Looking for a job

Yaasir Nizwer

@yaasirnizwer

GRC analyst specializing in cyber risk and data privacy, translating controls and compliance into executive-ready decisions.

Sri Lanka

Message

What I'm looking for

I’m looking for a global remote GRC role where I can lead cybersecurity risk assessments, privacy impact work, and audit readiness, translating control evidence into executive decisions and helping teams mature governance and compliance.

I’m a cybersecurity GRC and privacy professional with 5+ years of experience, including Big 4 consulting at Deloitte, delivering enterprise risk assessments, compliance programs, and privacy frameworks for regulated industries.

I specialize in NIST CSF/RMF and ISO 27001/27701, with proven expertise across SOC 2, PCI DSS, and major privacy regimes including GDPR, HIPAA, and CCPA, consistently translating technical risks into business-focused recommendations for executives.

At Deloitte, I led NIST CSF-based maturity and gap assessments across 5+ enterprise clients, identifying 40+ critical control deficiencies and building prioritized remediation roadmaps. I also supported SOC 2 readiness through Trust Services Criteria mapping, strengthening audit preparedness and evidence traceability, and created ISO 27001-aligned risk control matrices for enterprise ERP environments.

Most recently, I’ve been training and mentoring 200+ global professionals in SOC 2 and ISO 27001-aligned control mapping, risk assessment methodologies, and audit readiness workflows, helping practitioners turn frameworks into operational GRC deliverables. I bring additional experience in third-party risk management and privacy impact assessments (PIA/DPIA), and I’m currently progressing through a certified cyber security track while serving in remote, cross-border GRC engagements.

Experience

Work history, roles, and key accomplishments

Current

GRC Mentor & Trainer

Current

Better Cyber Career

Oct 2024 - Present (1 year 8 months)

Delivered structured GRC and cybersecurity compliance training for 200+ professionals across ISO 27001, SOC 2, PCI DSS, and HIPAA. Developed SOC 2/ISO 27001-aligned modules for control mapping, risk assessment, and audit readiness, and coached practitioners on risk registers and control documentation.

ISO 27001 SOC PCI DSS HIPAA Risk Assessment Control Mappings Risk Register Audit Readiness

Senior Associate - Cyber Strategy

Deloitte

Jun 2022 - Jul 2024 (2 years 1 month)

Led NIST CSF-based cybersecurity maturity and gap assessments for 5+ enterprise clients, identifying 40+ critical control deficiencies and producing prioritized remediation roadmaps. Supported SOC 2 readiness, built ISO 27001 risk control matrices for enterprise ERP environments, and delivered GDPR/CCPA/HIPAA/PDPA compliance initiatives including PIAs and regulatory gap analysis.

NIST CSF SOC ISO 27001 GDPR CCPA HIPAA PCI DSS

Research Analyst - Information Security

Digital Research Solutions

May 2021 - Apr 2022 (11 months)

Conducted security risk assessments across cloud and on-premise environments, identifying control weaknesses across IAM, data protection, and access management. Evaluated systems against CIS Controls and NIST RMF to produce ISMS-aligned security controls and prioritized remediation roadmaps to improve governance and audit readiness.

CIS NIST RMF ISMS IAM Access Management Security Risk Assessment Data Protection Cloud Security

Governance Operations Administrator

Soul Hive

Sep 2018 - Mar 2022 (3 years 6 months)

Supported governance operations by aligning internal processes with international governance, risk, and information security control standards. Implemented standardized project governance templates, monitored KPIs, and maintained audit-ready compliance documentation to support continuous control evaluation.

Operational Governance Project Governance Audit Readiness KPIs