Aashish Bende (CISM, CCSP)
Amsterdam
Summary
Results-driven IT Audit Manager with 9+ years of global experience in information security, data protection, third-party risk management, and IT audits across diverse industries. Proven expertise in leading audits focused on GDPR compliance, vendor privacy reviews, and policy development. Skilled in executive reporting and presenting findings to C-level executives for informed decision-making. Adept at implementing scalable privacy frameworks that promote a culture of compliance and security. Committed to continuous improvement and risk mitigation to ensure regulatory compliance and the highest standards of information security.
Overview
10
10
years of professional experience
1
1
Certification
Work History
Internal Audit Manager
TomTom
11.2023 - Current
- Developed annual internal audit roadmaps tailored to organizational objectives and risk assessments, facilitating a proactive approach to identifying and mitigating IT compliance and operational risks.
- Established a comprehensive internal audit framework that incorporated risk management practices organization-wide, enhancing visibility into risk exposure and optimizing resource allocation.
- Formulated and executed GRC strategies for privacy and security compliance with GDPR, ISO 27001, and ISO 27018, ensuring adherence to regulatory standards.
- Led over 15 in-depth risk assessments focused on cybersecurity, data privacy, cloud security, and operational risks, providing actionable remediation plans to mitigate identified risks.
- Conducted assessments of AI maturity and compliance specifically for Generative AI initiatives, ensuring alignment with organizational risk management frameworks.
- Collaborated with Security and Legal teams to incorporate appropriate clauses in third-party contracts and conduct thorough vendor privacy assessments.
- Defined and monitored key privacy and risk performance indicators (KPIs), delivering insights to senior leadership to inform strategic decision-making.
- Facilitated targeted training sessions on privacy and GRC for cross-functional teams, fostering a culture of accountability and compliance.
- Presented comprehensive audit and risk reports to C-level executives, supporting data-driven decision-making and strategic planning.
- Evaluated existing IT policies and procedures to ensure alignment with organizational goals and promote timely compliance reviews.
Risk Analyst
Booking.com
08.2022 - 11.2023
- Led the development and implementation of enterprise-wide security and IT audit strategies, effectively managing end-to-end risk across multiple business units.
- Designed and established incident response and issue escalation workflows in collaboration with Risk and Security teams to ensure rapid response to IT security incidents.
- Aligned IT audit initiatives with overarching compliance priorities by engaging continuously with stakeholders across the organization.
- Prepared and presented comprehensive quarterly risk reports to C-level executives, delivering insights and actionable mitigation strategies to enhance IT risk management efforts.
- Strengthened IT and business control frameworks by optimizing security governance workflows within ServiceNow (SNOW) to enhance operational efficiency.
- Collaborated with Product, Legal, IT, and First Line Risk teams to assess risks, calculate inherent and residual risk scores, and develop tailored response plans.
- Partnered with the Chief Information Officer (CIO) and Chief Risk Officer (CRO) to establish the organization’s Risk Appetite regarding IT audits and provide guidance on Enterprise Risk Management (ERM) methodologies.
- Conducted IT Risk Assessments and Data Protection Impact Assessments (DPIAs) across 15+ operational areas using the NIST Risk Management Framework to ensure comprehensive risk evaluation.
- Promoted a culture of compliance through ethics campaigns and organization-wide awareness initiatives focused on IT audit best practices.
- Delivered actionable insights to enhance decision-making and strengthen the organization's overall IT risk posture.
Assistant Audit Manager
Disney + Hotstar
03.2022 - 07.2022
- Collaborated with global stakeholders to launch Disney+ Hotstar in multiple countries, ensuring compliance with local IT audit and regulatory requirements.
- Worked closely with Product and Engineering Heads to implement Sarbanes-Oxley (SOX) and IT controls aligned with GDPR in Hotstar processes.
- Ensured compliance with IT security and protection requirements, focusing on GDPR and relevant local laws.
- Conducted a comprehensive assessment of the Hotstar platform, evaluating over 100 applications to identify governance, risk, and compliance gaps in IT processes.
- Analyzed processes within the Hotstar platform, creating Records of Processing Activities (RoPA) to document data flows and compliance measures related to IT audits.
