Celesty Gedam

Risk Advisory professional with overall 4+ years of experience in Third Party Risk Management, DPDPA Gap Assessment, vendor risk assessments and cybersecurity risk analysis, delivering compliance-focused, risk-based solutions that drive operational efficiency & strategic growth.

Assistant Manager – Risk Advisory - DELOITTE - Pune

(2022-08)

Third Party Risk Management (TPRM)

• Led 100+ end-to-end third-party risk assessments across global vendors, including contract reviews and inherent risk evaluations, ensuring alignment with organizational risk appetite, Digital Lending Guidelines (DLG), Information Security controls and SaaS security standards.
• Reviewed vendor responses and supporting evidence to assess control effectiveness across data protection, access management, encryption, logging, incident response, and business continuity, marking controls as compliant or non-compliant.
• Identified control gaps and residual risks and recommended remediation actions aligned with ISO 27001:2022, DLG expectations and SaaS best practices.
• Collaborated with cross-functional stakeholders to deliver executive-level risk insights and reporting, while consistently applying regulatory and security frameworks (ISO 27001:2022, DLG, SaaS) to enhance compliance coverage and reduce risk exposure.

Assistant Manager – Risk Advisory - DELOITTE - Pune

(2022-08)

Digital Personal Data Protection Act (DPDPA) Gap Assessment

• Conducted end-to-end DPDPA gap assessments across multiple entities by engaging stakeholders and evaluating existing privacy and security controls against regulatory requirements.
• Identified and prioritized compliance gaps based on risk severity and regulatory impact, delivering actionable gap assessment reports and remediation roadmaps for stakeholder alignment and closure.

Assistant Manager – Risk Advisory - DELOITTE - Pune

(2022-08)

Loan Origination System (LOS) & Loan Management System (LMS)

• Conducted comprehensive policy reviews for NBFC, identifying gaps and aligning observations with internal compliance documentation.
• Mapped and analysed regulatory guidelines (RBI IT Framework, Digital Lending, IT Outsourcing, ITGRC, Digital Payment Security, and DPDP Act) to extract compliance, Secure by Design, and Privacy by Design requirements for the RFP and BRD.
• Developed and validated the Business Requirement Document (BRD) focused on embedding compliance, security, privacy controls, alignment with Secure by Design and Privacy by Design principles tailored to NBFC's business functions and stakeholder needs.

Assistant Manager – Risk Advisory - DELOITTE - Pune

(2022-08)

Coupa Management

• Resolved 200+ Coupa procurement tickets, streamlining operations and reducing average resolution time by 30% through efficient issue handling and prioritization.
• Analysed ticket trends and collaborated with cross-functional stakeholders to identify root causes of recurring issues, driving process improvements and improving overall workflow efficiency by 20%.

Risk Management Analyst - DELOITTE - Pune

(2021-09 - 2022-07)

• Executed vendor risk assessments across information security and privacy domains aligned with ISO 27001:2013 and GDPR.
• Analysed vendor services, data classification and control effectiveness, developed gap analysis reports.
• Led global remote vendor assessments and coordinated risk remediation with internal business stakeholders.

M.Tech - Intelligent Systems and Analytics - Maharashtra Institute of Technology ADT University (2019 - 2021)

B.Tech - Computer Technology - RCERT, Chandrapur (2014 - 2018)