Early-career Information Security Analyst with hands-on exposure across Governance, Risk & Compliance (GRC), security operations, and penetration testing fundamentals. Demonstrated ability to assess technical risk through vulnerability assessment, web and API security testing, network analysis, and Linux system auditing, while aligning findings with organizational risk and compliance objectives. Experienced in supporting security monitoring, incident response, and security awareness initiatives, with a strong understanding of ISO/IEC 27001, PCI-DSS, and audit-driven control validation. Technically proficient in network security, API security testing, log analysis, and security tooling (Burp Suite, Nmap, Wireshark), with the ability to document findings clearly and translate technical issues into business-relevant risk for non-technical stakeholders. Brings a risk-aware, methodical mindset that bridges policy, process, and technical controls, enabling practical security improvements rather than checkbox compliance. Motivated by continuous hands-on learning and real-world impact, with a focus on strengthening organizational security posture through measurable, risk-based decision-making.