Aashish Bende (CISM, CCSP)
Amsterdam
Summary
Results-driven professional with extensive experience in Data Privacy, Security, and IT Audits, seeking a leadership position within a reputable organization. Committed to leveraging my expertise in Data Protection, Risk Management, and IT controls to enhance organizational success and ensure compliance with industry standards and regulations. Passionate about cultivating a culture of security and resilience that empowers teams to innovate and excel.
Overview
10
10
years of professional experience
8
8
Certifications
Work History
Business Assurance Manager (GRC)
TomTom
11.2023 - Current
- Developed and implemented GRC strategies for security and data privacy compliance with GDPR, ISO 27001, and ISO 27018 standards.
- Assessed existing policies and procedures to meet goals and objectives and encourage on-time reviews.
- Established governance, organization and management structure to meet program protocols.
- Led 15+ assessments in key areas such as cybersecurity, data privacy, product security, cloud services, operations, and finance, actively identifying and mitigating risks.
- Engaged in regular meetings with senior VPs and CXOs to discuss findings and provide updates on audit progress and recommendations.
- Added value to company programs by integrating data privacy and security concepts into overall business objectives, providing insights from audits to enhance strategic initiatives..
- Developed risk assessment methodologies aligned with ISO/IEC 27001 and ISO 27018 for effective information security management within audit frameworks.
- Performed AI maturity assessments to evaluate the effectiveness and compliance of Gen. AI initiatives within the organization.
- Prepared and presented detailed audit reports on security assessments to C-Level executives, providing actionable recommendations for risk mitigation.
- Collaborated with cross-functional teams to integrate GRC processes into business operations, enhancing stakeholder engagement by 40%.
- Trained 20+ staff members on GRC frameworks and best practices, fostering a culture of compliance and awareness.
Risk Analyst (GRC)
Booking.com
08.2022 - 11.2023
- Led the development and implementation of comprehensive security and privacy strategies, managing end-to-end risk management for various entities within Booking.
- Prepared and presented quarterly risk reports for C-level executives, summarizing findings and actionable recommendations for proactive risk mitigation.
- Improved the internal control framework for IT and business processes, optimizing workflow within SNOW to enhance security governance.
- Collaborated with Business, Product, Privacy, Legal, and 1st Line Risk teams to conduct risk discussions, calculate inherent and residual risk ratings, and develop robust risk response strategies.
- Advised the Risk and Control Head on Enterprise Risk Management methodologies, partnering with the Chief Privacy Officer and Chief Risk Officer to define the organization's Risk Appetite for privacy.
- Conducted Privacy Risk Assessments and Data Protection Impact Assessments across 15 areas, ensuring alignment with the NIST Risk Management Framework (RMF).
- Produced documentation, including Security Memos and Risk Reports, to facilitate insightful risk reporting for stakeholders.
- Worked with the Data Protection Officer (DPO) to maintain Records of Processing Activities (RoPA) and a robust risk register, enhancing organizational transparency.
- Improved decision-making processes by providing insightful recommendations based on thorough risk analysis.
Assistant Manager
Disney + Hotstar
03.2022 - 07.2022
- Collaborated with global stakeholders to launch Disney+ Hotstar in multiple countries, ensuring compliance with local data privacy regulations.
- Worked closely with Product and Engineering Heads to implement SOX and GDPR controls in Hotstar processes.
- Ensured Hotstar's compliance with data privacy and protection requirements, focusing on GDPR and relevant local laws.
- Conducted a comprehensive assessment of the Hotstar platform, evaluating over 100 applications to identify governance, risk, and compliance gaps.
- Analyzed processes within the Hotstar platform, creating Records of Processing Activities (RoPA) to document data flows and compliance measures.
- Led Data Protection Impact Assessments (DPIA) and performed Privacy Impact Assessments (PIA) to evaluate and mitigate privacy risks.
- Conducted a GDPR Gap Assessment, developed policies and procedures, and performed GDPR audits to ensure compliance.
- Provided strategic advice to the CTO and CIO on identified gaps in current processes, emphasizing necessary security and control measures.
