Geya Modem

Roles & Responsibilities:

• Led and supported the execution of OT audits and risk assessments across multiple industries (Rail, water, Energy), ensuring compliance with ISO/IEC 27001, NIST CSF, AESCSF, ISO/IEC 62443, NIST 800-53, and Essential 8 security frameworks.
• Thorough cybersecurity risk assessments and vulnerability analyses for critical infrastructure environments, focusing on areas such as rail and water, identifying risks, and providing strategic remediation plans.
• Developed comprehensive cybersecurity policy frameworks for ICT and OT environments, contributing to improvements in NIST Cybersecurity Framework (CSF) maturity levels.
• Implemented security measures aligned with ISO/IEC 62443, Essential 8, and NIST standards, enhancing cybersecurity governance and compliance for various client projects.
• Created and delivered customized cybersecurity training programs for clients, including educational institutions and energy companies, to reinforce policy adherence and cybersecurity best practices.
• Managed program assurance activities, ensuring security controls and practices met project requirements. Developed detailed reports on cybersecurity maturity, risk metrics, and project outcomes.
• Utilized AESCSF to document and evaluate client security profiles, focusing on Security Profile 1 (SP-1) and providing recommendations to improve maturity levels across MIL-1, MIL-2, and MIL-3.
• Assisted in developing and implementing cybersecurity governance frameworks, ensuring alignment with industry standards and regulatory compliance.
• Supported junior project management tasks, including identifying, assessing, and delivering cybersecurity governance projects, ensuring risk management strategies were effectively implemented across client engagements.
• Conducted detailed vendor assessments and security control tests to ensure compliance with project security requirements. Evaluated rail security technologies to identify security gaps and recommended solutions.
• Delivered in-depth evaluations of cybersecurity controls and their effectiveness within the AESCSF framework, offering actionable insights to clients for enhancing their security posture.
• Worked with multidisciplinary teams to integrate cybersecurity measures into existing IT and OT infrastructure without disrupting operations, ensuring security enhancements across various sectors.
• Fostered strong client relationships by delivering high-quality engagements and aligning project outcomes with client expectations and business objectives. Provided consistent client reporting and updates.
• Ensured up-to-date knowledge and application of cybersecurity legislation, frameworks, and standards, including Privacy Law, NIST CSF/800-53/RMF, ISO 27001, 31000, ISO/IEC 62443, AESCSF, COBIT, and the SOCI Act.
• Provided guidance on maintaining compliance with evolving regulatory standards, helping clients manage digital risks in line with legal obligations.
• Delivered clear and concise technical documentation, reports, and workshop materials, ensuring effective communication of cybersecurity concepts to both technical and non-technical stakeholders.
• Actively contributed to workshops, assisting in discussions around cybersecurity strategies, framework implementations, and risk mitigation approaches.

Achievements:

• Developed and implemented cyber security policy frameworks that significantly improved NIST CSF maturity levels for key clients.
• Successfully led IT audits and risk assessments for critical infrastructure clients, resulting in measurable improvements in security posture and risk mitigation.
• Delivered over 15 cybersecurity audits and risk assessments that enhanced IT governance and compliance with international standards for clients across multiple industries.
• Managed end-to-end cybersecurity projects, including vendor risk assessments, security control testing, and vulnerability management for rail, energy, and water infrastructure.

Roles & Responsibilities:

• Spearheaded cybersecurity initiatives at Commonwealth Bank, implementing robust monitoring and incident response programs.
• Conducted regular security assessments and vulnerability scans, ensuring compliance with industry standards and regulations.
• Led incident response activities, investigating and resolving security incidents promptly, with detailed reporting to senior management.
• Implemented and maintained security controls, including firewalls and intrusion detection systems, to safeguard information assets.
• Collaborated with cross-functional teams to develop and enforce cybersecurity policies, fostering a culture of security awareness.
• Engaged in continuous learning, staying updated on cybersecurity threats and technologies.

Achievements:

• Spearheaded the implementation of robust monitoring and incident response programs at Commonwealth Bank, significantly reducing response times and improving the resolution of security incidents. This initiative led to a stronger security posture, with detailed reporting provided to senior management for informed decision-making.
• Conducted regular security assessments and vulnerability scans, ensuring compliance with industry standards and regulations. Collaborated with cross-functional teams to develop and enforce cybersecurity policies, fostering a culture of security awareness across the organization, thereby safeguarding critical information assets.