Certified Cybersecurity & GRC Specialist for IT & OT/ICS Environments
Building a company is hard enough โ security and compliance shouldnโt slow you down.
๐I help industrial operators, critical infrastructure providers, and high-growth technology companies secure their environments and meet regulatory requirements โ without slowing down operations or product delivery.
With a decade of experience spanning both IT and OT domains, including a background at Siemens and IEC 62443 Certified Expert credentials, I bring rare cross-domain depth: I understand SCADA, PLCs, and industrial protocols as well as I understand ISMS frameworks, cloud security, and compliance audits.
- Governance, Risk & Compliance
ISO 27001 ISMS design, implementation, and certification support
SOC 2, GDPR, NIS2, and HIPAA readiness
Risk assessments, gap analysis, and internal audits
Security policies and procedures built for operational reality, not shelfware
Security questionnaire and vendor assessment management (RFPs, enterprise due diligence)
- OT / ICS / SCADA Security
IEC 62443-aligned security programs for industrial control environments
Purdue Model network architecture review and segmentation design
OT asset inventory, network traffic analysis, and vulnerability assessment
SCADA/HMI access control and configuration review
OT/IT convergence risk assessments and gap analysis
Vendor and protocol-specific security reviews (DNP3, Modbus, SNMP, and others)
Security roadmaps tailored to plant, utility, and energy environments
Cloud & Application Security
AWS, Azure, and GCP security configuration and hardening
Vulnerability Assessments and Penetration Testing (VAPT)
Practical remediation planning that prioritizes business-critical risk
Why Work With Me
Most consultants specialize in IT compliance or OT security โ rarely both. I bridge that gap, which matters increasingly as industrial environments converge with cloud and enterprise IT. Clients get a single point of accountability across their full risk surface, from the plant floor to the cloud.๐
What I Do for You
โ๏ธImplement ISO 27001-compliant Information Security Management Systems (ISMS)
โ๏ธPrepare you for SOC 2, ISO 27001, GDPR, HIPAA, and other regulatory requirements
โ๏ธConduct risk assessments, gap analysis, and internal audits
โ๏ธDevelop practical, startup-friendly security policies and procedures
โ๏ธHandle security questionnaires (RFPs, enterprise clients, vendor assessments)
โ๏ธSecure cloud environments (AWS, Azure, GCP)
โ๏ธPerform Vulnerability Assessments and Penetration Testing (VAPT)
โ๏ธIdentify, prioritize, and fix security gaps without slowing your team
โ๏ธDesigned for High-Growth Companies
๐จโ๐ผI understand the challenges of scaling businesses:
- Limited time and resources
- Pressure to close enterprise deals
- Increasing compliance demands
- Need for fast, practical security solutions
๐ Thatโs why I focus on lightweight, scalable, and business-aligned security programs โ not unnecessary complexity.
๐ TECH STACK
Governance: Vanta, Drata, Sprinto, Secureframe.
Cloud: AWS, Azure, Google Cloud (GCP).
๐ SECURITY AND COMPLIANCE FRAMWORKS
SOC 2 | ISO 27001 | ISO 27017 | ISO 27018 | ISO 42001 | NIST 800-53 | NIST 800-171 | NIST CSF | NIST AI RMF | FedRAMP | CMMC | CMMI | PCI-DSS | HIPAA | HITRUST CSF | GDPR | TISAX | NERC | FFIEC | C5 | ENISA | CIS CSAT | IRAP | PIPEDA | TX-RAMP | StateRAMP | AZ-RAMP | NY DFS 23 NYCRR Part 500 | EU AI Act
HOW I WORK
Think of me as your outsourced security partner.
You build, sell, and grow your business โ I handle your security, compliance, and risk management end-to-end.
No jargon. No over-engineering. Just practical security that helps you move faster and win trust.
๐๐ณ ๐๐ฒ๐ฐ๐๐ฟ๐ถ๐๐ ๐ถ๐ ๐ฏ๐น๐ผ๐ฐ๐ธ๐ถ๐ป๐ด ๐ด๐ฟ๐ผ๐๐๐ต, ๐บ๐ฒ๐๐๐ฎ๐ด๐ฒ ๐บ๐ฒ. ๐'๐น๐น ๐๐ฎ๐ธ๐ฒ ๐ถ๐ ๐ณ๐ฟ๐ผ๐บ ๐ต๐ฒ๐ฟ๐ฒ.