Experienced Consultant (Privacy and Infosec)
EY
05.2021 - 03.2022
- Led projects and provided consultancy services, ensuring successful delivery and effective risk mitigation.
- Conducted comprehensive gap assessments of existing processes, applications, and cloud platforms.
- Developed Data Flow Diagrams to analyze data transfer and flow for client projects.
- Created tailored strategies to assist clients in achieving GDPR and UK DPA compliance, encompassing technical and organizational measures.
- Generated detailed reports, prepared Records of Processing Activities (RoPA), and Breach Management Reports to document compliance efforts and incident response procedures.
- Conducted Data Protection Impact Assessments (DPIA) and risk assessments to evaluate privacy risks and identify areas for improvement.
- Provided insights and recommendations to clients, addressing gaps and vulnerabilities from a security and control perspective.
- Achieved a 20% reduction in project risk through effective risk management strategies.
- Conducted IT audits, ITGC reviews, and IT governance assessments to identify vulnerabilities.
- Analyzed over 30 applications and technologies for compliance with GDPR and CCPA regulations.
- Developed process narratives for designing IT general controls and implemented monitoring and testing procedures to evaluate their effectiveness.
GRC Analyst
eClerx
08.2017 - 05.2019
- Performed audits for various applications, including ITGC and SOX, to assess compliance and identify areas for improvement in controls and processes.
- Worked as a Process Consultant, analyzing complete process flows to enhance IT governance and compliance within audit frameworks.
- Reviewed technical and functional requirements to ensure alignment with IT audit standards and best practices.
- Developed and implemented strategies to improve the efficiency and effectiveness of audit processes and reporting.
- Managed a team of 4 junior analysts, providing guidance and oversight to ensure high-quality deliverables in audit assignments.
Senior Analyst
Searce
06.2015 - 07.2016
- Demonstrated project planning, scheduling, coordination, and execution skills in the context of IT audit projects.
- Ensured project governance by utilizing RACI charts and Gantt charts to clearly define roles and timelines within audit engagements.
- Collaborated with cross-functional teams, including HR, Finance, Operations, and IT, to enhance project flow and achieve audit milestones.
- Conducted risk identification and analysis specifically targeting compliance risks associated with IT audits.
- Implemented risk management strategies and mitigation techniques through Enterprise Risk Management (ERM) and Root Cause Analysis (RCA) tailored for audit scenarios.
Skills
- GRC
- Data Privacy and Protection
- GDPR Compliance
- Risk Management
- ISO 27001/27002
- NIST Framework
Scholastic Record
MBA in Analytics and Finance, 2021, Symbiosis University, CGPA: 7.5/10.
Certification
- Certified Information Security Manager (CISM) - ISACA
- Certified Cloud Security Professional (CCSP) - (ISC)²
- Certified in Cybersecurity (CC) - (ISC)²
- OneTrust Privacy Professional - OneTrust
Timeline
Business Assurance Manager (GRC)
TomTom
11.2023 - Current
Risk Analyst (GRC)
Booking.com
08.2022 - 11.2023
Assistant Manager
Disney + Hotstar
03.2022 - 07.2022
Experienced Consultant (Privacy and Infosec)
EY
05.2021 - 03.2022
GRC Analyst
eClerx
08.2017 - 05.2019
Senior Analyst
Searce
06.2015 - 07.2016
Similar Profiles
Aashish Bende (CISM, CCSP)Aashish Bende (CISM, CCSP)
Internal Audit Manager at TomTomInternal Audit Manager at TomTom
AAKRITI SHARMAAAKRITI SHARMA
Quality Manager/Customer Success Manager at TomTomQuality Manager/Customer Success Manager at TomTom
JULIA FLAMENT-WALLINJULIA FLAMENT-WALLIN
Senior Software Engineering Manager at TomTomSenior Software Engineering Manager at TomTom
Galina KuklenkoGalina Kuklenko
Product Manager Traffic at TomTomProduct Manager Traffic at TomTom
Abdullah AlzelakiAbdullah Alzelaki
Personal Trainer & Group Coach at ONE – Human Performance InstitutePersonal Trainer & Group Coach at ONE – Human Performance Institute