Sunny Saju

I work in Information Security with a focus on GRC, risk management, incident response, and cloud security. Over the past 3+ years, I’ve worked on internal security audits, ISO 27001 programs, incident investigations, and building security awareness across organizations.

I believe good security should be practical, simple, and aligned with how businesses actually work — not just policies and checklists. My interests include Cloud IAM, security governance, risk management, and building mature security programs that scale.

• Lead internal technical security audits across infrastructure, cloud, applications, and corporate environments to ensure compliance with organizational and regulatory security standards.
• Manage security incident response lifecycle, including triage, investigation, containment, root cause analysis, and corrective action planning.
• Drive organizational risk management program, including risk identification, assessment, mitigation planning, and risk tracking.
• Actively contribute to IT Governance, Risk & Compliance (GRC) initiatives and continuous improvement of security controls.
• Implement and maintain ISO 27001-aligned security controls, policies, procedures, and risk treatment plans.
• Conduct security awareness and training sessions as an Information Security Instructor for employees and stakeholders.
• Review and strengthen cloud security posture, focusing on Cloud IAM, identity security, and cloud infrastructure security controls.
• Partner with IT, Engineering, and Leadership teams to embed security-by-design principles across systems and processes.
• Prepare security reports, risk dashboards, and management-level updates for leadership and audit stakeholders.

B Tech Computer Science & Engineering (Federal Institute of Science and Technology 2018-2022).

Education in Oman till 12 grade (Indian School Al Seeb 2005-2018 )