Lichumon S

Security Analyst

TikDown • Fulltime

Aug 2022 - Aug 2024 • 2 yrs

Information Security Lead Analyst (GRC) | Tikaj Security • Led ISO 27001 compliance initiatives for client engagements, including documentation of ISMS policies, processes, and procedures, and tracked corrective actions to ensure audit readiness. • Managed the full vulnerability lifecycle using Qualys VMDR and Nessus; prioritized remediation based on CVSS scores, business impact, and exploitability, and maintained risk registers with mitigation tracking. • Conducted third-party vendor risk assessments and due diligence reviews, evaluating security controls, contract compliance, and ongoing performance monitoring for cloud and AI service providers. • Directed strategic incident analysis and root cause analysis (RCA) across a diverse client portfolio, documenting findings for compliance and legal teams and identifying systemic misconfigurations. • Spearheaded transition from manual to automated threat intelligence reporting using Python, delivering real-time ransomware and IOC insights to leadership, reducing reporting time by 60%. • Collaborated cross-functionally with Engineering and IT teams to refine tooling accuracy, streamline remediation workflows, and align technical output with GRC goals. • Delivered executive-level risk analytics reports summarizing vulnerability exploitation likelihood and recommended mitigation strategies to senior stakeholders.