- Led IT Risk Assessments and conducted Data Protection Impact Assessments (DPIAs) to evaluate and mitigate risks across the platform.
IT Audit Consultant
EY
05.2021 - 03.2022
- Led audit projects and provided consultancy services, ensuring effective risk mitigation strategies.
- Conducted comprehensive gap assessments of processes, applications, and cloud platforms to identify compliance vulnerabilities.
- Developed Data Flow Diagrams to analyze data transfer and workflows, enhancing clarity for audit purposes.
- Created strategies to assist clients in achieving compliance with GDPR and UK DPA, addressing technical and organizational audit requirements.
- Generated detailed audit reports and prepared Records of Processing Activities (RoPA) to document compliance efforts.
- Conducted Data Protection Impact Assessments (DPIAs) and risk assessments to evaluate privacy risks.
- Provided actionable insights to clients, addressing compliance gaps identified during audits.
- Performed IT audits and IT General Controls (ITGC) reviews to identify and remediate vulnerabilities.
- Analyzed applications for compliance with GDPR and CCPA regulations during audit reviews.
GRC Analyst
EClerx
08.2017 - 05.2019
- Performed audits for various applications, including ITGC and SOX, to assess compliance and identify areas for improvement in controls and processes.
- Worked as a Process Consultant, analyzing complete process flows to enhance IT governance and compliance within audit frameworks.
- Reviewed technical and functional requirements to ensure alignment with IT audit standards and best practices.
- Developed and implemented strategies to improve the efficiency and effectiveness of audit processes and reporting.
- Managed a team of 4 junior analysts, providing guidance and oversight to ensure high-quality deliverables in audit assignments.
Senior Analyst
Searce
06.2015 - 07.2016
- Demonstrated project planning, scheduling, coordination, and execution skills in the context of IT audit projects.
- Ensured project governance by utilizing RACI charts and Gantt charts to clearly define roles and timelines within audit engagements.
- Collaborated with cross-functional teams, including HR, Finance, Operations, and IT, to enhance project flow and achieve audit milestones.
- Conducted risk identification and analysis specifically targeting compliance risks associated with IT audits.
- Implemented risk management strategies and mitigation techniques through Enterprise Risk Management (ERM) and Root Cause Analysis (RCA) tailored for audit scenarios.
Education
MBA - Analytics and Finance
Symbiosis University
01.2021
Skills
- IT Audits
- GDPR Compliance
- Governance, Risk & Compliance (GRC)
- Incident Management and Response
- Vendor Privacy Due Diligence
- Audit Risk Assessment
- Data Privacy & Protection
- Internal Control Assessment
Certification
- Certified Information Security Manager (CISM) - ISACA
- Certified Cloud Security Professional (CCSP) - (ISC)²
- Certified in Cybersecurity (CC) - (ISC)²
- IT Audit Fundamentals - ISACA
- OneTrust Privacy Professional - OneTrust
Timeline
Internal Audit Manager
TomTom
11.2023 - Current
Risk Analyst
Booking.com
08.2022 - 11.2023
Assistant Audit Manager
Disney + Hotstar
03.2022 - 07.2022
IT Audit Consultant
EY
05.2021 - 03.2022
GRC Analyst
EClerx
08.2017 - 05.2019
Senior Analyst
Searce
06.2015 - 07.2016
MBA - Analytics and Finance
Symbiosis University
Similar Profiles
AAKRITI SHARMAAAKRITI SHARMA
Quality Manager/Customer Success Manager at TomTomQuality Manager/Customer Success Manager at TomTom
JULIA FLAMENT-WALLINJULIA FLAMENT-WALLIN
Senior Software Engineering Manager at TomTomSenior Software Engineering Manager at TomTom
Galina KuklenkoGalina Kuklenko
Product Manager Traffic at TomTomProduct Manager Traffic at TomTom
Abdullah AlzelakiAbdullah Alzelaki
Personal Trainer & Group Coach at ONE – Human Performance InstitutePersonal Trainer & Group Coach at ONE – Human Performance Institute
Luke HuijsenLuke Huijsen
Audit Assistant at Baker TillyAudit Assistant at Baker Tilly