Summary
Overview
Work History
Education
Skills
Websites
Certification
LANGUAGES
KEY PROJECTS & INITIATIVES
Accomplishments
AWARDS
Timeline
Generic

Rishab Anand

Noida

Summary

Cybersecurity professional with 4+ years of experience in IT Risk Assessment, Vendor Risk Management, GRC, and IT Audit across diverse sectors. Proficient in tools like RSA Archer, ProcessUnity, Logic Gate, and Black Kite. Successfully led numerous vendor risk assessments, reducing onboarding delays and improving remediation timelines. Adapt in ISO 27001, NIST, and SCF frameworks, with a proven track record of cross-functional collaboration and audit participation. Seeking to leverage expertise in IT Risk Assessment, Vendor Risk Management, and GRC functions to drive organizational security and compliance.

Overview

4
4
years of professional experience
1
1
Certification

Work History

GRC lead

Cysigil network pvt ltd
11.2025 - Current
  • Led Customer Trust Assurance strategy, ensuring security and compliance posture exceeded expectations of BFSI clients
  • Acted as primary customer-facing security expert, engaging with client security, audit, and procurement teams.

Security Analyst

Nielsen Media Pvt Ltd
Bangalore
05.2025 - 11.2025
  • Assisted with 18+ customer security requests and answered questions to improve satisfaction.
  • Assisted with customer contract review.
  • Help in streamlining the process by creating SOP.
  • Help in streamlining the process of Audit request intake.
  • Owned end-to-end client audit management (ISO 27001:2022, SOC 2 Type II, GDPR, BFSI regulatory reviews), including readiness, facilitation, and remediation.
  • Translated complex regulatory and audit requirements into actionable tasks for security, engineering, and business teams.

Senior-1 Risk Consultant

E&Y GDS
12.2024 - 05.2025
  • Led over 10 third-party vendor risk assessments using ProcessUnity, LogicGate, JIRA & ProcessBolt, reducing onboarding delays by through early risk detection.
  • Created more than five detailed risk-finding reports based on vendor responses, enhancing remediation timelines by across critical business units.
  • Executed ICT third-party risk assessments in line with DORA requirements, including criticality determination and dependency mapping
  • Maintained and enhanced the DORA-compliant Register of ICT Third-Party Providers, ensuring traceability of critical services, subcontractors, SLAs, and risk ratings.

Information Security Analyst

Lowe’s
Bengaluru
01.2024 - 12.2024
  • Initiated Third-Party Risk Assessments for 40+ new vendors using Black Kite and ProcessUnity, accelerating evaluation.
  • Conducted 25+ vendor re-assessments, identifying 10+ critical control gaps and facilitating timely remediation actions.
  • Leveraged SaaS tools to continuously monitor vendor risk posture, reducing risk exposure by 18% across Tier-1 suppliers.
  • Mapped organizational controls to Secure Control Framework (SCF), improving policy alignment and audit readiness.
  • Coordinated with 10+ business units to initiate and streamline vendor risk assessments, enhancing cross-functional collaboration.
  • Led compliance programs across ISO 27001:2022, SOC 2 Type II, NIST CSF 2.0, data privacy regulations.
  • Developed and strengthened GRC governance frameworks, policies, and control environments.
  • Managed stakeholder communication with leadership, auditors, and cross-functional teams.

Security Compliance Analyst

UGRO Capital
08.2023 - 12.2023
  • Initiated Third-Party Security Assessments for all of active vendors, establishing a structured risk evaluation process from scratch.
  • Designed and implemented detailed Statement of Work (SOW) documents for assessments, reducing ambiguity and delays.
  • Conducted organization-wide User Access Reviews, identifying and revoking 50+ excessive privileges, enhancing data security.
  • Developed a customized vendor risk questionnaire matched with ISO 27001 controls, streamlining evaluations across 20+ vendor categories.

