Maria Zaine

Full-time consultancy role with managerial responsibilities. Client engagements listed below:

Senior Security Architect | Consultant

Quickline Communication | Nov 2025 - Present

• Conducted ISO 27001 gap analysis and TSA compliance review for Quickline Communication.
• Identified major, minor, and OFIs with remediation plans for resolution.
• Facilitated stakeholder engagement sessions to assess business context and existing controls.
• Delivered actionable reports, detailing security mechanisms and controls suitable with QLC's business environment.

Senior Security Architect | Consultant

Which ltd | Dec 2024 - Oct 2025

• Authored and established security policies by assessing risk, ensuring compliance (PCI DSS, NIST 2, ISO 27001), and aligning with business capabilities and industry best practices.
• Defined and documented security standards, functional security requirements, and control specifications, ensuring alignment with associated policies.
• Authored an enterprise-wide Incident Management procedure to streamline response operations, reduce response times, define clear roles and responsibilities (RASCI), define SLAs, and ensure the organisation can demonstrate compliance with NIST 2.0 and ISO 27001.
• Served as a trusted security advisor during audits, managing scope (ToR), evidence collection, and engagement with auditors.
• Acted as a technical authority representative, explaining complex architectural designs and diagrams to auditors and senior stakeholders during review sessions.
• Engaged with Compliance, Legal, and Procurement to define and assess vendor criticality assessments (VRAs), reviewing contracts. SOC2 reports, and system specific architectural designs, for third-party vendors, including AI and Cloud service providers.
• Leveraged BIAs to define critical vendors handling sensitive data and proprietary information.

Additional responsibility: Information Security Manager (client engagement):

• Served as the security advisor for a 40-person team of developers and data analysts, embedding secure-by-design practices and reviewing PoC security prior to production release.

Served as a consultant assigned on-site at a global financial asset management company. Client engagement listed below:

Security Architect | Consultant

Nomura International | Feb 2024 - Nov 2024

• Defined Zero Trust (ZT) principles and created a strategic roadmap for a 6-year implementation plan.
• Designed high- and low-level security architectures (HLDs and LLDs) to facilitate enterprise transformation, utilising tools like Lucidchart, Microsoft Visio and draw.io.
• Developed attack trees aligned with MITRE framework to guide architectural decisions.
• Conducted STRIDE threat modelling for integrating a global transaction tool API, enhancing fraud detection and
  data security capabilities.
• Participated in PANDA meetings addressing New Technology Initiatives and Products (NTIs and NTPs).
• Identified data loss prevention control gaps and established enterprise-wide data protection strategy.
• Managed data storage practices to ensure compliance and security. utilising NCSC and NIST guidelines.
• Led the integration of authentication protocols like SAML, SSO, MFA and secure token lifecycle management, ensuring alignment with the company's IAM policy and security standards.

Security Analyst & Incident Responder | Consultant

Nomura International | May 2022 - Feb 2024

• Drove security automation by developing custom playbooks to enhance operational efficiency.
• Managed identity and access control requests, ensuring compliance with organisational policies.
• Identified and resolved process and control gaps in collaboration with senior management.
• Served as the primary advisory and approval authority for proxy-related operations.

• Led privacy and third-party risk assessments (PIAs and KYS reviews) or onboarding vendors.
• Developed and managed a security risk register for audit and remediation purposes.
• Defined pentesting scope and testing strategies, identifying weaknesses and inform risk treatment decisions.
• Performed automated testing with simulation tools.
• Utilised AD Manager for MFA detection and reporting.
• Investigated compromised accounts using techniques like IP tracing.
• Implemented risk-driven security controls, including the rollout of MFA for 200+ users, utilising Azure AD.

• Assisted Lecturers in university workshops for Computing Fundamentals module, mentoring students and guiding preparation for exams.