Security Analyst with 10+ Years in Cyber & Risk Management

Location:

Calgary, AB, Canada

Posted:

February 01, 2026

Contact this candidate

Resume:

CURRICULUM VITAE: Sherry Cruzat

Name: Sherry Cruzat (A.K.A Maria Sherielyn Cruzat)

Email: **********@*****.***

Mobile number: +778-*******

Driving License: Valid Canadian Driving License – Willing to travel & relocated Canadian Status: Open Work Permit

QUALIFICATIONS & Professional Training

Master of Science in Information Technology Security, University of Westminster, U.K.

Bachelor of Science Honours Computer Science, University of Bedfordshire (Formerly University of Luton), U.K.

Member of International Council of Electronic Commerce Consultants (EC-Council) in UK and USA

Microsoft 365 Security Administrator

Crowdstrike Endpoint Solution Administrator

Python Programming

PROFESSIONAL EDUCATION

Certified Ethical Hacker (CEH)

EC-Council Certified Security Analyst (ECSA)

ITIL Foundation Service Management (v3)

ISO27001 (Information Security Management Systems) Lead Auditor (KPMG)

ISO27002 Foundation (Information Security Management Systems)

Working towards EC-Council Incident Handler Certification (ECIH) CAREER SUMMARY

I'm a senior information security analyst with over 10 years’ experience in information security, compliance, security audit assessment, risk management, patch management, vulnerability management and cyber security.

I regularly monitor IT security related controls, ensuring threats to business information are identified, logged, and escalated in a timely manner. Perform internal risk assessments including 3rd party vendor security assessment, agree risk remediation action plans and track to completion. Help in assisting with information security risk assessment delivery and control audits towards internal / external compliance and regulation

(e.g., ISO27001, Cyber Security Certificate, PCI DSS, SOC 2 and NIST). Also, I conduct a regular security review on identity and access management, user data permissions and an annual IT security control policy. Also conduct corporate risk assessment including 3rd party vendor security assessment. I’m responsible for ensuring that data and information processing systems are protected in-line with the information & cyber security programme.

Furthermore, I have more than 8 years of experience in performing penetration testing engagements

(infrastructure and applications) and security reviews/assessment of web application, web server, database, CURRICULUM VITAE: Sherry Cruzat

firewall, routers, switches, and variety of operating systems. My technical expertise is IT, security, web application, network, cloud infrastructure and Microsoft O365 security administration. I’m familiar with standards such as: ISO 27001/27002, CIS Top 20 Benchmarks, PCI DSS, OWASP Top 10 vulnerability, Data Protection Act (Data Loss Protection, DLP), General Data Protection Regulation (GDPR) and NCSC guidance. I have analytical skills and an ability to analyse technical information to identify patterns and trends. Also maintain a current understanding of common vulnerabilities and appropriate remediation. EMPLOYMENT HISTORY

Senior Information Security Analyst – Linnaeus Veterinary Limited Part of Mars Group, Solihull, U.K. Dec 2023 – Oct 2025

Assist with Cyber security incident and familiar with SIEM solution (e.g. SPLUNK, Microsoft Sentinel) for log monitoring and analysis.

Incident Response: Knowledge of incident response processes, including containment, eradication, and recovery.

Incident Remediation: Basic skills in digital forensics and malware analysis to analyse security incidents deeply and gather critical information.

Threat Hunting: Proficient in detecting, analysing, and responding to threats, vulnerabilities, and incidents.

Vulnerability Management: Strong understanding of vulnerability assessment tools (e.g. Nessus, Rapid7, Qualys, Appcheck) and experience in vulnerability management (identifying, prioritising, and mitigate vulnerabilities) and the MITRE ATT&CK framework.

Assisting with penetration tests, firewall rules and remediation activities, carrying out audits and risk assessments in line with group, external and internal IT security audit schedules

Support web application testing and facilitate to identify vulnerabilities in their technical estate.

Providing technical security consultancy to internal projects and key system enhancements, ensuring IT security best practice is adhered to and that key company projects are compliant with IT security policies, driving continual improvement throughout the project lifecycle

Demonstrable experience in Microsoft systems (on-premises, Azure cloud, Microsoft defender), technologies, infrastructure, awareness of systems management and operational support tools.

Working on the security architecture of the estate alongside the IT Operations Teams, driving for secure-by-design solutions

Maintaining and updating the information security controls in place within the estate in line with risk appetite and governance

Managing and calibrating security tooling to maximise effectiveness of uptake and use across the estate

Supporting the Information Security Manager and other key stakeholders in securing the information assets of the UK Protection business

Understanding how processes, controls, and documentation impact technical work.