๐๐ผ๐ผ๐ธ ๐ฎ ๐ณ๐ฟ๐ฒ๐ฒ ๐ฒ๐ฌ-๐บ๐ถ๐ป๐๐๐ฒ ๐ฎ๐ฑ๐๐ถ๐๐ผ๐ฟ๐ ๐ฐ๐ฎ๐น๐น. ๐'๐น๐น ๐บ๐ฎ๐ฝ ๐๐ต๐ฒ ๐ณ๐ฎ๐๐๐ฒ๐๐ ๐ฝ๐ฎ๐๐ต ๐ณ๐ผ๐ฟ๐๐ฎ๐ฟ๐ฑ.
ISO 27001
Information Security Consultation
Security Policies & Procedures Documentation
Security Assessment & Testing
Incident Response Plan
Security Testing
Information Security
Risk Assessment
Network Penetration Testing
Technical Writing
IT Compliance Audit
Web App Penetration Testing
NIST SP 800-53
Ethical Hacking
GDPR
Heena S.
Chamba, India
$35/hr
4.9
170 jobs
Stop letting compliance block your enterprise sales deals.
You have built a great product, but your biggest prospects enterprises, healthcare providers, and banks won't sign the contract until they see your ISO 27001 certificate or SOC 2 Type II report.
You don't need a checklist or a template library. You need a strategic partner who can fast-track your audit readiness so you can focus on closing deals.
I am a Fractional CISO and Lead Auditor specializing in turning compliance into a competitive advantage for high-growth startups and established enterprises. I don't just "write policies"; I architect the security infrastructure that builds trust with your customers.
๐ THE "AUDIT-READY" BLUEPRINT I integrate seamlessly with your team (Slack/Teams) to deliver:
SOC 2 & ISO 27001 Readiness: From Gap Analysis to Final Audit in 12-16 weeks.
Automated Compliance (Vanta/Drata): I configure your Vanta, Drata, or Secureframe instance to automate 80% of evidence collection, saving your engineers hundreds of hours.
AI Governance (ISO 42001): Future-proof your AI products against the EU AI Act and NIST AI RMF.
Vendor Risk Management: I handle those 100-question security questionnaires from your clients so you don't have to.
๐ WHY CLIENTS HIRE ME
100% Audit Pass Rate: I have guided 50+ companies through successful external audits.
Commercial Focus: I prioritize controls that unblock revenue without slowing down your dev team.
Certified Expert: Lead Auditor for ISO 9001, 27001, 14001, 45001.
๐ TECH STACK
Governance: Vanta, Drata, Sprinto, Secureframe.
Cloud: AWS, Azure, Google Cloud (GCP).
Frameworks: ISO 27001:2022, SOC 2 Type I & II, HIPAA, GDPR, ISO 42001 (AI).
๐ฃ WHAT CLIENTS SAY "Heena didn't just get us certified; she helped us close a $2M deal with a Fortune 500 bank by handling the security diligence personally." โ CEO, FinTech Series B
Next Step: If you have an audit deadline approaching or a sales deal stuck in security review, click the "Invite" button. Let's get you audit-ready.
ISO 27001
SOC 2
ISO 14001
ISO 27018
ISO 27017
ISO/IEC 20000
Six Sigma
SOC 1
CMMC
ISO 9001
ISO 9000
SOC 2 Report
GDPR
SOC 3
HIPAA
Jason H.
Edgemoor, South Carolina
$150/hr
5.0
2 jobs
Iโm a Fractional CIO/CISO with over 20 years of progressive IT leadership experience. My career began with deep technical roots in IT infrastructure and networking, evolving over the last 7+ years into full executive responsibility leading technology strategy, cybersecurity, and digital transformation for FDA-regulated biopharmaceutical organizations.
