Summary
Overview
Work History
Education
Skills
Websites
Certification
Timeline
Generic

Sasmitha Banu (Available Immediately)

Dubai

Summary

Cybersecurity Expert with over 12 years of international experience, including strategic roles in Singapore, delivering security programs across finance, telecom, healthcare, and public sectors. Proven expertise in leading cross-functional teams, managing end-to-end IT/IS and ITGC audits, and executing advanced penetration testing and risk assessments. Strong background in building enterprise-wide security strategies, aligning cybersecurity with business objectives, and advising C-level leadership. Specialized in Cloud Security, Incident Response, and regulatory compliance (ISO 27001, NIST CSF, NIST 800-53, MAS TRM, PCI DSS, CIS Controls). Proficient in applying MITRE ATT&CK and risk frameworks to enhance threat detection, response, and overall security posture.

Overview

12
12
years of professional experience
1
1
Certification

Work History

Cybersecurity Manager

Protiviti
05.2022 - 02.2025
    • Led cybersecurity audits, penetration testing, and risk assessments across cloud and on-premises environments.
    • Directed a team of consultants to deliver strategic cybersecurity initiatives, achieving consistent compliance with ISO 27001, NIST CSF, and PCI DSS.
    • Advised executive leadership on threat mitigation strategies, aligning practices with MITRE ATT&CK.
    • Presented findings to board-level stakeholders, improving risk posture and audit readiness.
    • Led penetration testing and vulnerability assessments across cloud and on-premises infrastructures.
    • Spearheaded enterprise ISO 27001 audits for large financial institutions.
    • Reviewed network architecture and firewall configurations to identify and remediate security gaps.
    • Assessed incident response processes by analyzing log data to verify effective threat detection.
    • Identified and evaluated security risks, recommending mitigation strategies to reduce exposure.
    • Performed control gap analysis, maturity assessments, and incident response audits aligned with relevant standards.
    • Presented audit insights to Audit Risk Committees, influencing high-level security investments.
    • Successfully led ISO 27001 audits, significantly improving audit readiness for regulated institutions.
    • Recognized by clients for clear and effective communication of audit findings to board members, facilitating better risk management decisions.

Senior Security Consultant / Project Lead

Ensign Infosecurity
07.2017 - 11.2021
  • Experienced in conducting comprehensive vulnerability assessments, penetration testing (VAPT), phishing simulations, and mobile security evaluations.
  • Skilled in threat modeling aligned with OWASP Top 10 and SANS Top 25 frameworks.
  • Adept at managing compliance assessments across PCI DSS, GDPR, and MAS TRM, while leading teams and mentoring junior consultants.
  • Conducted full-cycle VAPT, phishing assessments, and mobile security testing.
  • Performed threat modeling based on OWASP Top 10 and SANS Top 25 standards.
  • Directed compliance assessments for PCI DSS and MAS TRM regulations.
  • Managed project delivery timelines and mentored junior cybersecurity consultants.
  • Recognized for significantly enhancing cybersecurity posture across fintech and e-government platforms.
  • Delivered successful VAPT projects for a major Singaporean university, effectively leading and mentoring a junior team.

Senior Network Specialist

Sysnet Systems and Solutions
04.2015 - 06.2017
    • Experienced in leading IT security audits, firewall reviews, and developing cybersecurity frameworks for banking and insurance sectors.
    • Skilled in policy design aligned with MAS TRM standards and supporting audit preparations and daily security operations to strengthen organizational security posture.
    • Led IT security audits and firewall configuration reviews for banking and insurance clients.
    • Designed and updated cybersecurity frameworks and policies to ensure compliance with TRM standards.
    • Supported ABS OSPAR audit preparations and contributed to daily security operations and monitoring.
    • Reduced security incidents by 30% through proactive log monitoring and threat mitigation strategies.
    • Implemented Data Loss Prevention (DLP) solutions and enhanced incident response capabilities for enterprise clients.

Security Analyst

Paladion Networks
11.2012 - 03.2015
  • Specialized in internal and external application testing, network penetration testing, and compliance audits for banking and healthcare clients.
  • Experienced in building custom threat models and creating reusable assessment templates to improve testing efficiency and coverage.
  • Delivered internal and external application penetration testing and network penetration testing engagements.
  • Conducted compliance audits and provided security support to clients in banking and healthcare sectors.
  • Developed custom threat models and created reusable templates to streamline client security assessments.
  • Awarded ‘Paladion STAR' recognition for exceptional delivery of a penetration test within the financial sector.
  • Identified and remediated critical vulnerabilities in high-risk environments, significantly reducing client risk exposure.
  • Reduced security risks by 60% through enhancing protocols and ensuring adherence to regulations.

Education

B.Tech - Information Technology

SNS College of Engineering
India
05.2012

Skills

  • Security Compliance & Audits (ISO 27001, PCI DSS, NIST, GDPR)
  • IT/IS Audits, ITGC & Infrastructure Hardening
  • Governance, Risk & Compliance (GRC)
  • Firewall Auditing & Vulnerability Assessment
  • AI Security & Governance
  • Penetration Testing (Web, Mobile, Network, Cloud)
  • Cloud Security (AWS, Azure, GCP)
  • Incident Response & Threat Intelligence
  • Identity & Access Management (IAM)
  • Phishing Simulations & Security Awareness
  • SIEM & Security Logging (Splunk, Log Analysis)
  • Stakeholder Engagement & Executive Reporting

Certification

  • Certified Ethical Hacker (CEH v8) – EC-Council
  • Certified Security Analyst (ECSA v10) – EC-Council
  • Certified Information Systems Auditor (CISA) – ISACA
  • AI Security & Governance – Securiti
  • Currently Pursuing: CISM

Timeline

Cybersecurity Manager

Protiviti
05.2022 - 02.2025

Senior Security Consultant / Project Lead

Ensign Infosecurity
07.2017 - 11.2021

Senior Network Specialist

Sysnet Systems and Solutions
04.2015 - 06.2017

Security Analyst

Paladion Networks
11.2012 - 03.2015

B.Tech - Information Technology

SNS College of Engineering

Similar Profiles

CREATE PROFILE
Sasmitha Banu (Available Immediately)