Maria Zaine

Client engagements — Quickline Communications & Which?; additionally appointed as Information Security Manager.

• Conducted ISO27001 and TSA gap analysis, facilitating stakeholder sessions to identify control gaps and deliver remediation plans.
• Designed security policies, standards, and control specifications ensuring compliance with PCI DSS, NIST 2.0, Cyber Essentials, CIS 18, and ISO 27001/2.
• Developed enterprise-wide Incident Management procedure, incorporating RASCI, SLAs, BIAs, and DFIR.
• Acted as technical authority and trusted advisor during audits, managing scope, evidence collection, and communicating complex designs to stakeholders.
• Led security strategy as SME for a 40-person development and data team, embedding secure-by-design practices and overseeing PoC security reviews.

Client engagement — Nomura International | Progressed from Security Analyst & Incident Responder to Security Architect.

• Defined Zero (CISA ZTMM) Trust and IAM capabilities for a 6-year enterprise implementation roadmap, utilising TOGAF and SABSA.
• Designed HLDs and LLDs to guide engineering and development teams through enterprise transformation.
• Applied STRIDE threat modelling and MITRE ATT&CK-aligned attack trees to guide architectural decisions and support global API integration.
• Developed custom playbooks to automate security operations and resolve process and control gaps, improving overall efficiency.
• Managed identity and access control requests, leveraging CIS 18 controls where applicable to enforce organisational policy compliance.

• Led third-party risk assessments and privacy impact analyses (VRAs, KYS, PIAs) to support secure vendor onboarding.
• Developed and maintained a security risk register (risk assessment, risk matrices), supporting remediation plans in liaison with the GRC team.
• Defined pentesting scope and testing strategies, identifying vulnerabilities and informing risk treatment decisions.