Sabby R.

Leading the group-wide redesign of the GRC and Security strategy across Deliveroo, DoorDash, and Wolt across global regions.

•Building a scalable enterprise GRC operating model across international business units

•Standardising policies, control frameworks, risk taxonomy, and assurance processes group wide

•Aligning controls to ISO 27001, NIST CSF, SOC 2, and AI governance requirements

•Partnering with legal, privacy, security, and engineering leaders on strategic risk initiatives

•Designing board-level risk reporting, governance metrics, and control assurance dashboards

•Reviewing and assessing new GRC tooling capabilities to address AI and emerging technology risks

•Supporting the development of AI governance controls aligned to ISO 42001 and EU AI Act principles

•Leading global workshops to align risk ownership, accountability, and remediation priorities

•Facilitating executive tabletop exercises for cyber and operational resilience scenarios

Led end-to-end GRC engagements and risk management supporting Critical National Infrastructure and AI initiatives, ensuring compliance with Ofgem, NIS2, HMG standards, ISO 27001, NIST CSF, NCSC CAF, ISO 42001, and SOC 2, with full ownership of scope, delivery, and outcomes.

•Managed client relationships with strong professionalism, responsiveness, and trust-based engagement

•Translated complex regulatory requirements into clear, actionable advice for stakeholders

•Produced and quality-assured client-facing governance deliverables, including policies, risk assessments, reports, and audit documentation

•Managed delivery risks and escalations, ensuring timely resolution and sustained client satisfaction

•Supported presales activities including scoping, proposals, and client presentations

•Contributed to internal methodologies, templates, and knowledge sharing to improve delivery consistency

•Delivered ISO 27001, audit readiness, gap analysis, risk treatment, and statement of applicability

•Supported SOC 2 engagements including control mapping, evidence collection, and readiness assessments

•Applied NIST CSF to assess security maturity and develop actionable improvement roadmaps

•Facilitated workshops and tabletop exercises to strengthen incident response and organisational resilience

•Engaged in AI governance including ISO 42001 and awareness of the EU AI Act

•Led implementation of GRC tooling to streamline and automate governance, risk, and compliance workflows

Delivered strategic cybersecurity and GRC assessments for clients across the EMEA region during large scale digital transformation programs, enhancing operational resilience and ensuring compliance with ISO 27001 , NIST, SOC 2, GDPR, and DORA across hybrid cloud and on-premises environments.

• Led Secure by Design, Privacy by Design, and Zero Trust initiatives, enforcing Windows Server

hardening, endpoint compliance via Intune, and establishing DLP, firewall, and encryption baselines to

protect critical infrastructure

• Implemented SIEM (Splunk, Microsoft Sentinel), IDS/IPS, and SOAR integrations to detect, investigate, and escalate threats in alignment with incident response, business continuity, and DR procedures.

• Partnered with regional IT and business units to identify risks, perform vendor and third-party assessments, and deploy mitigations including IAM strategies and network segmentation

• Integrated endpoint management and secure remote access policies via Intune to maintain device compliance across multi-country staff

• Conducted proactive threat intelligence analysis, threat modelling, vulnerability assessments, and

penetration tests, integrating findings into risk mitigation strategies and prioritizing remediation of critical issues

• Supported SecOps and DevOps teams to embed security controls into CI/CD pipelines and produced incident response, DR documentation, and executive security briefings