Knowledge of network security, application security, cloud security, and endpoint protection.

Ability to work both independently and collaboratively.

Strong interpersonal and communication skills (written and verbal), with the ability to interact with technical and non-technical stakeholders.

Conduct due diligence and risk assessments of third-party security controls and posture CURRICULUM VITAE: Sherry Cruzat

Coordinates the classification, identification and ranking of vendor risks and impacts

Supports review and continual improvement of information security supplier due diligence and risk assessment procedures

Assist in the administration and ongoing maintenance of the Information Security Risk Register

Handle Data subject access request (DSAR) in a timely and compliant way (Using Microsoft Purview application) and lead the response to data privacy incidents

Support security frameworks certifications and maintenance including ISO 27001, NIST, SOC2, Cyber Essentials

Conduct Cyber Essentials Gap analysis, prepare report and provide recommendation for security improvement.

Senior Information Security Analyst – Catalyst Housing Group Ltd, Ealing Broadway, London, UK Dec 2018 – Dec 2023

Main Responsibilities:

Carry out daily security monitoring and analysis of the IT security related controls and events, ensuring threats to business information are identified, logged, escalated, and resolved in a timely manner for the following:

o Microsoft Cloud Application

o Microsoft 365 Defender

o Microsoft Office 365 Security and Compliance

o Microsoft Azure Active Directory (Administering and securing Identity Access Management) o Microsoft Azure Cloud (Securing)

o SIEM - Security events

o IDS / IPS - Intrusion detection / prevention

o Data Loss Prevention

o Web Application and network Firewalls

o Email and Web content control

o Antivirus Server and Endpoint Cloud Base Management including Anti-malware o Varonis Sensitive Data Discovery Management

o File Integrity Management

Vulnerability Management – Performed monthly internal vulnerability scan based on the priority (P1, P2, P3) classification of data including DMZ, conduct quarterly external vulnerability scanning assessment and report findings with recommendation. Also manually validate findings and escalate to remediate the risk in timely manner using risk modelling to prioritize vulnerabilities.

Review firewall rules and security configuration based on industry standard and escalate to remediate the risk findings.

Review and audit Operating System (OS) hardening build and configuration based on industry standard then escalate to remediate the risk findings.

Monitor the IT systems against our technical vulnerability standards and monitor user logons, file deletions or modifications and changes in Active directory.

Investigate reported suspicious phishing email and blocked, provide advice and act upon it to mitigate the security incident.

Participate in Information Security incident response, providing review and investigation of security alerts, and ensuring appropriate and timely response actions and escalation. CURRICULUM VITAE: Sherry Cruzat

Conduct Phishing campaign awareness program, produce monthly report and coordinate communication to stakeholder.

Participates in defining and designing enterprise information security strategy, framework, architecture, and long-term road map.

Maintains security documentation and develops architecture approaches to new technologies aligned to the security principles.

Review company's information security policies, process and procedures and aligned with IT security compliance such as GDPR, PCI DSS and ISO27001.

Create security incident playbooks (such as Malware, Ransomware, Phishing, DOS, Lost and Stolen Devices) and ensuring that the organisation has the appropriate controls to protect, detect, respond, and recover from a security related incident.

Perform risk assessments, agree risk remediation action plans and track to completion.

Coordinate third party internal / external network, wireless and application penetration testing engagements

Carry out regular security reviews on identity and access management, user data permissions and IT security control policy.

Conduct 3rd party vendor security assessments and/or due diligence work to aligned with best practices and regulatory compliance.

Responsible for raising change request via change management application (e.g., Marval and JIRA), updating, tracking, and closing of tickets for remediation.

Performs analysis of applications and systems, identifies weaknesses and designs security controls

(people, process and technology).

Coordinate external audits, including internal meetings with stakeholders, prepare for walkthroughs, coordinate the collection and consolidation of evidence

Provide Information Security Training to new Staff on regular basis. Technology Information Security and Risk Analyst - Global Processing Services London, UK Aug 2017 – Aug 2018

Main Responsibilities:

Perform regular monitoring of the IT security related controls, ensuring threats to business information are identified, logged, and escalated in a timely manner.

Perform internal risk assessments including 3rd party vendor security assessment, agree risk remediation action plans and track to completion.

Conduct a regular security review on identity and access management, user data permissions and an annual IT security control policy.

Responsible for ensuring that data and information processing systems are protected in-line with the information & cyber security programme.

Leading and liaising cross team incident management, including identification, triage, response, and root cause analysis. In addition, I've effectively communicated vulnerabilities (both verbally and in writing) to clients and assisting them to mitigate these risks.

