Summary
Overview
Work History
Education
Skills
Timeline
Generic

NAVANEETH NAIR

Information Security Analyst
Berlin

Summary

GRC and Information Security professional with 3 years of experience leading compliance, risk management, and data privacy initiatives. Skilled in ISO 27001, TISAX, SOC 2, and GDPR frameworks, with a strong track record in managing audits, and developing ISMS policies. Experienced in third-party risk evaluations, remediation tracking, and delivering security awareness programs. Adept at aligning security and compliance efforts with organizational goals through cross-functional collaboration and continuous improvement.

Overview

5
5
years of professional experience

Work History

Information Security Analyst

Digital Charging Solutions
08.2024 - Current
  • Conducted risk assessments across business units to identify vulnerabilities, inform mitigation strategies, and support broader enterprise risk and crisis management initiatives.
  • Supported external and internal compliance audits (TISAX, ISO 27001, SOC 2) by gathering and validating evidence, mapping controls, and coordinating audit readiness with cross-functional teams.
  • Developed, reviewed, and maintained ISMS policies and procedures in alignment with ISO 27001 and regulatory requirements such as GDPR and CCPA.
  • Executed third-party vendor risk assessments, evaluating security posture, data privacy practices, and alignment with internal controls and compliance standards.
  • Monitored and analyzed real-time security alerts through Microsoft Sentinel (SIEM), investigated incidents, and coordinated remediation efforts in collaboration with the Security Operations Center (SOC).
  • Participated in the execution and improvement of the incident response plan, contributing to crisis management preparedness and ensuring escalation protocols were followed.
  • Supported continuous compliance monitoring and audit follow-ups, ensuring timely remediation of findings and closure of control gaps.
  • Delivered security awareness training and collaborated on educational initiatives to promote a culture of security across departments.
  • Maintained structured audit documentation, performed internal control testing, and supported the development of compliance dashboards and executive reporting.
  • Worked with legal, procurement, and engineering teams to integrate security and privacy controls into projects, vendor onboarding, and system design reviews.
  • Engaged directly with auditors and risk stakeholders to address compliance deficiencies and implement long-term improvements to the GRC framework.
  • Helped the organization transition to the updated ISO/IEC 27001:2022 standard by aligning policies, controls, and documentation with the revised requirements.

Jr. Information Security Analyst

Globify
07.2022 - 02.2024
  • Joined Globify as a Junior Security Engineer with a passion for information security, quickly immersing myself in the eld.
  • Actively participated in multiple security audits, gaining hands-on experience in assessing and enhancing security measures.
  • Conducted internal audits to identify areas of improvement within the organization's information security program.
  • Contributed to the enhancement of the Information Security Management System (ISMS) by identifying process improvements and best practices.
  • Ensured compliance with security frameworks by aligning policies and procedures with ISO 27001.
  • Boosted cybersecurity awareness among employees through effective training sessions and workshops.

Subgroup officer

Travancore Devaswom Board
05.2020 - 06.2022
  • Led a cross-functional team in the digitalization e orts of existing systems within the public sector organization.
  • Conducted thorough analysis to identify potential data leakage points and implemented strategic measures to mitigate risks.
  • Improved department efficiency by streamlining and implementing policies and processes.
  • Played a pivotal role in addressing information security aspects throughout the digitization process, ensuring compliance with relevant standards and policies.

Education

Mechanical Engineering - Engineering

SCT College Of Engineering
04.2012 - 6 2016

Skills

  • Risk Assessments & Risk Treatment Plans
  • Internal & External Audit Coordination
  • Policy Development (ISMS, Data Privacy)
  • Regulatory Compliance (ISO/IEC 27001:2022, TISAX, SOC 2, GDPR)
  • Vendor Risk Management & Third-Party Due Diligence
  • IT General Controls (ITGC) & Control Testing
  • Audit Remediation & Continuous Monitoring
  • Security Awareness & Training Programs
  • Incident Response & Crisis Management Support
  • Security Operations Collaboration (SOC, SIEM Monitoring)
  • Cross-functional Collaboration
  • Strong Written & Verbal Communication

Timeline

Information Security Analyst

Digital Charging Solutions
08.2024 - Current

Jr. Information Security Analyst

Globify
07.2022 - 02.2024

Subgroup officer

Travancore Devaswom Board
05.2020 - 06.2022

Mechanical Engineering - Engineering

SCT College Of Engineering
04.2012 - 6 2016
NAVANEETH NAIRInformation Security Analyst