I specialize in helping companies bridge technical execution with business outcomes by building secure, scalable IT foundations while maintaining strict regulatory compliance.
Key areas where I help clients:
- Fractional CIO/CISO support
- IT strategy and digital transformation roadmaps
- Cybersecurity program development and ransomware resilience
- Regulatory compliance (FDA, HIPAA, NIST, GxP)
- IT governance, risk management, and data protection
- Greenfield infrastructure architecture and secure platform buildouts
- SaaS evaluation and technology vendor optimization
Recent highlights:
- Built the complete technology ecosystem and NIST-based security architecture for a PE-backed biopharmaceutical startup preparing for national market launch
- As Division CIO at a global $3b+ organization, scaled IT operations across 180+ sites while managing a $35M P&L and leading a 45-person team
- Engineered ransomware recovery for 150+ locations with zero data loss in 7 days
I bring a unique combination of hands-on technical expertise, strategic vision, and operational discipline developed through military service (USMC) and leading technology in highly regulated environments. Whether you need a targeted security/compliance assessment, IT strategy support, or ongoing fractional leadership, I deliver practical solutions focused on real business results.
Letโs schedule a consultation to discuss your specific challenges.
Compliance
Information Security
System Administration
Network Engineering
Government Reporting Compliance
NIST Cybersecurity Framework
Regulatory Compliance
Data Privacy
Information Security Governance
IT Asset Management
IT Capacity Planning
IT Infrastructure
Information Security Awareness
Digital Transformation
Governance, Risk & Compliance Software
Ali H.
Manama, Bahrain
$20/hr
4.9
177 jobs
Trusted Advisor ๐ฅ
๐ Get Audit-Ready in 6 Weeks โ Guaranteed.
Confused by compliance? I translate complex regulations into simple, actionable steps. Whether you need to win enterprise trust with ISO 27001 or unblock sales with a SOC 2 report, I provide the fastest, most cost-effective path to certification.
Why hire a consultant when you can hire a Strategic Partner?
As the Founder of Axipro, Iโve led over 100 successful certifications in the last year alone. We don't just "give advice"โwe handle the heavy lifting.
๐ THE GRC TOOL EXPERT
Are you struggling with your automated GRC platform? I am an official partner and power user of:
โ Drata (Gold Partner)
โ Vanta (Expert Implementation)
โ Secureframe, Thoropass, Sprinto, Scrut, & more.
I can help you get your progress running in record time and even provide discounted subscription rates through our MSSP partnership.
๐ก ONE-STOP COMPLIANCE SHOP
- Policies & Procedures: Custom-tailored, audit-ready documentation.
- Risk Management: Deep-dive assessments that protect your business.
- Security Questionnaires: Get them off your desk and submitted in hours, not weeks.
- Vulnerability Assessment and Penetration Testings: Remediation recommendations and detailed reports to improve security posture
- CPA Attestation: We have in-house CPAs to sign off on your SOC 2 Type 1 & 2 reports.
๐ GLOBAL STANDARDS COVERED
ISO 27001, 9001, 14001, 45001, 27701, 27017, 27018, 42001 (AI) | SOC 2 Type 1 & 2 | HIPAA | PCI DSS | GDPR | FedRAMP | NIST CSF | CMMC | TISAX | HITRUST | SAMA NCA
โญ WHAT CLIENTS ARE SAYING
"Ali is a lifesaver. He got us SOC 2 certified through Vanta and saved us months of work." โ Founder, Druxia (USA)
"Knowledgeable, professional, and incredibly responsive. Ali got us across the line with Drata for ISO 27001." โ Founder, Tilt Legal (AUS)
๐ THE AXIPRO ADVANTAGE
10+ Years Experience: Lead Engineer & Auditor minds
Penetration Testing
ISO 27001
SOC 2
IT Compliance Audit
HIPAA
SOC 2 Report
PCI DSS
AI Compliance
Data Privacy
GDPR
Governance, Risk Management & Compliance
Information Security Consultation
AI Governance
AI Security
CMMC
ISO 14001
Sonam B.
