Maria Zaine

Full-time consultancy role with managerial responsibilities. Client engagements listed below:

Senior Security Architect | Consultant

Cyberfort Ltd | Jan 2026 - Present

• Performing ISO 27001 internal audits covering incident management, cloud service security, and data protection and privacy, identifying gaps and preparing for external audit compliance.

Senior Security Architect | Consultant

Quickline Communication | Nov 2025 - Jan 2026

• Conducted ISO 27001 and TSA gap analysis, providing remediation plans for client compliance.
• Facilitated stakeholder sessions to evaluate business context and existing security controls.
• Delivered detailed reports outlining security mechanisms tailored to client environments.

Senior Security Architect | Consultant

Which ltd | Dec 2024 - Oct 2025

• Authored comprehensive security policies by evaluating risks and ensuring compliance with PCI DSS, NIST 2, and ISO 27001.
• Defined security standards, functional requirements, and control specifications aligned with organisational policies.
• Developed an enterprise-wide Incident Management procedure to optimise response operations, incorporating RASCI, SLAs, BIAs and ensuring compliance with NIST 2.0 and ISO 27001.
• Served as a trusted security advisor during audits, managing scope (ToR), evidence collection, and engagement with auditors.
• Served as technical authority, explaining complex architectural designs to auditors and stakeholders.

Additional responsibility: Information Security Manager (client engagement):

• Served as the security advisor for a 40-person team of developers and data analysts, embedding secure-by-design practices and reviewing PoC security prior to production release.

Served as an on-site consultant. Client engagement responsibilities included:

Security Architect | Consultant

Nomura International | Feb 2024 - Nov 2024

• Defined Zero Trust (ZT) principles and IAM capabilities for a 6-year implementation plan.
• Designed HLDs and LLDs to facilitate enterprise transformation, utilising tools like Lucidchart and Microsoft Visio.
• Developed attack trees aligned with MITRE framework to guide architectural decisions.
• Conducted STRIDE threat modelling, supporting integration of a global transaction tool API.
• Managed data storage practices to ensure compliance and security. utilising NCSC and NIST guidelines.

Security Analyst & Incident Responder | Consultant

Nomura International | May 2022 - Jan 2024

• Drove security automation by developing custom playbooks to enhance operational efficiency.
• Managed identity and access control requests, ensuring compliance with organisational policies.
• Identified and resolved process and control gaps in collaboration with senior management.
• Served as the primary advisory and approval authority for proxy-related operations.

• Led privacy and third-party risk assessments (PIAs and KYS reviews) or onboarding vendors.
• Developed and managed a security risk register for audit and remediation purposes.
• Defined pentesting scope and testing strategies, identifying weaknesses and inform risk treatment decisions.

• Assisted in university workshops for computing fundamentals module, supporting student understanding of course material.
• Facilitated peer guidance through practical exercises and collaborative projects to enhance exam and assignment readiness.