Rumi khaira

• Responded to lender and third-party security due diligence questionnaires, providing tailored evidence on internal controls, policies, business continuity testing, audit outcomes, and security certifications.
• Translated complex technical documentation and security controls into clear, audit-ready responses aligned with customer expectations.
• Reviewed third-party due diligence submissions for vendors integrating with Twenty7Tec systems, assessing controls across governance, infrastructure, application security, and operational resilience. Informed go/no-go decisions based on risk exposure and control maturity.
• Supported supplier onboarding by conducting initial risk assessments and performing annual reviews for existing vendors.
• Helped design and implement a supplier assurance framework incorporating risk scoring based on supplier criticality and CIA (confidentiality, integrity, availability) impact, with annual reassessment for medium to high-risk suppliers.
• Maintained and updated the master supplier list to support vendor lifecycle governance and ensure visibility of third-party risk exposure.
• Delivered key tasks to support ISO/IEC 27001 audit readiness across the organisation.
• Developed and maintained ISMS documentation aligned to ISO/IEC 27001:2022, covering areas such as IT Operations, Secure Development Lifecycle (SDLC), Business Continuity, and Risk Governance.
• Supported company-wide security compliance activities, including managing the annual third-party penetration test and maintaining compliance with Cyber Essentials, Cyber Essentials Plus, and PCI DSS requirements.
• Chaired a monthly SecOps forum with senior stakeholders from security, engineering, and operations to manage technical vulnerabilities and review system audit actions.
• Supported the security incident management process and led the creation of root cause analysis (RCA) documentation for security-related incidents.
• Maintained up-to-date knowledge of emerging threats, attack vectors, and industry security trends to support proactive risk management.

Project based role delivering a government led IT Transformation Programme delivering the UK’s new Emergency Services Network (ESN) in a fast-paced agile delivery environment. As the sole Penetration Testing Project Manager, I oversaw all aspects of the security testing programme including scope definition, supplier engagement, planning, testing execution, reporting and remediation tracking. I worked closely with external suppliers and internal delivery teams to ensure the timely delivery of all security testing activities.

· Owning, managing and executing all penetration testing activities from initial scoping, creation of test plans, tendering to vendors, arranging technical test pre-requisites, test execution and tracking of security risks.

· Produced and maintained project plans detailing planned pentest activity across solution deliverables.

· Liaised with Security Architects, Product Leads and Core Business areas to define the security testing scope

· Assessed and scored test proposals from 3rdparty security testing suppliers. Engaged with chosen suppliers to plan and coordinate testing activities.

· Ensured the timely planning of all preparatory tasks and information gathering to support the delivery of tests.

· Managed the Change Control process by ensuring the submission and approval of change requests. Attended emergency change boards to obtain approval for quick turn-around tests.

· Conducted test pre-requisite meetings with internal technical teams, external vendors and business areas to run through test schedules, confirm completion of preparatory tasks and address any scope creeps or unforeseen blockers.

· Maintained a budget tracker detailing costs and expenses of project engagements. Proactively liaised with finance and legal teams to request further budget extensions as the project demand increased.

· Reviewed and communicated testing results and reports to Senior Management, internal business areas and technical support teams.

· Led a series of risk remediation meetings with project leads to ensure vulnerabilities were addressed and risk owners assigned. Tracked progress against risk remediation plans and maintained a master vulnerability tracker.

· Produced testing metrics and summaries for senior management detailing the status of key headline risks derived from the pentests.

· Developed an end to end pentest process guide encapsulating the processes and activities required throughout the pentest lifecycle.