Sanjeena Neerunjun

Cybersecurity Consultant - Assistant 1

Ernst & Young (EY)

01.2025 - 12.2025

Assessed progress of CISO-as-a-Service function appointed by the client to strengthen cybersecurity governance and risk management. Responsibilities included evaluating alignment of planned cybersecurity activities with the roadmap, verifying execution against milestones, and identifying gaps or delays.
Conducted a cybersecurity audit aligned with ISO/IEC 27001, evaluating the effectiveness of implemented controls across selected areas. The work involved on-site visits, interviews with personnel, reviewing documentary evidence such as policies, procedures, and system configurations, assessing key risk areas, and identifying control gaps.
Performed a detailed assessment of a client’s cloud computing services against FSC (Financial Services Commission) Mauritius Guidelines. The work included evaluating regulatory compliance, identifying gaps, and documenting recommendations to improve operational alignment with cloud-specific requirements.
Contributed to creating a foundational model documenting the client’s key applications and how they interact. This included identifying systems, mapping application-to-application connections, and analysing data exchange. This improved IT environment visibility, supported more effective risk management, and enabled future system integration enhancements.
Contributed to a cybersecurity risk assessment focusing on the digital custody platform. I identified gaps in access controls, role assignments, and session monitoring, especially in PAM and API key usage. I also mapped risks across banking, reconciliation, and third-party services.
Assisted in developing a client’s cybersecurity strategy and framework aligned with business and IT strategy, regulatory requirements, and leading standards such as NIST.
Involved in defining 15 cybersecurity service offerings grouped under five service packages:
Governance & Compliance, Cyber Risk Management, Data & Access Security, Incident Response & Recovery, and IT Operations & Management.
Developed a standardized six-phase Service Lifecycle Management to streamline ideation, development, launch, and monitoring of new cyber services. Contributions included defining core activities and objectives per lifecycle phase, establishing clear inputs and outputs, and identifying tools and technologies for effective execution.
Conducted market research and competitive benchmarking to support the client’s security strategy. I analysed cybersecurity demand across sectors such as OT security, PDPL compliance, and incident response. I also assessed the competitors’ service offerings, pricing models, and delivery strengths.
Developed comprehensive technical documentation and service proposals for multiple cybersecurity offerings, including Offensive Security Testing, Operational Technology (OT) Security, Governance Risk & Compliance (GRC), Cybersecurity Maturity & Strategy, Cybersecurity Awareness, and Incident Response & Preparedness. This involved structuring service scopes, defining methodologies, outlining deliverables, and aligning each offering with industry best practices and client expectations.
Worked closely with internal teams to ensure that applications meet required security standards prior to deployment.
Made recommendations to improve security procedures and systems.
Reviewed vendor contracts for compliance with applicable laws and regulations pertaining to data privacy and protection.
Created detailed reports outlining findings from security audits and presented them to management for review.
Completed day-to-day duties accurately and efficiently.
Collaborated closely with team members to achieve project objectives and meet deadlines.
Managed time effectively to ensure tasks were completed on schedule and deadlines were met.

Intern

Ernst & Young (EY)

10.2023 - 12.2023

Prepared reports summarizing project progress and results for management review.
Reviewing documentation related to security best practices and compliance regulations.
Providing documentation and support to audit teams to ensure compliance and identify gaps.
Reviewing documentation such as security policies, procedures, incident reports, and audit findings.
Assessing security controls such as firewalls, encryption, identity management systems, and incident response plans.

Developer Intern

ALTEK Business Solutions

03.2023 - 06.2023

Designed and developed a dynamic website using my skills.
Learned how to use GitHub.
Improved my programming skills, knowledge, and expertise by taking courses on Udemy.
Assessed code during testing stage to determine potential glitches and bugs.
Analyzed user needs and software requirements to determine design feasibility.
Reviewed project requirements to identify customer expectations and resources needed to meet goals.

Summary

Overview

Work history

Cybersecurity Consultant - Assistant 1

Intern

Developer Intern

Education

Bachelor of Science - Information Systems

Higher School Certificate -

School Certificate -

Skills

Languages

Certification

Timeline

Cybersecurity Consultant - Assistant 1

Intern

Developer Intern

Bachelor of Science - Information Systems

Higher School Certificate -

School Certificate -

Similar Profiles

Nina VannNina Vann

Joshua Eli Kwaku ZiorkluiJoshua Eli Kwaku Ziorklui

Barbara WolfeBarbara Wolfe

Akanksha JaikumarAkanksha Jaikumar

URVASHI CHINIAHURVASHI CHINIAH