I provide comprehensive, end-to-end security and compliance services — from initial gap assessment through certification, continuous monitoring, and ongoing advisory. Every engagement is structured around your regulatory landscape, risk appetite, and business context. Services are delivered individually or as a bundled vCISOaaS retainer through Cyberaon Technologies.
SVC-001 · CORE
● ACTIVE
🛡️
vCISOaaS
Fractional Chief Information Security Officer delivered as a service via Cyberaon Technologies. Ideal for SaaS, fintech, and health-tech startups that need senior security leadership without the full-time cost. I own your ISMS, security roadmap, and board reporting end-to-end.
Security strategy & annual roadmap
ISMS setup, ownership & maintenance
Board & executive security reporting
Incident response planning & tabletop
Security awareness programme design
vCISOISMSGovernanceCyberaon
SVC-002 · COMPLIANCE
● ACTIVE
📋
ISO Standards Suite
Full end-to-end compliance lifecycle for all major ISO standards — from scoping and gap assessment through implementation, internal audit, and certification support. I manage the entire journey so you can focus on building your product.
ISO 27001:2022 — Information Security ISMS
ISO/IEC 42001 — AI Management System (AIMS)
ISO 22301 — Business Continuity Management
ISO 27701 — Privacy Information Management
ISO 9001 — Quality Management System
ISO 27001ISO 42001ISO 22301ISO 27701
SVC-003 · COMPLIANCE
● ACTIVE
⚙️
SOC 2 Type 2
Complete SOC 2 Type 2 readiness and audit support covering all five Trust Service Criteria. From pre-audit gap analysis and evidence collection to audit management, remediation tracking, and post-report advisory.
TSC scoping: Security, Availability, Confidentiality, PI, Privacy
Control mapping, SoA & evidence library
Continuous control monitoring setup
Auditor liaison & inquiry management
Remediation roadmap & closure tracking
SOC 2 T2TSCEvidenceControls
SVC-004 · COMPLIANCE
● ACTIVE
💳
PCI DSS Compliance
End-to-end PCI DSS compliance programme for organisations processing, storing, or transmitting cardholder data. Covers scoping, gap analysis, SAQ preparation, QSA coordination, and all 12 requirements of PCI DSS v4.0.
CDE scoping & network segmentation review
SAQ / ROC preparation and QSA coordination
Firewall rules, encryption & key management review
Vulnerability scanning & penetration test coordination
Remediation tracking across all 12 requirements
PCI DSS v4SAQCDEQSA
SVC-005 · PRIVACY
● ACTIVE
🔏
GDPR & CCPA
Full privacy compliance programmes for organisations operating under GDPR (EU) and CCPA (California). Includes data mapping, lawful basis analysis, consent architecture, DSR workflows, and privacy-by-design integration into your SDLC.
Data flow mapping & RoPA (Records of Processing)
DPIA / Transfer Impact Assessments (TIA)
Consent management & opt-out mechanisms (CCPA)
Privacy notices, policies & DPA templates
Data subject request (DSR) process design
GDPRCCPADPIAPrivacy
SVC-006 · HEALTHCARE
● ACTIVE
🏥
HIPAA & ADHICS
Healthcare-specific compliance covering HIPAA (US) and ADHICS (Abu Dhabi Healthcare Information and Cyber Security standard). Designed for health-tech platforms, digital health startups, and healthcare providers operating across multiple jurisdictions.
HIPAA Security Rule gap assessment & risk analysis
PHI data flow mapping & access controls review
ADHICS framework mapping & implementation
BAA review, vendor assessment & TPRM
Breach notification policies & incident response
HIPAAADHICSPHIHealth-tech
SVC-007 · AUDIT
● ACTIVE
🔍
Internal & External Audits
Structured internal and external audit services across all major frameworks. I serve as both auditor and advisor — conducting audits on behalf of clients, preparing organisations for external certification audits, and acting as a liaison with accreditation bodies.
ISO 27001 internal audit programme management
Evidence collection, review & gap closure
Non-conformity tracking & CAR/PAR management
External audit readiness & pre-audit dry runs
Audit report authoring & certification liaison
Internal AuditExternal AuditNCRCertification
SVC-008 · RISK
● ACTIVE
🏢
Vendor TPRM Audits
Third-Party Risk Management (TPRM) audits conducted on behalf of clients — evaluating vendors, suppliers, and partners against security, privacy, and regulatory requirements. I manage the full vendor lifecycle from onboarding questionnaires through annual reassessment.
Vendor security questionnaire design & review
Risk-tiering framework and scoring model
On-site / remote vendor security assessments
Contractual control requirements & DPA review
Annual vendor reassessment programme management
TPRMVendor RiskSupply ChainDPA
SVC-009 · DUE DILIGENCE
● ACTIVE
📑
Onboarding & Due Diligence
Security due diligence audits for company onboarding, M&A, investor readiness, and partnership assessments. I evaluate target organisations' security posture, compliance status, and risk exposure — producing structured reports for decision-makers.
Security posture assessment & maturity scoring
Compliance status mapping across applicable frameworks
Data protection & privacy risk review
Identified gaps, risk rating & remediation timeline
Executive due diligence report for stakeholders
Due DiligenceM&ARisk ScoringInvestor
SVC-010 · CLOUD
● ACTIVE
☁️
AWS Cloud Security
Deep-dive AWS cloud security assessments using ScoutSuite, AWS Security Hub, and native tooling. Covers IAM privilege analysis, network exposure, encryption posture, logging & monitoring, and RBI SAR Data Localisation requirements.
ScoutSuite-based multi-account hardening assessment
IAM privilege analysis & least-privilege remediation
GuardDuty / Security Hub configuration review
CloudTrail forensics & logging completeness audit
RBI SAR data localisation & cross-border data flow review
AWSIAMScoutSuiteGuardDuty
SVC-011 · OFFENSIVE
● ACTIVE
🎯
VAPT & PenTesting
Vulnerability assessment and penetration testing across web, mobile, API, and cloud surfaces. I coordinate CERT-In empanelled vendors, manage the full engagement lifecycle, and deliver structured reports with risk-rated findings and remediation roadmaps.
Black-box, grey-box & white-box web application VAPT
Mobile security assessment (iOS & Android, MobSF)
API security testing & authentication review
Source code review & SCA (software composition analysis)
CERT-In empanelled vendor coordination & report review
VAPTPenTestCERT-InMobSF
SVC-012 · AI/ML
● ACTIVE
🤖
AI Governance (ISO 42001)
End-to-end AI Management System (AIMS) implementation aligned to ISO/IEC 42001. Covers AI risk assessment, model lifecycle governance, LLM security (OWASP Top 10 for LLMs), algorithmic impact analysis, and responsible AI policy design for AI-first companies.
ISO 42001 gap assessment & AIMS implementation
AI risk register & algorithmic impact assessment
LLM security testing (OWASP LLM Top 10 payload library)
AI policy suite: acceptable use, model governance, data quality
Responsible AI framework & ethics board advisory
ISO 42001LLM SecurityAIMSResponsible AI