Summary
Overview
Work History
Education
Skills
Timeline
Generic

BC KUMAR

Hyderabad

Summary

Detail-oriented IT Audit and Information Security professional with over 4 years of experience in ITGC testing, risk assessments, and regulatory compliance. Evaluated control design and effectiveness, supported ISO 27001 implementation, and managed third-party risk activities. Utilised ServiceNow GRC and RSA Archer for tracking risks, controls, and audit evidence, ensuring SOX and compliance readiness through collaboration with cross-functional teams.

Overview

4
4
years of professional experience

Work History

CONSULTANT

THOUGHTPROCESS SOFTTECH
01.2025 - 06.2026
  • Delivered IT audit and compliance support by evaluating IT General Controls (ITGC) across user access, change processes, and IT operations to ensure alignment with SOX and internal audit standards.
  • Contributed to ISO 27001 ISMS deployment efforts by supporting audit readiness activities, validating control implementation, compiling evidence, and maintaining compliance records.
  • Evaluated control design adequacy and operational performance, recorded test outcomes, and monitored corrective action plans to address identified deficiencies.
  • Participated in IT and information security risk assessments by identifying key risk exposures, reviewing compensating controls, and maintaining detailed risk and issue registers.
  • Executed third-party risk management processes through vendor assessments, risk questionnaire reviews, and coordinated remediation follow-ups to enhance compliance posture.
  • Mapped and validated controls against regulatory and compliance frameworks like NIST CSF, PCI DSS, GDPR, and SOX, supporting continuous compliance initiatives.
  • Administered ISMS documentation by organizing policies, procedures, risk records, and audit artifacts throughout the compliance lifecycle.
  • Documented and tracked risks, controls, issues, and remediation plans in ServiceNow GRC, ensuring real-time visibility into compliance status.
  • Supported audit reporting and control management activities within RSA Archer by updating control libraries, logging test evidence, and preserving audit trails.
  • Partnered with IT, cybersecurity, and business stakeholders to obtain supporting documentation, define control ownership, and drive timely closure of audit observations.
  • Developed, reviewed, and maintained organizational policies and procedures to align with regulatory requirements and industry standards, ensuring consistent governance and audit readiness.
  • Created and managed comprehensive GRC documentation, including risk registers, control frameworks, and compliance reports, improving traceability, transparency, and stakeholder communication.
  • Tracked and prioritized vulnerabilities using CVE database and CVSS scoring to support risk assessments, remediation planning, and compliance reporting aligned with NIST CSF and PCI DSS requirements.

ASSOCIATE

Careerpedia
03.2024 - 12.2024
  • Performed enterprise IT and information security risk assessments, identifying high-impact risks, evaluating safeguards, maintaining risk and issue logs, and tracking mitigation progress.
  • Oversaw Third-Party Risk Management (TPRM) processes, including vendor risk evaluations, analysis of security questionnaires, and tracking of corrective actions to mitigate third-party exposures.
  • Led IT audit support activities by reviewing IT General Controls (ITGC) across access provisioning, change governance, and IT operations, ensuring compliance with SOX and internal audit standards while validating both control design and performance.
  • Facilitated ISO 27001 ISMS compliance by preparing for audits, confirming control implementation, maintaining policies and procedures, and coordinating remediation of identified control weaknesses.

ASSOCIATE

Think & Learn
05.2022 - 03.2024
  • Executed IT audit and compliance initiatives by assessing IT General Controls (ITGC) across access governance, change management, and IT operations, ensuring compliance with SOX and internal audit requirements while evaluating control design and operating effectiveness.
  • Conducted IT and information security risk assessments by identifying key risks, evaluating mitigating controls, maintaining risk registers, and tracking issue resolution activities.
  • Mapped and tested controls against regulatory and industry frameworks such as NIST CSF, PCI DSS, and SOX, ensuring ongoing compliance and risk mitigation.
  • Leveraged governance, risk, and compliance platforms including ServiceNow GRC and RSA Archer to document controls, track risks and issues, maintain audit evidence, and facilitate cross-functional collaboration for timely audit closure.
  • Supported ISO 27001 ISMS implementation and audit readiness by validating controls, compiling evidence, maintaining compliance documentation, and coordinating remediation of identified gaps to enhance overall security posture.
  • Conducted Third-Party Risk Management (TPRM) activities, including vendor due diligence reviews and risk questionnaire analysis, while tracking corrective action plans to address identified risks.

Education

B.E - ECE

Osmania University
Hyderabad, TG
06-2018

Skills

  • ITGC Testing
  • GRC
  • Internal Audit
  • ISMS
  • ISO 27001 Implementation
  • SOC 2
  • TPRM
  • Risk Assessment
  • CVEs
  • Vendor Risk Management
  • PCI DSS
  • GDPR
  • NIST CSF
  • HIPAA
  • SOX Compliance
  • RSA Archer
  • IT audit
  • ISMS documentation
  • IT governance

Timeline

CONSULTANT

THOUGHTPROCESS SOFTTECH
01.2025 - 06.2026

ASSOCIATE

Careerpedia
03.2024 - 12.2024

ASSOCIATE

Think & Learn
05.2022 - 03.2024

B.E - ECE

Osmania University

Similar Profiles

CREATE PROFILE
BC KUMAR