain RCSA, risk registers, and control inventory, and I manage the incident lifecycle including root cause analysis, remediation tracking, and closure governance.

I also lead third-party risk management by collaborating with legal, compliance, and IT teams, reviewing vendor contracts, and integrating security standards using DocuSign workflows. I provide guidance on encryption, key management, and secret handling, while delivering executive-level reporting through dashboards, KRIs, and governance documents.

Previously at EY, I supported audit lifecycle activities and worked with ISMS frameworks (ISO 27001) and the Standard Information Gathering (SIG) framework. At MetLife and Actisoft, I performed vendor risk assessments using SOC 2 and ISO-27001-aligned controls, ensured compliance with GDPR/CCPA/HIPAA, and contributed to security awareness and secure access practices.

Experience

Work history, roles, and key accomplishments

Current

Deputy Manager

Current

Protiviti

Feb 2025 - Present (1 year 2 months)

Led and executed application security assessments for complex, large-scale systems, and owned risk assessment artifacts including RCSA, risk registers, and control inventory. Managed issue and incident lifecycle governance, developed risk dashboards/KRIs for senior leadership, and improved the AppSec assessment process and security standards.

Security Assessments RCSA Controls Risk Register

Information Security Consultant

Ernst and Young LLP

Apr 2024 - Feb 2025 (10 months)

Supported audit lifecycle activities including scoping, planning, fieldwork execution, reporting, QA, and issues tracking. Worked with ISMS concepts and frameworks aligned to ISO 27001 and Standard Information Gathering (SIG).

Audit Life Cycle ISO 27001 ISMS Issue Tracking Security Governance Compliance Reporting

Senior IT Associate

MetLife GOSC Pvt. Ltd

Aug 2022 - Apr 2024 (1 year 8 months)

Organized third-party vendor information security risk assessments using GRC tooling and frameworks including SOC 2 and ISO 27001. Optimized TPRM workflows, designed risk mitigation for high-risk vendors, and produced executive-ready assessment reports aligned to GDPR, CCPA, and HIPAA requirements.

GRC ISO 27001 GDPR Risk Mitigation

Process Associate

Actisoft Ltd

Sep 2020 - Jul 2022 (1 year 10 months)

Managed day-to-day activities in a data-sensitive environment while adhering to information security protocols and access control practices. Supported third-party AI vendor assessment by identifying critical risks, helped onboard team members on secure data handling, and contributed to regular security awareness training.

Access Control Data Security Third Party AI Vendor Security Security Awareness Onboarding