Skip to main content
Derick DmelloDD
Looking for a job

Derick Dmello

@derickdmello

Cybersecurity & GRC analyst specializing in risk management, compliance audits, and incident response leadership.

India
Message

What I'm looking for

I’m looking to strengthen GRC and security programs across Indian enterprises—using risk management, regulatory frameworks, incident response, and AI/ML security governance to improve control effectiveness, audit readiness, and measurable compliance outcomes.

I’m a Cybersecurity & GRC professional with 3+ years of experience translating technical security risk into business impact. I align security and compliance programs to NIST CSF, ISO 27001, and regulatory requirements—so teams can move faster with stronger governance.

I’ve managed 65+ enterprise risk assessments and led 30+ compliance audits, while also driving 70+ incident response investigations using telemetry, CTI, and SIEM detection. I’m focused on control effectiveness—building risk registers, mapping controls to frameworks, validating evidence, and strengthening audit readiness.

In my roles across state and security environments, I improved outcomes through automation and operational rigor: 90% workflow governance improvement across risk management projects and an 80% reduction in processing time using automated compliance reporting workflows. I also led digital forensics initiatives to accelerate detection and insider-risk workflows.

I bring strong security operations depth (threat detection, MDR/SIEM monitoring, forensics tools, vulnerability assessment) and cloud/GRC coverage (AWS/Azure, IAM, vendor risk, ISMS build-outs). Certified in ISO 27001 Lead Auditing, ISO 42001 Lead Auditing, PCI compliance, and SOC/ethical hacking credentials, I’m excited to strengthen GRC and security programs using emerging AI/ML security and AI governance principles like NIST AI RMF concepts.

Experience

Work history, roles, and key accomplishments

VF
Current

US Cybersecurity Associate

Virtual Testing Foundation

Jun 2025 - Present (1 year)

Built SDLC-governed C2 server and UBA behavioral analytics to strengthen organizational security posture and improve operational efficiency. Led MITRE ATT&CK-based threat assessments using Palo Alto Cortex XDR to enhance detection and response.

SDLC GovernanceC2 ServerAnomaly DetectionPalo XDRThreat AssessmentSecurity Analytics
NS

Information Security Analyst

New York State Office of Information Technology Services

Feb 2025 - May 2025 (3 months)

Managed 65+ statewide risk management projects across agencies, improving workflow management and governance by 90%. Conducted risk-based security assessments using RSA Archer and supported third-party/vendor due diligence and emerging AI vendor risk evaluation.

Risk ManagementSecurity AssessmentsRSA ArcherDue DiligenceRegulatory ComplianceAudit Readiness
ND

Cyber Security Analyst

New York State Education Department

Sep 2023 - May 2025 (1 year 8 months)

Led 70+ incident response investigations using SIEM detections, CTI, and NGFW telemetry to rapidly mitigate threats and secure 35,000+ endpoints. Conducted 30+ security and compliance audits aligned to NIST CSF and 800-53R5, directed SOC digital forensics using Autopsy and CrowdStrike, and reduced compliance processing time by 80% via automated reporting workflows.

Incident ResponseSIEMCTINext Generation Firewall (NGFW) TelemetryDigital ForensicsAutopsyCrowdstrikeNIST CSFNIST 800 53Compliance Automation
NN

GS Cybersecurity Researcher

National Security Agency (NSA)

Sep 2023 - Dec 2023 (3 months)

Developed a security framework to improve cloud observability and accelerate threat detection and response for cloud-native environments. Led a 5-member research team, translating findings into actionable detection improvements and presenting executive reporting to technical directors and program leaders.

Cloud ObservabilityThreat IntelligenceDetection EngineeringSecurity FrameworksTeam LeadershipExecutive ReportingSecurity Research

Education

Degrees, certifications, and relevant coursework

University at Albany, State University of New York logoUY

University at Albany, State University of New York

Master of Science, Digital Forensics and Cyber Security

2023 - 2025

Grade: 3.96/4

Earned a Master of Science in Digital Forensics and Cyber Security. GPA: 3.96/4.

Gujarat University logoGU

Gujarat University

Bachelor of Science, IT – Infrastructure Management Services & Cyber Security

2019 - 2023

Grade: 9/10

Earned a Bachelor of Science in IT focused on Infrastructure Management Services and Cyber Security. CGPA: 9/10.

Tech stack

Software and tools used professionally

Splunk logo

Splunk

GitHub logo

GitHub

GitLab logo

GitLab

Kubernetes logo

Kubernetes

Gmail logo

Gmail

Okta logo

Okta

Terraform logo

Terraform

Wireshark logo

Wireshark

Linux logo

Linux

Windows logo

Windows

Gemini logo

Gemini

Qualys logo

Qualys

CrowdStrike logo

CrowdStrike

Ansible logo

Ansible

Vercel logo

Vercel

Vanta logo

Vanta

SQL logo

SQL

ServiceNow logo

ServiceNow

Score logo

Score

Evidence logo

Evidence

Bash

Wazuh logo

Wazuh

Phase logo

Phase

Dynamic logo

Dynamic

Remote logo

Remote

Availability

Looking for a job

Location

India

Authorized to work in

India

Website

mello-io.github.io

Social media

Derick Dmello's LinkedInDerick Dmello's GitHub

Job categories

Security AnalystSecurity AnalystRisk AnalystInformation Security DeveloperCompliance AnalystSecurity Operations EngineerSecurity Engineer

Skills

Threat IntelligenceSIEM Monitoring (Google SecOps)SplunkELKWazuhDigital ForensicsWiresharkVulnerability AssessmentThreat ModelingCloud SecurityMS SentinelMS EntraIDOktaActive Directory AdministrationNetwork SecurityPython ProgrammingBash ScriptingDatabase ManagementOSINTSDLCSSDLCSASTDASTGitlabKubernetesAnsibleTerraformBurp suiteMicrosoft 365 AdministrationSecurity AutomationBASHCrowdstrikeDynamicEvidenceGeminiGitHubGmailLinuxPhaseQualysSQLScoreServiceNowVantaVercelWindows RemoteRisk AssessmentEnterprise Risk ManagementCompliance AuditingPolicy DevelopmentControl MappingsVendor Risk AssessmentRisk RegisterGovernance (Responsible AINIST 800 53NIST 800 37ISO 27001PCI DSSSOC2HIPAAGDPRCISThreat DetectionMDRPA NGFW

Interested in hiring Derick?

You can contact Derick and 90k+ other talented remote workers on Himalayas.

Message Derick

People also viewed

View all talent

Find your dream job

Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan