GRC and Information Security professional with 3 years of experience leading compliance, risk management, and data privacy initiatives. Skilled in ISO 27001, TISAX, SOC 2, and GDPR frameworks, with a strong track record in managing audits, and developing ISMS policies. Experienced in third-party risk evaluations, remediation tracking, and delivering security awareness programs. Adept at aligning security and compliance efforts with organizational goals through cross-functional collaboration and continuous improvement.
Overview
5
5
years of professional experience
Work History
Information Security Analyst
Digital Charging Solutions
08.2024 - Current
Conducted risk assessments across business units to identify vulnerabilities, inform mitigation strategies, and support broader enterprise risk and crisis management initiatives.
Supported external and internal compliance audits (TISAX, ISO 27001, SOC 2) by gathering and validating evidence, mapping controls, and coordinating audit readiness with cross-functional teams.
Developed, reviewed, and maintained ISMS policies and procedures in alignment with ISO 27001 and regulatory requirements such as GDPR and CCPA.
Executed third-party vendor risk assessments, evaluating security posture, data privacy practices, and alignment with internal controls and compliance standards.
Monitored and analyzed real-time security alerts through Microsoft Sentinel (SIEM), investigated incidents, and coordinated remediation efforts in collaboration with the Security Operations Center (SOC).
Participated in the execution and improvement of the incident response plan, contributing to crisis management preparedness and ensuring escalation protocols were followed.
Supported continuous compliance monitoring and audit follow-ups, ensuring timely remediation of findings and closure of control gaps.
Delivered security awareness training and collaborated on educational initiatives to promote a culture of security across departments.
Maintained structured audit documentation, performed internal control testing, and supported the development of compliance dashboards and executive reporting.
Worked with legal, procurement, and engineering teams to integrate security and privacy controls into projects, vendor onboarding, and system design reviews.
Engaged directly with auditors and risk stakeholders to address compliance deficiencies and implement long-term improvements to the GRC framework.
Helped the organization transition to the updated ISO/IEC 27001:2022 standard by aligning policies, controls, and documentation with the revised requirements.
Jr. Information Security Analyst
Globify
07.2022 - 02.2024
Joined Globify as a Junior Security Engineer with a passion for information security, quickly immersing myself in the eld.
Actively participated in multiple security audits, gaining hands-on experience in assessing and enhancing security measures.
Conducted internal audits to identify areas of improvement within the organization's information security program.
Contributed to the enhancement of the Information Security Management System (ISMS) by identifying process improvements and best practices.
Ensured compliance with security frameworks by aligning policies and procedures with ISO 27001.
Boosted cybersecurity awareness among employees through effective training sessions and workshops.
Subgroup officer
Travancore Devaswom Board
05.2020 - 06.2022
Led a cross-functional team in the digitalization e orts of existing systems within the public sector organization.
Conducted thorough analysis to identify potential data leakage points and implemented strategic measures to mitigate risks.
Improved department efficiency by streamlining and implementing policies and processes.
Played a pivotal role in addressing information security aspects throughout the digitization process, ensuring compliance with relevant standards and policies.