YASIN SHAIK SHAIK

Company Overview:
Pride Hub is a mid-sized IT services and consulting company, primarily serving clients in the Banking, Financial Services, and Insurance (BFSI) sector. The organization provides full-stack cybersecurity services, compliance consulting, and cloud migration support to U.S.-based enterprises.

Key Responsibilities & Achievements:

✅ Compliance Implementation & Audit Readiness

• Implemented and monitored controls aligned with PCI DSS v3.2.1, SOC 2 Type II, and NIST Cybersecurity Framework.
• Coordinated with internal and client-side stakeholders to collect and map evidence for 100+ compliance requirements.
• Created traceable mappings between security policies, control frameworks, and audit checklists.

✅ Risk & Control Management

• Conducted gap assessments for existing security controls; documented non-conformities and worked with engineering teams to implement remediations.
• Contributed to the development of a Risk Register specific to payment systems, internal tools, and third-party SaaS applications.
• Assisted in evaluating and mitigating risks related to third-party vendors handling customer data.

✅ Policy Governance

• Drafted and updated client-specific security policies in line with regulatory needs such as GLBA and CCPA (where applicable).
• Ensured policy rollout and employee acknowledgment via internal policy portals.

✅ Security Awareness & Training

• Delivered monthly security training sessions to internal teams on PCI DSS scope reduction techniques, phishing awareness, and data handling best practices.
• Created email simulation templates for periodic phishing campaigns and measured employee response rates.

✅ Incident Management & Threat Hunting

• Involved in incident response coordination, including detection, impact analysis, root cause identification, and post-incident reporting.
• Participated in weekly threat hunting exercises and reviewed endpoint alerts in collaboration with the SOC team.
• Supported SIEM log review processes for unusual activity and failed login attempts in AWS and O365 environments.

✅ Tool & Technology Stack

• Used Drata for continuous control monitoring and evidence collection.
• Maintained compliance dashboards and checklists in Excel and OneTrust.
• Performed log review with client-provided SIEM dashboards and coordinated with the MSP on data retention policies.

SBV Technologies is an ISO 27001-certified product-based technology firm specializing in enterprise application development. The company was actively preparing for SOC 2 Attestation and strengthening its privacy and risk posture through internal security process enhancements.

Key Responsibilities & Achievements:

✅ Governance & Security Policy Management

• Owned the full lifecycle of security policy development, including drafting, approval, dissemination, and annual review.
• Updated and enforced core security policies:
  Access Control Policy
  HR Security Policy
  Asset Management Policy
  Acceptable Use Policy

✅ ISO 27001 Surveillance & SOC 2 Readiness

• Maintained ISMS documentation, updated Statement of Applicability (SoA), and ensured control implementation aligned with ISO 27001:2013.
• Collaborated with Bureau Veritas auditors for the surveillance audit and collected compliance evidence.
• Mapped internal practices against SOC 2 Trust Principles, preparing the organization for attestation.

✅ Risk & Compliance (GRC)

• Led annual risk assessments across IT, HR, and project domains.
• Designed a centralized Risk Register and implemented risk scoring using qualitative methods.
• Performed monthly and quarterly reviews for:
  Access Controls
  Data Backups
  Business Continuity Plans (BCP)
  Induction Training Records
  Incident Logs

✅ Data Privacy & ITGC Compliance

• Contributed to Data Privacy initiatives, including identifying personal data types and implementing basic handling procedures.
• Supported Information Technology General Controls (ITGC) setup by documenting logical access, change management, and operations controls.

✅ Business Continuity Planning (BCP) & Disaster Recovery (DR)

• Reviewed and tested BCP/DR plans during Chennai flood scenarios.
• Helped create emergency call trees and validated recovery procedures.

✅ Security Tools & Manual Compliance Support

• Tools Used: Drata, OneTrust, Excel (Manual Registers)
• Tracked monthly activities and evidence for internal ISMS review meetings.
• Built compliance calendars and monitored SLA adherence for recurring activities.

SO 27001 Implementation & ISMS Operations

• Actively contributed to the initial implementation of ISO 27001:2013, including control identification, policy drafting, and gap assessments.
• Coordinated with process owners and department heads to gather documentation and evidence for the SoA and internal audits.
• Facilitated internal ISMS meetings and managed the audit response tracker.

✅ Policy & Governance Program Setup

• Drafted foundational security policies such as:
  Access Control
  HR Security
  Password Management
  Remote Work & BYOD
• Built a centralized document repository for all policies, ensuring version control and periodic reviews.

✅ Risk Management & Asset Tracking

• Conducted organization-wide annual risk assessments for IT infrastructure, HR processes, and project-level security.
• Maintained an Excel-based Risk Register, ensuring risk owner assignment, mitigation plans, and follow-ups.
• Implemented asset identification and classification procedures in collaboration with IT.

✅ Security Awareness & Training

• Initiated monthly induction training for new employees and annual refresher programs for staff.
• Designed and delivered custom training content focused on phishing, access security, and incident escalation.

✅ Operational Security Activities

• Monitored and maintained compliance for the following scheduled activities:
  Monthly: Backup Verification, Incident Log Reviews
  Quarterly: Access Control Reviews
  Yearly: BCP Testing, Policy Review
• Participated in incident triage and response involving malware alerts and access violations.

✅ Disaster Recovery & Flood Response

• Played a critical role in executing DR plans during the Chennai flood crisis.
• Supported the shift to remote operations, revalidating access and business continuity capabilities.

✅ Manual Compliance Tooling & Reporting

• Maintained manual GRC dashboards using Excel, including task calendars, audit logs, and evidence inventories.
• Supported audit preparedness by aligning internal practices with external auditor checklists from Bureau Veritas.