New Delhi, India
$15/hr
5.0
9 jobs
I am an accomplished risk management professional with extensive experience managing Third Party risk management (TPRM) from onboarding to offboarding of all vendors, Vendor risk management covering Cyber Security, Data Privacy and Information security, Risk management, Risk assessment, Designing TPRM framework, Third Party, Risk Assurance, Contract Review/Due Diligence, Procurement Governance/Assurance Review, Project Management, Stakeholder management,
My expertise spans across designing and implementing comprehensive TPRM frameworks, overseeing risk assessments, and managing vendor-related activities.
Core Competencies:
a) Third-Party Risk Management (TPRM): I lead and oversee the entire risk assessment and due diligence process for third-party vendors. This includes managing the onboarding processes and checklists to ensure thorough risk evaluations. I design and implement detailed TPRM project plans, outlining tasks, timelines, and milestones to ensure effective risk management.
b) Vendor and Contract Management: My role involves handling contract management processes for hardware and software, including new contracts, amendments, and renewals. I coordinate with external vendors, internal stakeholders, and legal teams to ensure timely contract execution and issue resolution.
c) Stakeholder Engagement: I engage with key stakeholders from various departments and external vendors to ensure smooth communication and collaboration throughout the risk management process. I manage expectations and provide direction on risk assessments and non-compliance issues.
d) Risk Assessment and Audits: I conduct comprehensive risk assessments and audits focusing on people, processes, and technology. My work includes identifying gaps, risks, and opportunities for improvement, and providing recommendations for enhancing policies and standards.
e) Reporting and Process Improvement: I create regular reports on the status of third-party assessments, highlighting roadblocks and key issues to management and stakeholders. I have successfully implemented process improvements, such as transitioning quarterly scorecard activities from manual processes to Google Forms to minimize errors and enhance efficiency.
f) Team Leadership and Development: I lead and develop teams of TPRM specialists and consultants, providing knowledge sharing, training, and motivation. I manage projects, stakeholder presentations, and client relationships to drive successful outcomes.
ISO 27001
Compliance
Information Security
Contract Management
Vendor Management
Risk Assessment
Governance, Risk & Compliance Software
IT Compliance Audit
GDPR Compliance Review
Cybersecurity Management
Cybersecurity Monitoring
Network Security
Risk Management
Enterprise Risk Management
Information Security Consultation
Nandy B.
Lehigh County, Pennsylvania
$85/hr
5.0
280 jobs
๐ฝ U.S. and ๐ Canada -only clients โ๏ธ Upwork Expert-Vetted ๐ | 100% Job Success โ | 10,000+ hours ๐ป on 200+ projects
Hi there! ๐ Iโm an Upwork veteran with over 10,000 hours delivered, 200+ successful projects, and $1M+ earned helping U.S. companies secure and scale their cloud and hybrid environments.
โ๏ธ I specialize in Azure, Microsoft 365, and security-focused systems โ delivering:
โข Secure infrastructure using Zero Trust, IaC (Terraform/Bicep), and DevSecOps pipelines
โข Incident response, forensics, and breach containment across regulated industries
โข Compliance-ready solutions aligned to SOC 2, HIPAA, ISO 27001, and NIST 800-53
As a certified consultant, I work directly with technical teams to deliver secure cloud transformation, implement controls, and respond to threats โ fast. I also collaborate with Microsoftโs internal dev teams, giving me early-access insights and practical fixes 3โ4 release cycles ahead of public rollout.
Why Choose Me?
