Shehan Rathnayake

Consultant - Cyber Security and Digital Trust

• Job Details:Conducted cybersecurity resilience reviews for a banking client based on ISO/IEC 27001, NIST CSF, NIST SP 800-53, and NIST SP 800-160 frameworks. Led teams in conducting regulatory and compliance reviews, supporting stakeholders with guidance to meet sector-specific cybersecurity and regulatory obligations. Led teams and participated in the implementation of ISO/IEC 27001:2022 within the banking sector, including control deployment, documentation, and stakeholder engagement. Led teams in ISO/IEC 27001:2022 internal audits and supported stakeholders in identifying root causes of nonconformities, and planning corrective actions to address them. Led teams and executed third-party security assessments for clients, identifying control weaknesses and providing actionable recommendations. Led teams in conducting information security risk assessments and supported clients with risk treatment planning. Led teams in conducting scenario-based incident response testing to assess organizational preparedness and enhance response capabilities. Led teams in developing information security policies and procedures aligned with international standards and tailored to client environments.

Associate Consultant - Cyber Security and Digital Trust

• Job Details:Led teams and conducted information security risk assessments, cybersecurity and information security reviews, and IT general controls reviews across government-critical infrastructure, public sector organizations, and private businesses. Experienced in ISO 27001:2022 implementation and transition engagements across banking, energy, and utilities sectors. Gained experience as an ISO 27001:2022 lead auditor, conducting audits for various sectors such as banking, information technology, and business process outsourcing. Led and conducted regulatory compliance reviews, providing recommendations to stakeholders on how to meet sector-specific cybersecurity and regulatory requirements. Conducted information security risk assessments and third-party security assessments, identifying potential risks and vulnerabilities while recommending strategies to mitigate them. Led and performed user access reviews of clients systems to ensure proper access controls and compliance with internal policies and external regulations. Developed, reviewed, and updated information security policies; delivered awareness training sessions to support client compliance and risk reduction. Conducted business continuity planning (BCP) and disaster recovery planning (DRP) reviews, identifying gaps and providing recommendations.

Trainee Analyst - Cyber Security

• Job Details:Experienced in ISO 27001 implementation and audits for various business sectors. Experienced in conducting SOC2 Type 2 attestation. Conducted IT general controls reviews for various sectors including financial, manufacturing, technology, retail, hospitality, construction, consulting, agriculture etc.