Responsible for planning, scoping and the delivery of security engagements internally.

Conducted Source Code Review using Automation Tool (e.g., HP Fortify).

Co-ordinate third party internal / external network, wireless and application penetration testing engagements

CURRICULUM VITAE: Sherry Cruzat

Maintains a high level of technical expertise and awareness in the field of information security, including security standards and good practice, current and emerging threats and vulnerabilities in Information Security and appropriate and evolving mitigating strategies and countermeasures.

Responsible for raising change request via change management application (e.g., Marval and JIRA), updating, tracking, and closing of tickets for remediation.

I've performed ISO/IE 27001 Information Security Management System (ISMS) audit/review assessment and PCI (Payment Card Industry) Security standard audit assessment with the aim of safeguarding sensitive card data for financial companies. In addition, I have performed Cloud Assessment

Monitor the IT systems against our technical vulnerability standards and monitor user logons, file deletions or modifications and changes in Active directory.

Perform a regular vulnerability scan management. Also manually validate findings and escalate to remediate the risk in timely manner.

Review firewall rules and security configuration based on industry standard then escalate to remediate the risk findings.

Maintains security documentation and develops architecture approaches to new technologies aligned to the security principles.

Review company's information security policies, process and procedures in annual basis and aligned with IT security compliance (e.g., GDPR, PCI DSS and ISO27001). Security Specialist – CQR Consulting, Melboune, Australia March 2016 – Sept 2016

Main Responsibilities:

Assisting in planning, scoping and the delivery of security engagements for internal and external clients.

Performed internal and external network infrastructure penetration testing (NIST, SANS).

Performed internal and external web application penetration testing (OWASP).

Performed vulnerability assessment.

Performed Evaluation of Managed Security Services.

Performed Software Classification Assessment.

Conducted configuration review of operating system build review (Windows/Linux), firewall and router.

Evaluating a number of securities tools and provides feedback to business stakeholders

Responsible for working with customer base to assist in identifying and effectively managing information security risks.

Responsible to discuss with clients for identifying and documenting IT security requirements, develop policies, process and procedures to minimize the effects of security breaches. Also identify security gap and provide recommendations.

Provide services utilising CQR Consulting's methodologies and knowledge base.

Providing clients all necessary information security services, both as an on-site resource and through project-based services. This will involve following all published methodologies and processes related to the delivery of the service, including the preparation and presentation of written and oral reports or presentations.

Responsible to complete all administrative functions associated with service delivery within the CURRICULUM VITAE: Sherry Cruzat

approved timeframes, including all reporting activities.

Responsible for the management of small projects where they are usually the sole delivery resource.

Security Assessment of ISO27001 and PCI Compliance. Senior Security Analyst – Deloitte LLP, Melbourne, Australia Feb 2015 – Dec 2015

Main Responsibilities:

Assisting in the planning, scoping and the delivery of security engagements for internal and external clients.

Performed Microsoft SQL Database and Microsoft Exchange security assessment

Performed vulnerability assessment.

Conducted operating system build review (Windows/Linux).

Performed internal and external network infrastructure penetration testing.

Performed internal and external web application penetration testing.

Evaluating several securities tools and provides feedback to business stakeholders.

Provide technical support for Hacking security tools provided by Deloitte.

Conducted ISO27001 assessment and gaps analysis.

Responsible to discuss with business with clients for identifying and documenting requirements, assess technical security risks to data, software and hardware, and develop policies, procedures and contingency plans to minimize the effects of security breaches. Senior Security Consultant - PricewaterhouseCoopers, Sydney, Australia August 2014 – Oct 2014

Main Responsibilities:

Assisting in the planning, scoping and the delivery of security engagements for internal and external clients.

Conduct Cloud assessment based on business process, procedures and best practices, and provides recommendation for further enhancement and improvement.

Perform PCI compliance assessment performing gap analysis and provides recommendation.

Developed and implement PwC Security Work Program on a wide variety of firewall, router, switches, web applications, web server, database and various operating systems based on industry best practices

Mentor and provide technical guidance to team members in executing test cases.

Evaluating several security tools and provides feedback to business stakeholders

Performing infrastructure penetration test, vulnerability assessment and application penetration testing for which all are external penetration for one of Big 4 Australian Bank and NSW Government.

Conduct Firewall review assessment.

