Senior Information Security Engineer specializing in Governance, Risk, and Compliance (GRC) at Sri Lanka Cert, with a strong technical foundation in cybersecurity operations. I support organizations in identifying, assessing, and managing information security risks while aligning security controls with regulatory, policy, and business requirements.

My work focuses on risk assessments, security audits, control effectiveness reviews, and continuous improvement of information security programs in line with standards such as ISO/IEC 27001 and related frameworks. I actively contribute to strengthening organizational security posture by translating technical risks into clear, actionable insights for management and stakeholders.

Prior to transitioning into GRC, I gained hands-on experience in threat detection, incident response, and security operations, including the deployment and management of EDR solutions to protect environments against advanced malware and ransomware threats. I also have professional experience as a firewall engineer, managing and troubleshooting enterprise security platforms such as FortiGate, Palo Alto, Prisma SASE, and Sophos, while working closely with vendors to resolve high-impact issues under time constraints.

This blend of operational security and GRC expertise allows me to bridge the gap between technical teams and governance requirements. I am a collaborative professional and effective communicator, committed to building resilient, compliant, and risk-aware organizations.