Open to opportunities

Naumaan Shaikh

@naumaanshaikh

Message

Entry-level GRC & information security professional specializing in ISO 27001, NIST CSF, and SOC 2 compliance.

India

Message

What I'm looking for

I’m looking for remote GRC or compliance work where I can map risks to controls, produce audit-ready documentation (ISO 27001/NIST CSF/SOC 2), and collaborate cross-functionally to close security gaps with clear remediation plans.

I’m an entry-level GRC and information security professional with hands-on experience conducting governance, risk, and compliance assessments aligned to ISO 27001, NIST CSF, SOC 2, and CIS Controls. I focus on translating regulatory expectations into clear, actionable compliance documentation that teams can actually implement.

I’ve built a complete ISO 27001 compliance portfolio for a SaaS organization, including a 20-asset risk register (with Critical, High, and Medium risks), a 15-control Statement of Applicability (all controls assessed as applicable), and a 9-section information security policy. I’m deliberate about linking risks to controls and maintaining consistency across artifacts so nothing is left ambiguous.

In my GRC work, I support security policy development, risk register creation, and client-facing GRC advisory by identifying security gaps and mapping controls to ISO 27001 and NIST CSF. I apply SOC 2 Trust Service Criteria and ISO 27001 Annex A controls to real business challenges, balancing framework rigor with practical remediation planning.

I also bring research-to-delivery discipline by designing a structured NIST CSF cybersecurity risk assessment tool scoped for small-to-medium enterprises. Alongside my security work, I’ve developed a Python-based application with database integration and completed a Power BI job simulation to practice turning compliance data into executive-ready dashboards.

Experience

Work history, roles, and key accomplishments

Current

ISO 27001 Portfolio Developer

Current

Self-Directed Portfolio Project

Jan 2026 - Present (5 months)

Authored a full ISO 27001 compliance portfolio for a fictional SaaS, including a 20-asset risk register (6 Critical, 12 High, 2 Medium) with risk owners and Reduce treatment plans, plus a 15-control Statement of Applicability and an ISO/IEC 27001-aligned information security policy.

Risk Register Security Policy NIST CSF

Current

GRC & Compliance Analyst

Current

PlutoSec - Cybersecurity Company

Nov 2025 - Present (7 months)

Conduct governance, risk, and compliance assessments for SME clients, aligning security controls with ISO 27001, NIST CSF, and CIS Controls. Support creation and review of security policies, risk registers, and SOC 2–aligned compliance documentation.

ISO 27001 NIST CSF CIS Risk Register Compliance Documentation

Python Developer Intern

SyncEdge Solutions

Nov 2024 - Mar 2025 (4 months)

Built a stock prediction application using Python and MySQL, implementing backend logic and structured dataset processing. Completed the PwC Switzerland Power BI job simulation (Forage) to translate compliance-related data into executive dashboards.

Python MySQL SQL Data Processing Data Analytics Power BI Dashboard Development Stock Prediction Applications

Education

Degrees, certifications, and relevant coursework

University of Chester

Master of Science, Advanced Cyber Security

2025 -

Activities and societies: Completed ISO 27001 risk register, SoA, and security policy; built vendor risk assessment elements for GRC coursework/research aligned to NIST CSF.

MSc in Advanced Cyber Security focused on governance, risk management, compliance, and information security frameworks, with portfolio deliverables including an ISO 27001 risk register, Statement of Applicability, and information security policy.