Information Security Engineer

Infosys Limited
09.2021 - 08.2023
  • Led 12+ enterprise-wide risk assessments; tracked 120+ treatment plans with 90% closure rate, improving Infosys’ risk posture.
  • Conducted 15+ onshore/offshore audits; resolved critical vulnerabilities, increasing location-level compliance.
  • Analyzed 35+ internal/external breaches; implemented preventive controls, reducing similar incidents.
  • Authored compliance documents coordinated to ISO 27001/NIST; improved audit readiness and standardized risk governance practices globally.
  • Assessed 50+ vendors’ security controls and VA/PT reports; identified gaps and improved third-party compliance effectiveness.
  • Negotiated security clauses in 15+ vendor contracts; ensured adherence to data protection, breach response, and legal frameworks.
  • Managed full vendor risk lifecycle in RSA Archer; reduced remediation cycle via automation and SLA tracking.

Education

Bachelor of Engineering (B.E.) -

Dayananda Sagar College of Engineering
Bengaluru
08.2021

Skills

  • Risk Management & Assessment
  • IT Risk Management, Risk Assessment, Enterprise Risk Management, Breach Analysis, Risk Treatment Planning, Control Assessment, Contract Risk Review, Operational Risk Assessment, Risk Lifecycle Management, Risk Metrics Monitoring, Risk Register Maintenance, Risk Reporting
  • Third Party & Vendor Risk Management
  • Vendor Risk Management, Security Due Diligence, SaaS Vendor Assessment, Vendor Gap Analysis, Technical Integration Review, Custom Questionnaire Design, SCF Mapping, Data Risk Review
  • Governance, Audit & Compliance
  • GRC, Internal Audit, Regulatory Compliance, ISO 27001, NIST Frameworks, Control Mapping, Policy Development, User Access Review, Governance Standards
  • Information Security & Cybersecurity
  • Information Security, Cyber Risk, Security Controls, Threat Identification, Breach Management, Data Protection, Site Security Audits, Access Management, Risk Mitigation
  • Tools & Platforms
  • RSA Archer, Process Unity, Logic Gate, Black Kite, Excel, ServiceNow GRC , SaaS Monitoring Tools, JIRA (assumed for ticketing), Microsoft Office Suite, Drata,
  • Professional Skills & Initiatives
  • Stakeholder Communication, Report Presentation, Cross-functional Collaboration, Process Automation, Policy Drafting, Project Coordination, Initiative Ownership
  • DORA Regulatory Compliance
  • ICT Risk Management Frameworks
  • ICT Third-Party Risk Oversight

Websites

Certification

• ISO 27001 Lead Auditor,
• Logic Gate Power User – 2023

LANGUAGES

English Proficient, Hindi Native

KEY PROJECTS & INITIATIVES

Vendor Assessment Automation, Conducted PoC using SaaS-based tools like Logic Gate

Accomplishments

  • Cross’Functional Appreciation
  • Appreciation notes from multiple business units for vendor risk execution & audit support.

AWARDS

Insta Award, Infosys – 2022, Certificate of Recognition, Lowe’s – 2024

Timeline

GRC lead

Cysigil network pvt ltd
11.2025 - Current

Security Analyst

Nielsen Media Pvt Ltd
05.2025 - 11.2025

Senior-1 Risk Consultant

E&Y GDS
12.2024 - 05.2025

Information Security Analyst

Lowe’s
01.2024 - 12.2024

Security Compliance Analyst

UGRO Capital
08.2023 - 12.2023

Information Security Engineer

Infosys Limited
09.2021 - 08.2023

Bachelor of Engineering (B.E.) -

Dayananda Sagar College of Engineering

Similar Profiles

  • NABEEL ANWARNABEEL ANWAR

    Sales Officer at SABRE TRAVEL NETWORK PAKISTAN (Pvt.) Ltd, Abacus Distribution Systems Pak. (PvtSales Officer at SABRE TRAVEL NETWORK PAKISTAN (Pvt.) Ltd, Abacus Distribution Systems Pak. (Pvt

  • Seena MenonSeena Menon

    Controller at Acentra Health Software India Pvt Ltd ( Formerly Client Network Services India Pvt Ltd)Controller at Acentra Health Software India Pvt Ltd ( Formerly Client Network Services India Pvt Ltd)

  • NAVEEN TEJANAVEEN TEJA

    HelpDesk Engineer at Microsense Network Pvt. LtdHelpDesk Engineer at Microsense Network Pvt. Ltd

  • HARSH SINGHHARSH SINGH

    Sales Agent at Aditya motorsSales Agent at Aditya motors

  • AKSHAT JAINAKSHAT JAIN

CREATE PROFILE
Rishab Anand