โ $1M+ in security projects delivered across healthcare, fintech, crypto, and gov sectors
๐ Architected Azure landing zones, GitOps pipelines, and zero trust cloud environments
๐จ Led incident response and forensic investigations for Fortune 500 and defense clients
๐ Built compliance workflows and policy-as-code enforcement for audit success
๐ช Secured crypto CI/CD pipelines and smart contract environments with GitHub, Checkov, GHAS
๐ง Career Highlights:
โช Delivered security modernization and audit readiness for global government contractors and Fortune 500 companies
โช Led compliance remediation and data protection initiatives across healthcare, fintech, and public sector clients
โช Migrated global users to Microsoft 365 with security-first design โ Exchange, Purview, Intune, Defender
โช Built hybrid identity strategies (Entra ID, ADFS, GoDaddy 365, Azure AD B2C, custom policy support)
โช Managed VMware-to-Azure hardening with conditional access, audit enforcement, and security baselines
๐ง Solutions I Deliver:
โข Azure Infra Security: Terraform, Bicep, Azure Policy, RBAC, Defender for Cloud
โข DevSecOps: GitHub Actions, tfsec, Checkov, Trivy, GHAS, pipeline reviews
โข Microsoft 365 Hardening: Defender, Purview, Compliance Center, Intune, Exchange
โข Compliance & Audits: SOC 2, ISO 27001, HIPAA, GDPR, NIST, CIS Benchmarks
โข Incident Response & Forensics: Malware analysis, reverse engineering, breach recovery
โข Crypto Security: CI/CD for smart contracts, wallet infra hardening, Web3 audits
โข Reverse-engineered malware to identify attack vectors and harden systems post-breach
โข Hardened Microsoft Exchange Online and Defender for Email in phishing-prone orgs
โข Integrated Azure Sentinel analytics with dashboards for cross-cloud visibility
๐ค Retainer & Advisory Support:
โข Ongoing guidance for CISOs, security architects, and compliance teams
โข Monthly retainers for SOC 2 evidence collection, security tool reviews, and policy automation
โข Rapid-response engagements for forensics, malware recovery, and breach root cause analysis
๐งฐ Platforms & Tools:
โข Azure, Microsoft 365, Azure Sentinel, Microsoft Defender (all modules), Intune
โข Terraform, Bicep, GitHub, Azure DevOps, GitOps, GHAS
โข Splunk, FTK, EnCase, Wireshark, Autopsy, Cisco ASA/Firepower
โข Checkov, Trivy, Aqua Security, smart contract security tooling
โข Compliance: SOC 2, HIPAA, ISO 27001, CIS, NIST, GDPR
๐ Letโs set up a free 30-minute consultation to explore how I can help you with security transformation, compliance readiness, or urgent recovery โ no fluff, just fast, proven results.
I bring the calm in chaos โ whether you're planning secure growth or cleaning up after a breach, Iโll steady the course and deliver results.
๐ Helped a fintech client pass SOC 2 in under 60 days
๐ Responded to ransomware, restored 95% of systems in 48 hours
๐ Hardened crypto wallet infra securing $100M+ in assets
Thanks again for stopping by. You can invite me to your job post or simply send a message to arrange a quick discovery call โ I respond fast, and weโll keep everything inside Upwork.
โ Nandy Bo
