Maria Zaine

Full-time consultancy role with managerial responsibilities. Client engagements listed below:

Senior Security Architect | Consultant

Quickline Communication | Nov 2025 - Present

• Conducted ISO 27001 and TSA gap analysis, providing remediation plans for client compliance.
• Facilitated stakeholder sessions to evaluate business context and existing security controls.
• Delivered detailed reports outlining security mechanisms tailored to client environments.

Senior Security Architect | Consultant

Which ltd | Dec 2024 - Oct 2025

• Authored comprehensive security policies by evaluating risks and ensuring compliance with PCI DSS, NIST 2, and ISO 27001.
• Defined security standards, functional requirements, and control specifications aligned with organisational policies.
• Authored an enterprise-wide Incident Management procedure to streamline response operations, reduce response times, define clear roles and responsibilities (RASCI), define SLAs, and ensure the organisation can demonstrate compliance with NIST 2.0 and ISO 27001.
• Developed an enterprise-wide Incident Management procedure to optimise response operations, incorporating RASCI, SLAs, BIAs and ensuring compliance with NIST 2.0 and ISO 27001.
• Served as a trusted security advisor during audits, managing scope (ToR), evidence collection, and engagement with auditors.
• Served as technical authority, explaining complex architectural designs to auditors and stakeholders.

Additional responsibility: Information Security Manager (client engagement):

• Served as the security advisor for a 40-person team of developers and data analysts, embedding secure-by-design practices and reviewing PoC security prior to production release.

Served as an on-site consultant at a global financial asset management company. Client engagement responsibilities included:

Security Architect | Consultant

Nomura International | Feb 2024 - Nov 2024

• Defined Zero Trust (ZT) principles and IAM capabilities for a 6-year implementation plan.
• Designed high- and low-level security architectures (HLDs and LLDs) to facilitate enterprise transformation, utilising tools like Lucidchart, Microsoft Visio and draw.io.
• Developed attack trees aligned with MITRE framework to guide architectural decisions.
• Conducted STRIDE threat modelling for integrating a global transaction tool API, enhancing fraud detection and data security capabilities.
• Participated in PANDA meetings addressing New Technology Initiatives and Products (NTIs and NTPs).
• Managed data storage practices to ensure compliance and security. utilising NCSC and NIST guidelines.

Security Analyst & Incident Responder | Consultant

Nomura International | May 2022 - Jan 2024

• Drove security automation by developing custom playbooks to enhance operational efficiency.
• Managed identity and access control requests, ensuring compliance with organisational policies.
• Identified and resolved process and control gaps in collaboration with senior management.
• Served as the primary advisory and approval authority for proxy-related operations.

• Led privacy and third-party risk assessments (PIAs and KYS reviews) or onboarding vendors.
• Developed and managed a security risk register for audit and remediation purposes.
• Defined pentesting scope and testing strategies, identifying weaknesses and inform risk treatment decisions.
• Implemented risk-driven security controls, including the rollout of MFA for 200+ users, utilising Azure AD.