Grc Consultant
Current- Partnered with IT management, Information Risk, Compliance, Audit, Project Managers and Lines of business to develop and execute on Risk Mitigation and management plans, risk management strategies and policies to.
- Auditee for external ISO audits leading to successful ISO 27001:2022 certification of consulted organizations. Auditee for yearly TPRM audits conducted on product companies by banks.
- Created metric based dashboard and reports and participated in Strategic Planning discussions to ensure priorities are aligned to mitigate most critical risks.
- Collaborated with IT teams to implement security controls and report on IT risk management activities to stakeholders and management, tracked Risk Mitigation efforts to ensure key milestones are achieved.
- Developed and managed end-to-end compliance framework including information security and privacy policies, procedures, mandatory documents, templates, forms, in-line with ISO 27001:2022, RBI IT GRC circular, Framework.
- Conducted and headed audits including product/software compliance verification and pre-implementation audits, IS audit against RBI Master Directives for NBFCs, SAR Data Localization audit, Gap Assessments against SEBI.
Oct 2022 - Present
