HimalayasHimalayas logo
SS
Open to opportunities

Sikander Shah

@sikandershah1

Information security and GRC analyst improving ISMS compliance, risk posture, and security awareness through measurable training.

Zimbabwe
Message

What I'm looking for

I’m looking for a role where I can own ISMS/GRC work, strengthen ISO27001 compliance, run measurable security awareness and phishing campaigns, and partner with IT and security teams to reduce real risk through practical controls and documentation.

I’m a Governance, Risk & Compliance Analyst with a strong focus on maintaining and improving an Information Security Management System (ISMS). I manage the day-to-day upkeep of information security policies, standards, and procedures, while ensuring risks, exceptions, and non-conformities are properly documented and handled through formal processes.

Across my roles, I’ve helped organizations strengthen their information security posture through targeted training and phishing simulation campaigns, including analysing user behaviour and driving follow-up actions. I also support governance and compliance by performing control testing, evidence collection, and gap analysis for recertification reviews, and by aligning activities across business units with internal policies, regulatory requirements, and industry best practice.

I bring hands-on audit and assurance experience from ISO27001 internal and external audit support, supplier assurance due diligence, vulnerability assessments and penetration test collaboration, and incident triage and response support. I’ve also contributed to access review and least-privilege practices, cyber security impact analysis for IT changes, and ongoing process documentation, helping teams adopt secure practices in BAU and project environments.

Experience

Work history, roles, and key accomplishments

N Brown Group logoNG
Current

Governance & Risk Analyst

N Brown Group

Aug 2025 - Present (9 months)

Managed day-to-day ISMS governance by maintaining security policies, standards, and procedures to support regulatory alignment and compliance. Performed control testing and evidence collection for IAM recertification, supported supplier assurance, and ran phishing simulation and training follow-ups to improve security awareness.

ISMSISO 27001GRCRisk AssessmentControls TestingIAM RecertificationPolicy Management
Commify Ltd logoCL

ISMS Administrator

Commify Ltd

Apr 2022 - Nov 2022 (7 months)

Contributed to group information/cyber security strategy and ensured IT changes complied with security standards through security impact analysis. Led access reviews and least-privilege evaluations, supported security policies and business continuity planning, and ran phishing simulations using SIEM and vulnerability management tools to reduce security risk.

Information Security StrategySecurity PoliciesSIEMVulnerability ManagementBusiness Continuity Planning
FirstGroup logoFI

Application Support Analyst

FirstGroup

Oct 2019 - Dec 2020 (1 year 2 months)

Administered and monitored application and software infrastructure, including provisioning access for starters and removing access for leavers. Managed Microsoft 365 (Active Directory, Azure Active Directory, and SharePoint), resolved IT support tickets in JIRA and Spiceworks, and provided advanced troubleshooting for end-user application access in the public transport sector.

Application SupportMicrosoft 365 AdministrationAzure Active DirectorySharePointTroubleshootingIT documentation

Education

Degrees, certifications, and relevant coursework

Northumbria University logoNU

Northumbria University

Master of Science (MSc) in Cyber Security, Cyber Security

2021 - 2022

Completed an MSc in Cyber Security at Northumbria University from 2021 to 2022.

University of Bradford logoUB

University of Bradford

Bachelor of Science (BSc) in Computer Science, Computer Science

2014 - 2018

Completed a BSc in Computer Science at the University of Bradford from 2014 to 2018.

Sheffield City College logoSC

Sheffield City College

Business Level 3, Business

2012 - 2013

Completed the Peter Jones Enterprise Academy Business Level 3 programme at Sheffield City College from 2012 to 2013.

RT

Rotherham College of Arts & Technology

BTEC Level 3 in Information Technology, Information Technology

2010 - 2012

Completed a BTEC in IT (Level 3) at Rotherham College of Arts & Technology from 2010 to 2012.

OC

Oakwood Technology College

GCSEs (6 subjects), General Education

2005 - 2010

Completed GCSEs (6 subjects including English, Mathematics, and ICT) at Oakwood Technology College from 2005 to 2010.

Tech stack

Software and tools used professionally

Rollout logo

Rollout

Jira logo

Jira

Evidence logo

Evidence

Make

Availability

Open to opportunities

Location

Zimbabwe

Authorized to work in

United Kingdom

Job categories

Risk & Compliance (GRC) AnalystInformation Security AnalystInformation Security AuditorInformation Systems Security ManagerApplication Support AnalystCybersecurity GRC AnalystRisk Compliance AnalystGovernance And Compliance SpecialistCompliance Analyst

Skills

Information Security Management System (ISMS)Risk & ComplianceISO 27001Risk AssessmentControls TestingGap AnalysisIAM Recertification ReviewsSecurity Awareness TrainingPhishing Triage And Email InvestigationDue DiligenceSystem Access ReviewsBusiness ContinuityVulnerability AssessmentPenetration TestingSecurity AuditsIncident ResponseSIEMSIFTRapid7IRONSCALESAzure Active DirectorySharePointJiraProcess documentationPhishing Training RemindersEvidenceMakeRollout

Interested in hiring Sikander?

You can contact Sikander and 90k+ other talented remote workers on Himalayas.

Message Sikander

People also viewed

View all talent

Find your dream job

Sign up now and join over 100,000 remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan