Max Couling

Cybersecurity professional with hands-on experience in financial services security, risk assessment, and regulatory compliance. Proven track record supporting RBNZ requirements and SWIFT audits.

Contact:

WORK EXPERIENCE

Ernst & Young (EY) | Cybersecurity Consultant - Client Secondment - Risk & Compliance Specialist

Aug 2025 - Present

  • Achieved zero-finding SWIFT CSP audit certification by coordinating evidence collection across 25 mandatory controls, strengthening organisation's payment security posture and compliance.
  • Conducting 10+ risk assessments across IT, OT, and third-party environments, managing security exemption process for 10+ requests while balancing business requirements against NIST 800-53 controls.
  • Performing weekly application security assessments for onboarding, analysing applications with 50-1000+ vulnerabilities (SQL injection, XSS, open-source risks); reduced false positives through code-level verification, including identifying a false positive where the tool flagged Playwright test scripts rather than prod code.
  • Working directly with Head of GRC and CISO to support enterprise-wide security initiatives and governance program.

Graduate Cybersecurity Consultant

Mar 2025 - Aug 2025

  • Supported financial services clients including life insurance companies and banking institutions with cybersecurity maturity improvements and regulatory compliance.
  • Helped insurance client achieve RBNZ Cyber Resilience baseline requirements, focusing on Govern and Identify domains of NIST CSF 2.0 Cybersecurity Framework.
  • Designed and facilitated C-Suite workshops that secured executive buy-in for expanded cybersecurity initiatives and increased security investment.

Intern Cybersecurity Consultant

Nov 2023 - Feb 2024

  • Covered Technical Business Analyst role for SailPoint IdentityNow implementation, facilitating UAT's, validating access review functionality, and coordinating with stakeholders to ensure successful deployment across 22,000+ users.
  • Validated IAM implementation against security requirements and stakeholder needs, ensuring access controls aligned with principle of least privilege across the organisation.

Exzel IT Consulting | Part-Time IT Specialist

Sep 2022 - Jun 2023

  • Provided on-site and remote technical support including network troubleshooting, hardware repairs, system configuration and secure data destruction for small businesses and education centres.

EDUCATION

University of Auckland | Bachelor of Science, Majoring in Computer Science and IT Management

Completed: Nov 2024 | GPA 6.83

  • Top Achiever Scholarship ($20,000)
  • Awarded highest grade in INFOMGMT 399 (top of class)
  • Class Rep

PROJECTS

SurveyHustle | Website | GitHub

Full-stack Flask & PostgreSQL platform enabling ethical, privacy-focused data sharing through anonymised surveys, integrating Differential Privacy and deployed on my Raspberry Pi with Cloudflare Tunnels/protection.

Home Security Lab

Self-configured network environment including Ubiquiti EdgeRouter with custom firewall rules, Docker containers (Vaultwarden, ‘SurveyHustle’, PiHole), and Cloudflare tunnel implementation for secure remote access.

CERTIFICATIONS, SKILLS & INTERESTS

  • Certifications: Microsoft Certified, AZ-900 & AI-900, EY Solution Architecture and Cyber Bronze badges
  • In-Progress Certifications: CompTIA Security+ certification (self-study), AZ-500, OWASP API Security Top 10
  • Technologies: Python (Flask), Azure, Git/Github, Excel, SQL (PostgreSQL), Docker, Linux, ServiceNow (GRC)
  • Skills: Project Planning & Delivery, Stakeholder Management, Information Security, Workshop Facilitation
  • Interests: Space, Video Games, Board Games, Building PCs & tinkering with hardware, My German Shepherd ‘Jet’