CURRICULUM VITAE: Sherry Cruzat

Technical Test Security Consultant - Planit Test Management Solutions, Sydney, Australia January 2014 – June 2014

Main Responsibilities:

Lead security assurance engagements and responsible for application & network security testing

Assisting in the planning, scoping and the delivery of security engagements for 3rd party clients

Work closely with customer project teams and serve as a single point of contact for all security testing related activities

Hands on experience in network vulnerability assessment, application penetration testing and network security audit for firewall, switches and router (External and internal)

Highly skilled in executing manual network, application penetration tests and network security audits (firewall, router and switches)

Analyse application security architecture and understand security threats

Create and execute security strategy test cases for penetration test

Create and review security test reports and evidence for penetration test

Evaluating several security tools and provides feedback to business stakeholders

Provide recommendations to clients in fixing vulnerabilities

Develop frameworks and methodologies to evaluate security in new and emerging technologies including mobile application such as IOS, Android etc.

Assist in building security testing competency

Mentor and provide technical guidance to team members in executing test cases

Developed and implement Planit Security Work Program on a wide variety of firewall, router, switches, web applications, web server, database and various operating systems based on industry best practices

Senior Security Consultant - Vodafone Global Enterprise, London U.K. Main Responsibilities:

June 2013 – Dec 2013

Lead and manage internal and external penetration tests (infrastructure and applications) to ensure quality delivery of world class security solution into the business including those of our customer. Leads the business in assessing and managing risk across the IT, Technology and Security Operations. Responsible for service aspect of technical delivery and implementations of penetration test (internal and external) including other clients. Career Break Oct 2012 – May 2013

Spent Time travelling in USA (Nevada and California), Europe (UK and France), Abu Dhabi, Dubai and South East Asia (Malaysia and Philippines).

CURRICULUM VITAE: Sherry Cruzat

Senior Information Security Consultant - KPMG USA, San Francisco California, USA. KPMG US Jan 2012 – Sept 2012

Lead and manage network security audit and mobile security audit project. Also, lead internal and external penetration test (Network and Applications) including security audit of firewall, router and switches. Senior Information Security Consultant/Advisor - KPMG UK, Canary Wharf, London, UK. KPMG UK Jun 2004 – Dec 2011

Lead internal and external penetration test (Network and Applications) including security audit of firewall, router and switches. Also, Penetration Test Project Coordinator/Operation Manager managing 1 to 4 staff on regular basis, and act as primary contact for 3rd party clients and maintaining an excellent relationship. IT Security Analyst - Portcullis Computer Security Ltd, Pinner, Harrow, United Kingdom July 1999 - April 2004

Responsible for performing penetration test (infrastructure and web applications), war dialling and security audit/review of various operating system, web server, web application and database server for variety of clients (financial banks, telecommunication, retails and government). SKILL SETS

Tools:

Nmap, Mingsweeper, Hping, Amap, WebScarab, Achilles, Burp, Paros, Odysseus, Nikto,Wikto, Nessus Vulnerability scanner, Netcat, Nipper auditing tools, WinAudit, Lynis auditing tools, RAT Auditing tools, Metasploit, HP Webinspect, Acunetix, IBM Appscan, Nexpose, Backtrack/Kali, Solarwinds, Nipper Tools, John the Ripper (password cracker), Cain & Abel, HP Fortify security, McAffe Vulnerability scanner & Anti-virus, Tripwire Tools, Ad Audit Plus (File Integrity tools), Qualys and Nessus Vulnerability Scanner, Adauditplus, Microsoft Office365, Microsoft Azure Portal for Active Directory, Varonis DatAdvange for directory services (Data Governance and Data Protection, Fortinet analyser, Microsoft System Centre Configuration Manager, Sophos Antivirus (Cloud Base), Fortinet Firewall, Checkpoint Firewall, Palo Alto & Watchguard Firewall,Crowdstrike Endpoint solution, Intune, Area 1/Falcon, DNSwatch, Axonius, Service Now, Hunter, Lastpast, Appcheck, Acronis, Microsoft Defender, Microsoft Cloud Apps. Microsoft Secure Score. Technical Skills:

TCP/IP,

Networking,

Microsoft SQL Server

VMware

Identity Access Management e.g., Active Directory

E-mail & Web filtering appliances

CURRICULUM VITAE: Sherry Cruzat

Anti-virus endpoint and server including Anti-malware protection

Vulnerability Scanners

Host intrusion prevention

Network and application firewalls

Cloud Infrastructure and Architecture

Programming Languages:

Basic C++,

Perl

Python

Operating Systems:

Microsoft Windows (10//2000/2003/2008/ Windows Server 2012 R2, 2016, 2019, 2022),

Mac OS, Linux/Unix (Ubuntu, Red Hat/Solaris 8, 9, 10) Technologies:

.NET Framework,

ASP .NET,

Java,

JavaScript,

Flash,

Silverlight

Contact this candidate