Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Aashish Bende (CISM, CCSP)

Amsterdam,

Summary

Results-driven Senior Risk & Audit Manager with 8+ years of global experience in IT Audit, Governance, Risk & Compliance (GRC), Data Privacy, and Cybersecurity across IT/ITES, FinTech, and Automotive sectors. Proven track record in developing risk strategies, leading audits, implementing frameworks (ISO 27001, NIST, DORA, PCI-DSS), and enhancing security governance. Recognized for strategic thinking, cross-functional leadership, and delivering measurable compliance and risk mitigation outcomes.

Overview

10
10
years of professional experience
1
1
Certification

Work History

Senior Manager Risk and Security

TomTom
11.2023 - Current
  • Developed and implemented enterprise GRC strategy aligned with GDPR, ISO 27001, and ISO 27018.
  • Led 15+ risk assessments across cybersecurity, data privacy, cloud, and operations, delivering actionable mitigation plans.
  • Conducted AI maturity and compliance assessments for Generative AI initiatives via the EU AI Act; implemented DORA compliance framework.
  • Presented audit and risk reports to CXOs, supporting informed decision-making; assessed existing policies and procedures to meet goals and ensure timely reviews.
  • Integrated NIST and ISO standards into organizational compliance strategy, improving audit readiness.
  • Strengthened information security posture by enhancing security architecture, enforcing access controls, and monitoring compliance with internal and regulatory requirements.
  • Managed a 6-member team, driving compliance programs and risk reporting to executive leadership.

Risk Analyst (Fintech)

Booking.com
08.2022 - 11.2023
  • Conducted comprehensive privacy risk assessments, DPIAs, and third-party/vendor security & privacy reviews, applying NIST RMF and ISO 27001 control mapping.
  • Defined, monitored, and reported key privacy, risk, and information security KPIs to C-level executives, enabling data-driven governance decisions.
  • Led DORA compliance initiatives, embedding operational resilience, ICT risk management, and security testing requirements into business processes.
  • Designed and implemented incident response playbooks, streamlined breach reporting, and enhanced governance workflows via ServiceNow GRC modules.
  • Partnered with the Chief Privacy Officer (CPO) and Chief Risk Officer (CRO) to define the organization’s privacy risk appetite, integrate it into the Enterprise Risk Management (ERM) framework, and align with global data protection regulations.

Assistant Manager - Risk and Security

Disney + Hotstar
03.2022 - 07.2022
  • Led GRC assessments during multi-country platform launches, ensuring GDPR and local privacy law compliance.
  • Performed RoPA documentation, privacy gap assessments, and implemented DPIA/PIA frameworks.
  • Delivered executive-level risk reports and advised on privacy/security enhancements.
  • Performed multiple Security and Privacy assessments and enhanced the Internal Control Framework.

Senior Consultant

EY
05.2021 - 03.2022
  • Collaborated with multiple financial clients, to ensure compliance with GDPR and PCI DSS regulations, implementing tailored strategies that addressed their unique compliance challenges and industry requirements.
  • Conducted comprehensive gap assessments of existing processes, applications, and cloud platforms.
  • Developed Data Flow Diagrams to analyze data transfer and flow for client projects.
  • Conducted Data Protection Impact Assessments (DPIA) and risk assessments to evaluate privacy risks and identify areas for improvement.
  • Achieved a 20% reduction in project risk through effective risk management strategies.
  • Analyzed over 30 applications and technologies for compliance with GDPR and CCPA regulations.

GRC Analyst

eClerx
08.2017 - 05.2019
  • Performed Performed audits for various applications, including ITGC and SOX, to assess compliance and identify areas for improvement in controls and processes.
  • Worked as a Process Consultant, analyzing complete process flows to enhance IT governance and compliance within audit frameworks.
  • Reviewed technical and functional requirements to ensure alignment with IT audit standards and best practices.

Senior Analyst

Searce
06.2015 - 07.2016
  • Conducted risk identification and analysis specifically targeting compliance risks associated with IT audits.
  • Collaborated with cross-functional teams, including HR, Finance, Operations, and IT, to enhance project flow and achieve audit milestones.
  • Implemented risk management strategies and mitigation techniques through Enterprise Risk Management (ERM) and Root Cause Analysis (RCA) tailored for audit scenarios.
  • Conducted a GDPR Gap Assessment, developed policies and procedures, and performed GDPR audits to ensure compliance.
    Provided strategic advice to the CISO on identified gaps in current processes, emphasizing necessary security and control measures.

Education

MBA - Analytics And Finance

Symbiosis University
India
04-2021

Skills

  • IT Audit & Governance
  • Third-Party Risk Management
  • Data Privacy & GDPR Compliance
  • Incident & BCP Management
  • Information Security
  • AI Framework and Compliance
  • Security Architecture & Controls
  • Policy & Procedure Development
  • GRC Tools: OneTrust, ServiceNow
  • Security Architecture

Certification

  • Certified Information Security Manager (CISM) - ISACA
  • Certified Cloud Security Professional (CCSP) - (ISC)²
  • Certified in Cybersecurity (CC) - (ISC)²
  • Certified Privacy Technologist (CIPT) - IAPP
  • OneTrust Privacy Professional - OneTrust

Timeline

Senior Manager Risk and Security

TomTom
11.2023 - Current

Risk Analyst (Fintech)

Booking.com
08.2022 - 11.2023

Assistant Manager - Risk and Security

Disney + Hotstar
03.2022 - 07.2022

Senior Consultant

EY
05.2021 - 03.2022

GRC Analyst

eClerx
08.2017 - 05.2019

Senior Analyst

Searce
06.2015 - 07.2016

MBA - Analytics And Finance

Symbiosis University

Similar Profiles

CREATE PROFILE
Aashish Bende (CISM, CCSP)