๐ฃ๏ธโ ๐๐ฉ ๐๐๐จ ๐๐๐๐ฃ ๐ ๐ฅ๐ก๐๐๐จ๐ช๐ง๐ ๐ฉ๐ค ๐ฌ๐ค๐ง๐ ๐ฌ๐๐ฉ๐ ๐๐๐ฃ๐๐ฎ ๐๐ช๐ง๐๐ฃ๐ ๐ฉ๐๐ ๐ฉ๐ง๐๐ฃ๐จ๐๐ฉ๐๐ค๐ฃ ๐ค๐ ๐พ๐๐ก๐ก๐๐ค๐ข. ๐๐๐ฃ๐๐ฎ ๐๐จ ๐ซ๐๐ง๐ฎ ๐๐๐ฃ๐ช๐๐ฃ๐, ๐๐ค๐ฃ๐๐จ๐ฉ ๐๐ฃ๐ ๐๐๐ก๐ฅ๐๐ช๐ก ๐๐ฃ ๐ฃ๐๐ฉ๐ช๐ง๐. ๐๐ ๐๐ก๐จ๐ค ๐๐๐จ ๐ ๐ซ๐๐ง๐ฎ ๐๐ฃ-๐๐๐ฅ๐ฉ๐ ๐ ๐ฃ๐ค๐ฌ๐ก๐๐๐๐ ๐ค๐ ๐๐ ๐ฌ๐๐๐ก๐ ๐ข๐๐๐ฃ๐ฉ๐๐๐ฃ๐๐ฃ๐ ๐ ๐ซ๐๐ง๐ฎ ๐๐ง๐ค๐๐ ๐ฅ๐ง๐ค๐๐ก๐๐ข-๐จ๐ค๐ก๐ซ๐๐ฃ๐ ๐ค๐ช๐ฉ๐ก๐ค๐ค๐ . ๐๐๐๐จ๐ ๐๐๐๐ฉ๐ช๐ง๐๐จ ๐ข๐๐ ๐ ๐๐๐ข ๐ฃ๐ค๐ฉ ๐ค๐ฃ๐ก๐ฎ ๐ ๐ฅ๐ก๐๐๐จ๐ช๐ง๐ ๐ฉ๐ค ๐ฌ๐ค๐ง๐ ๐ฌ๐๐ฉ๐ ๐๐ช๐ฉ ๐๐ก๐จ๐ค ๐ซ๐๐ง๐ฎ ๐๐ฃ๐จ๐ฅ๐๐ง๐๐ฉ๐๐ค๐ฃ๐๐ก. โ
โ ๐ ๐ค๐ง๐๐ค๐ฃ ๐ฝ๐๐ก๐ก - ๐๐๐ฃ๐๐๐๐ฃ๐ ๐ฟ๐๐ง๐๐๐ฉ๐ค๐ง - ๐พ๐๐ก๐ก๐๐ค๐ข ๐๐ฃ๐ฉ๐๐ง๐ฃ๐๐ฉ๐๐ค๐ฃ๐๐ก
Solution Architecture Consultation
Cloud Implementation
Information Security
Cloud Security
Microsoft Endpoint Manager
Risk Assessment
Cloud Engineering Consultation
Microsoft Azure
Office 365
Email Security
Microsoft Exchange Online
Digital Forensics
Incident Response Readiness Assessment
Information Security Audit
How it works
Post a job for freePost a job
Tell us what you need. Create your own job post or generate one with AI then filter talent matches.
Hire top talent fast
Consult, interview, and hire quickly, so you can meet the freelancers you're excited about.
Collaborate easily
Use Upwork to chat or video call, share files, and track project progress right from the app.
Payment simplified
Manage payments in one place with flexible billing options. Only pay for approved work, hourly or by milestone.
Don't just take our word for it
โUpwork provides an umbrella-level of security. I can see a talentโs work history and ratings. I can hold payments in escrow. I can communicate through Upwork Messages instead of working through my email address.โ
KD
Kim Darling
Emerald Tiger
โUpwork is the best platform to hire skilled professionals when we're not looking for a full-time employee. All the companies in our portfolio use Upwork to find talent across a wide range of fields.โ
DM
David Merry
Kinetic Investments
โOur very specific requirements can be a challengeโWith Upwork, weโre able to access a bigger community to ensure the success of our projects.โ
KK
Katja Krohn
Summa Linguae
How do I hire a Cyber Risk Consultant on Upwork?
You can hire a Cyber Risk Consultant on Upwork in four simple steps:
Create a job post tailored to your Cyber Risk Consultant project scope. Weโll walk you through the process step by step.
Browse top Cyber Risk Consultant talent on Upwork and invite them to your project.
Once the proposals start flowing in, create a shortlist of top Cyber Risk Consultant profiles and interview.
Hire the right Cyber Risk Consultant for your project from Upwork, the worldโs largest work marketplace.
At Upwork, we believe talent staffing should be easy.
How much does it cost to hire a Cyber Risk Consultant?
Rates charged by Cyber Risk Consultants on Upwork can vary with a number of factors including experience, location, and market conditions. See hourly rates for in-demand skills on Upwork.
Why hire a Cyber Risk Consultant on Upwork?
As the worldโs work marketplace, we connect highly-skilled freelance Cyber Risk Consultants and businesses and help them build trusted, long-term relationships so they can achieve more together. Let us help you build the dream Cyber Risk Consultant team you need to succeed.
Can I hire a Cyber Risk Consultant within 24 hours on Upwork?
Depending on availability and the quality of your job post, itโs entirely possible to sign up for Upwork and receive Cyber Risk Consultant proposals within 24 hours of posting a job description.