Gourav Gupta

Cybersecurity professional with 4.4 years of experience in information security, GRC, ISO 27001/22301 implementation, security audits, and cybersecurity projects. Skilled in leading audit lifecycles, policy development, compliance automation, and mentoring teams. Seeking a role to drive risk management, regulatory compliance, and security innovation, and contribute to the growth and success of the org.

GRC Specialist - Onextel Pvt ltd - Noida SEC 132, ATS Banquet Tower, Delhi

(2025-11)

• Conducted and supported internal audits across multiple standards, including QMS, BCMS, ISMS, and PIMS, along with external audits (Stage 1 & Stage 2).
• Developed and delivered training and awareness programs on MRM, ERT, and compliance frameworks (QMS, ISMS, BCMS, PIMS) for employees and stakeholders at Onextel.
• Mentored interns on Governance, Risk, and Compliance (GRC), cybersecurity fundamentals, and CERT-In reporting requirements.
• Performed risk assessments and maintained key risk documentation, including risk registers and Business Impact Analysis (BIA) reports.
• Collaborated closely with leadership, including the CEO and founding team at XIOTZ, to identify and remediate vulnerabilities and strengthen security posture.
• Worked cross-functionally with IT, HR, Admin, Tech Support, and Product teams to enhance security controls, ensure compliance, and resolve audit non-conformities.
• Led initiatives on QMS control mapping and compliance alignment across business processes.
• Drafted and maintained policies, procedures, and guidelines in line with industry standards and regulatory requirements.
• Conducted Third-Party Risk Management (TPRM) assessments for vendors, including organizations such as SBI Life Insurance.
• Addressed and resolved non-conformities across domains such as end-user security, Data Loss Prevention (DLP), and antivirus controls.

Manager-GRC - Pyramid Cybersecurity and Forensic Pvt. Ltd. - Okhla NSIC Complex, Delhi

(2025-01 - 2025-10)

• Led implementation of ISO/IEC 27001:2013 & 2022 and ISO 22301:2019 (BCP, DR, BIA, ICM) audits for clients including Trilegal, AZB (law firms), Muthoot Gold Fincorp, and Alert Insurance, ensuring regulatory compliance and alignment with Pyramid's business objectives.
• Strengthened security posture by developing BCMS/ICMS templates and 25+ policies/SOPs (Risk Assessment, BCP/DR, Asset Management, Change Management, Workplace Surveillance, IAM, Incident Response) aligned to ISO 27001, ISO 22301, and NIST CSF.
• Identified control gaps and failures, provided remediation guidance, tracked closure, and ensured timely delivery of compliance initiatives and technical control implementations.
• Acted as single point of contact for cybersecurity, providing strategic risk guidance, regulatory alignment, and best practices to Pyramid and client stakeholders.
• Directed full audit lifecycle – planning, scoping, execution, reporting, and follow-up – for internal and client-facing cybersecurity audits.
• Mentored and led a GRC team, delivering hands-on training in cybersecurity, auditing, and documentation with real-world project exposure.
• Conceptualized and delivered "Cybermetric AI" and "SecUrAuditz" – proprietary GRC automation platforms leveraging AI/ML/Cloud Security for compliance monitoring across 34+ frameworks (ISO 27001, ISO 22301, NIST CSF/RMF, ISO 31000, TPRM, SOC, ITGC and more).
• Designed master Excel control checklists for 34+ global standards and frameworks (ISO 27001, ISO 22301, NIST CSF/RMF, ISO 31000, TPRM, SOC, ITGC and more) used as compliance databases in "Cybermetric AI" and "SecUrAuditz" projects.
• Enhanced "Cybermetric AI" tool's UI/UX and functional performance by aligning design with real-world audit workflows and client requirements.
• Built KPI/KRI & Risk dashboards to track controls & threats effectiveness, audit findings, remediation SLAs, and evolving risk exposure across business units.
• Automated incident detection, control monitoring, and compliance reporting using SIEM, DLP, vulnerability scanners, and "Cybermetric AI", delivering vulnerability reports to CERT-IN.

Associate GSO - Publicis Sapient - Gurgaon, Candor Techspace

(2024-06 - 2024-10)

• Responsible and accountable for releasing comprehensive final BCP audit reports during Q3 and Q4, for over 40+ client engagements like Bain Capital, Northern Trust, McKinsey etc. & delivered presentations to key stakeholders and leadership on IT compliance risks and control effectiveness
• Facilitated projects and supported multiple security initiatives, including identifying, assessing, and prioritizing risks for treatment, while tracking them to successful closure
• Present updates on trackers, maintaining detailed records in designated repositories. Actively participated in team and stakeholder meetings, delivering clear and concise status updates on assigned tasks
• Collaborated with stakeholders and clients to drive security projects, ensuring compliance and effective risk management throughout the process
• Coordinated security efforts with geographically distributed teams across multiple locations.
• Facilitated BCP, DR programs, and risk management frameworks for emerging technologies like Gen AI and AI, contributing to security program enhancements.
• Proficient in using OneTrust tool, MS Office tools and Adobe.
• Served as a trusted security advisor, guiding stakeholders on aligning with security compliance, managing risks, and overseeing security audit

Senior Information Security Analyst - HCL Technologies (Innoraft Solutions Pvt Ltd.) - Delhi NCR, Noida, Sec-126

(2021-10 - 2023-11)

• Responsible and accountable for conducting various security audits like GRC, ISO 27001, TPRM, Client audits for over 90+ client engagements like Google, Microsoft, FB, Xerox, AT&T, IKEA, H&M, etc.
• Plan, execute, report, and follow up for the closure of various audits in line with organization policies.
• Establishing and maintaining a risk register and weekly executive summary dashboards for leadership.
• Facilitate change management with the security team for changes.
• Vulnerability & Risk Management, ensuring a holistic view of all gaps and following up for closure.
• Conducted Security configuration log reviews for network devices, including routers, switches, and firewalls.
• Regular monitoring of the IPS/IDS version of firewalls, Network Architecture Diagram & Network security.
• Working on tools like the RSA SIEM tool, HPNMMI, HPNA, Fire Hx tool, and BMC Remedy tool.
• Ensure robust end-user domain security using the compliance measures of AV, Patch, Encryption, DLP, and more.
• Working across cross-functional teams to remediate security incidents and cybersecurity threats and give assurance to stakeholders through reports.
• Taking the initiative to regulate and monitor security incidents and risks across various domains like Network, IAM, Logical, Operational, Backup, Asset, Access management security, and more.

Internl0 (GPCSSIP) - GP Cybercell, HQ - Haryana

(2021-06 - 2021-08)

• Gained practical exposure to Ethical Hacking, Cybersecurity, Forensics, Threat Intelligence, VAPT, various kinds of Cyberattacks, Cyber threats, Digital crimes & Digital Frauds.
• Learned national-level cybersecurity frameworks, career paths, and growth opportunities.

B.SC - Electronics - Acharya Narendra Dev College (2018 - 2021)

12th Standard - Science - B.M.V.B A.S.M.A -GK 2 (2017 - 2018)

10th Standard - General - B.M.V.B A.S.M.A -GK 2 (2015 - 2016)