Shivaitgc

Results-driven GRC professional with 5+ years of specialized experience in Third-Party Risk Management (TPRM), Data Privacy (GDPR/DPIA), SOX/ITGC compliance, and ISO 27001 audits — and 7+ years total in IT. Proven track record leading cross-functional risk programs for global clients across Telecom, Banking, and Energy sectors (Hutchison UK, Bank of Montreal, GE Power). CISA certified with hands-on expertise in RSA Archer, OneTrust, CyberGRX, and RSAM.

Known for building scalable vendor risk assessment programs, leading offshore delivery teams, and delivering executive-level risk reporting that drives measurable business decisions.

Project Lead – GRC Consultant - SLN Soft Solutions Pvt. Ltd.

(2022-09)

• Client: Telecom Romania (Vendor Risk Assessment & Data Privacy Program) — Led a 7-member offshore team executing end-to-end vendor risk assessments and privacy impact assessments for 300+ vendors, maintaining program SLAs and reducing third-party exposure for a Tier-1 EU telecom client
• Managed the full VRA lifecycle via RSAM and CyberGRX — from scope intake and vendor engagement to final risk-rated reporting — ensuring zero assessment backlog across quarterly review cycles
• Communicated security requirements and risk findings directly to business stakeholders and vendors as part of an overarching third-party risk management program
• Reviewed preliminary and final assessment reports, delivering actionable remediation recommendations that highlighted vendor strengths, weaknesses, and residual risk levels
• Conducted ongoing risk monitoring due diligence to ensure security controls remained effective as vendor infrastructure evolved
• Served as TPRM program lead, aligning all vendor activities with company security policies, local legal requirements, and regulatory obligations
• Client: Hutchison UK — GDPR & PCI DSS Compliance — Directed a 6-member team across GDPR PIAs, supplier risk assessments, and security incident management for Hutchison UK, covering 300+ suppliers over 2 years
• Served as GDPR SPOC for EU accounts — coordinating with external auditors, legal, HR, IT, and corporate privacy teams on all GDPR-related audits and activities
• Planned and executed GDPR assessments for all EU-scoped projects, engaging stakeholders to define control frameworks, evaluate risks, and prepare executive reports
• Gathered and reviewed PCI DSS evidence, acted as control reviewer during audits, and provided expert consultation on NIST 800-53, PCI DSS, and ISO 27001 standards
• Conducted physical security audits to validate compliance with ISO control objectives across client sites
• Led a small SOC team monitoring, analyzing, and triaging security incidents using Splunk
• Client: Bank of Montreal (BMO Canada) — IT Audit & Third-Party Risk — Executed SIG and ISO 27001-based third-party risk assessments for 50+ cloud and ASP vendors, delivering risk-rated reports with prioritized corrective action roadmaps
• Managed risk assessments end-to-end using RSA Archer, coordinating with application security, cloud assessment, ISOs, and business teams to meet assessment SLAs
• Reported assessment outcomes, risk levels, and remediation status to senior stakeholders, enabling data-driven vendor management decisions
• Contributed to the development and enhancement of the information security management framework aligned to NIST CSF, Cyber Security Framework, and ISO 27001

GRC Analyst — SOX / ITGC / Access Management - Capgemini

(2020-01 - 2022-08)

Client: GE Power

• Led an offshore team of 5 analysts completing system access reviews across 300+ in-scope applications at monthly, quarterly, and annual frequencies — consistently delivering on time with audit-ready documentation
• Reviewed and validated server-based IdM and Non-IdM user accounts (Domain, OS, Application, Database) ensuring least-privilege principles were enforced across Production and Non-Production environments
• Audited Segregation of Duties (SoD) matrices in Development, QA, and Production environments, identifying and escalating control conflicts to management
• Documented Test of Design (TOD) and Test of Effectiveness (TOE) for all reviewed applications, coordinating with Application Owners to resolve compliance gaps within defined timelines
• Reviewed SSAE-16 reports, process/control narratives, and test plans for Banking/Financial and SPII applications in accordance with COBIT control areas and SOX requirements
• Facilitated internal and external (vendor) audit reviews, actively managed finding remediation, and produced executive-level compliance status reports for management
• Created and maintained client-specific SOX support manuals, trackers, and MS Excel dashboards (pivot tables, charts) to support audit review and management reporting

SOC Analyst - Think & Learn (BYJU'S)

(2021-05 - 2021-08)

• Monitored and analyzed security events, triaging and escalating incidents to appropriate teams in a fast-paced SOC environment

IT Security Analyst - Dynamic Solutions

(2018-01 - 2019-12)

• Supported baseline security assessments, access management activities, and security awareness programs, building foundational GRC knowledge across ISMS and compliance domains

B.Tech - Electronics & Communication Engineering - KGRCET, Chilukur — JNTU Hyderabad