Suganeswaran Palanichamy

Information Security & GRC Consultant

Suganeswaran
Palanichamy

Helping organisations strengthen security,
manage risk, and build resilient
governance frameworks.

Get In Touch
Scroll
About

Building security
functions from
the ground up.

Security by design —
not checkbox compliance

As founder and security lead of a UK technology company for over six years, I designed and owned the complete information security function from zero — no external consultants, no dedicated security team. Cloud infrastructure, governance frameworks, third-party risk management, data protection, and incident response. All of it.

What that experience produced is rare: the ability to think like a business owner and act like a security professional simultaneously. Security decisions are business decisions — and I treat them as such.

My approach is security-by-design rather than checkbox compliance. I translate technical risk into language that boards and senior stakeholders act on — and I take ownership of outcomes, not just advice.

6+ Years in
Information Security
9 Professional
Certifications
4 Sectors: Technology
Logistics · Healthcare · EdTech
12+ Vendors & Suppliers
Assessed
Areas of Expertise

Hands-on security and governance experience across technology, logistics, healthcare, and education — building and operating complete security functions without external support.

Governance, Risk & Compliance

End-to-end GRC programmes built from zero. ISO 27001 implementation and audit readiness. Risk register design, likelihood × impact scoring, treatment planning, and management reporting. Policy architecture across information security, data protection, and acceptable use. Regulatory compliance mapping across UK, EU, and international requirements.

Cloud Security

Microsoft Azure security architecture and hardening. Sentinel SIEM deployment and alert engineering. Microsoft Defender suite configuration and management. Entra ID identity governance and access control. Zero Trust architecture principles. Secure cloud infrastructure and ongoing security posture management across hybrid environments.

Privacy & Data Protection

Designated Data Protection Officer (DPO) experience — overseeing full GDPR compliance, managing data subject rights, and maintaining ICO regulatory reporting. ISO 27701 privacy framework implementation. Data Protection Impact Assessments. Records of Processing Activities. Privacy-by-design integration into operational workflows.

Network & Infrastructure Security

Cisco network security design and implementation including SCOR-level threat defence. Fortinet firewall deployment and security fabric integration. Network segmentation and secure remote access. Infrastructure hardening across on-premise, cloud, and hybrid environments. Layered technical controls aligned to identified risk.

Third-Party Risk Management

Vendor and supplier security assessment programmes. Contractual security requirements and ongoing third-party monitoring. Supply chain risk identification and treatment. Due diligence frameworks for technology, data processing, and critical service providers. Vendor oversight documentation and review cycles.

AI & Emerging Technology Risk

Awareness of AI-related risks across organisational, regulatory, and technical dimensions. Familiar with the EU AI Act risk classification framework and its governance implications. Able to identify AI risk exposure within existing GRC programmes and support organisations in understanding their obligations under emerging AI regulation.

Tools & Frameworks

Technologies

  • Microsoft Azure & Azure Security Centre
  • Microsoft Sentinel — SIEM/SOAR
  • Microsoft Defender Suite
  • Microsoft Entra ID
  • Cisco — SCOR & CCNA
  • Fortinet Security Fabric
  • AWS Security Fundamentals

Technical Frameworks

  • NIST Cybersecurity Framework 2.0
  • NIST SP 800-53
  • ISO/IEC 27002:2022 Controls
  • MITRE ATT&CK
  • CIS Controls v8
  • Zero Trust Architecture
  • COBIT 2019
```

Organisational Certification Standards

Standards against which organisations are formally certified — covering information security, privacy, business continuity, and cyber hygiene.

ISO/IEC 27001:2022 ISO/IEC 27701:2019 ISO 22301:2019 SOC 2 Type II Cyber Essentials Plus ISO/IEC 27017 ISO/IEC 27018 PCI DSS v4.0

Regulatory Frameworks & Legislation

Legislation and regulatory frameworks shaping information security and data protection obligations across sectors and jurisdictions.

UK GDPR & DPA 2018 EU GDPR NIS2 Directive DORA EU AI Act HIPAA UK Online Safety Act Computer Misuse Act CCPA PDPA Singapore UAE PDPL
```
Services

Structured engagements designed around your organisation's specific risk profile, regulatory obligations, and governance maturity. Each delivered with clear scope, defined deliverables, and measurable outcomes.

GRC Consulting

Project-based · Remote or On-site

Governance, risk, and compliance programme design and implementation for organisations building or maturing their security posture.

  • ISO 27001 gap analysis and certification readiness
  • ISO 27701 privacy framework implementation
  • ISMS design and documentation
  • Risk register build and treatment planning
  • Policy and controls architecture
  • Governance reporting structure design

Risk & Compliance Assessments

Fixed-scope · Defined Deliverables

Structured assessments identifying risk exposure, evaluating control effectiveness, and mapping regulatory obligations — with clear findings and recommendations.

  • Information security risk assessments
  • ISO 27001 internal audit support
  • Third-party and vendor risk assessments
  • GDPR and data protection gap analysis
  • NIS2, DORA, and AI Act readiness reviews
  • Cyber Essentials Plus preparation

Security Advisory

Ongoing · Strategic Input

Independent advisory support for organisations navigating security decisions, regulatory change, or programme direction — without the overhead of a full engagement.

  • Security programme input and direction
  • Regulatory change impact assessment
  • Board and management reporting support
  • Vendor and procurement security review
  • Privacy and data protection advisory
  • AI risk and governance guidance
Credentials

Nine active professional certifications spanning security leadership, risk management, cloud architecture, privacy, and network security — each validated through rigorous independent examination.

CISSP
Certified Information Systems Security Professional
ISC²
CISM
Certified Information Security Manager
ISACA
CRISC
Certified in Risk and Information Systems Control
ISACA
SC-100
Microsoft Cybersecurity Architect Expert
Microsoft
AZ-500
Microsoft Azure Security Engineer Associate
Microsoft
ISO 27001
Lead Auditor — ISO/IEC 27001:2022 Information Security Management Systems
TÜV SÜD (IRCA & CQI)
ISO 27701
Lead Implementer — ISO/IEC 27701:2019 Privacy Information Management
BSI
CCNA
Cisco Certified Network Associate
Cisco
SCOR
Cisco Certified Specialist — Security Core
Cisco

MSc Computer Science with Cybersecurity

University of Sunderland · United Kingdom

2026
Contact

Let's
talk.

Enquiries regarding consulting engagements, risk assessments, and advisory work are welcome.

Email sugnesh@palanichamy.com
LinkedIn linkedin.com/in/suganeswaran-palanichamy
Mobile +44 7501 633 359
Base Milton Keynes, United Kingdom