Bhavna Tiwari
Hyderabad
Summary
IT Auditor | Compliance & Risk Management At Cornerstone OnDemand, I worked as an Information Technology Auditor within the Cybersecurity Assurance team, helping organizations identify and mitigate risks related to compliance and risk management. I actively participated in both internal and external audit initiatives covering information security controls and regulatory compliance—ensuring every audit delivers clarity, accountability, and strategic value. With a strong technical foundation, I simplify complex audit findings for diverse stakeholders and foster collaborative environments that drive continuous improvement. I have 4.5 years of experience across various domains of information security, including Information Security Governance, Compliance, Security Awareness, Vendor Risk Management, Identity & Access Management, Internal and External Audits, and Process Audits. Additionally, I possess basic experience in Quality Assurance and assessments for PCI DSS and NIST CSF frameworks. Seasoned Consultant in the Risk Advisory team of Deloitte Touche India LLP, with a robust background in cyber risk management and process improvement. Excelled in delivering tailored solutions, enhancing organizational efficiency by implementing strategic changes, and Implementing ISO27001 and cyber security. I have worked on multiple projects that involved implementing and testing security controls, policies, and frameworks, I gained valuable skills and knowledge in ISO 27001, ISO27002:2022, Cyber Maturity Assessment and other security standards.
Results-driven IT Auditor with expertise in Cybersecurity, Risk Management, and Compliance Documentation. Proven ability to conduct comprehensive audits and enhance cybersecurity posture through effective process improvements.
Detail-oriented professional with extensive experience in Vendor Risk Management and compliance documentation. Successfully led SOC 2 audits and improved internal controls, driving measurable outcomes in cybersecurity assessments and process enhancements.
Overview
5
5
years of professional experience
4
4
years of post-secondary education
1
1
Certification
Work History
IT Auditor
Cornerstone OnDemand
Hyderabad
11.2024 - Current
- I worked on several controls and audit reviews, including: IDS Reports Review, Supportsite Records and Logs Review, External Security Scan Review, CSX Infrastructure Change Review, Patch Defects Review, Position and Division Change Review, Bitbucket Configuration Scan Review, Hotfix Review, AWS Production Backup Review, Background Check Review, Saba Production Backup Review, EdCast Production Backup Review, Various other audit reports
- Preformed the TRS-Hunters SOC Audit to evaluate the design and implementation effectiveness of the Technology Security Requirements (TSR) for the Hunter SOC Platform. Reviewed their platform to improve: Threat visibility, Incident response speed, Centralized team management, Overall cybersecurity posture.
- Worked on Vendor Risk Management (VRM) - Worked on SOC 2 Type 2 reports with multiple vendors also Managed vendor tickets in Zengrc tool and created new vendor entries using the Vendor Classification Matrix and Enhanced understanding of vendor risk management processes and compliance documentation.
- Phase 1 SOC 2 Audit - where I am successfully lead and delivered the Global Controls related evidences like (Termination list, new customer list, New product list, security incident policy, VRM vendor and product list etc) There are some evidences which I identify the loophole for Talent Development activity and IT-Security awareness training.
- Learning and Development Studied AI-specific concepts, particularly AI agents, which are software systems capable of: Reasoning, planning, and memory Autonomous decision-making, learning, and adaptation Gained hands-on experience with the Cornerstone Digital Hub Tool, focusing on: Excel analysis Image analysis
- Tools: Splunk, SailPoint, ADManager Plus, Bitbucket, Dome9, DLP, ZenGRC, OneTrust, Support site tool
- Security Operations & IAM: SIEM (Splunk), SailPoint, AD/ADManager Plus review
- Conducted audits of IT systems to ensure compliance with industry standards.
- Reviewed system configurations for adherence to company policies.
- Prepared audit reports detailing findings and recommendations for improvements.
- Analyzed data to assess the effectiveness of IT processes and controls.
- Determined which processes would improve internal controls and operating efficiency for company.
- Performed information system audits to manage internal controls and assess risks.
Consultant
Deloitte
Bengaluru
07.2024 - 11.2024
- Worked as an Auditor for the insurance company related to ISO Framework
- Currently working as “System and Organization Controls” Member in a leading bank where I am handling the phasing and tread hunting
- Performing Cyber Maturity Assessments using Deloitte's proprietary CSF framework. Assessing key domains such as - User Access management, SDLC, BCP, Network Security, Incident management, Physical security, Cyber analytic etc.
- Performed security configuration reviews - using CIS-PRO scripts.
- Worked and managed multiple engagement of ISO_IEC 27002 and ISO_IEC 27001.
- Worked on manufacturing client audit review also provide with Assist with work paper review and report preparation. Identify potential risks and controls and assist in developing scope and work programs.
- Keep tracking and encoded the company's receipts, financial reports, and taxation requirements. Provided the loopholes/audit-Related gaps which helped the client's PNL growth, Assist with documentation process controls including performing walk-throughs and reviewing the testing of controls.
- Worked on the Cyber Maturity Assessments using ISO_IEC 27001 Framework, Assessing key domains Global solution, Supplier management, Network asset, Incident Management, Logging and Monitoring, IAM, HR etc.
- Worked on ISO 27001 risk assessment framework using ISO risk management methodology where I work on the GAP assessment report and the policies.
- Worked as a PMO supported remediation Management and finding closure follow ups calls with clients. Manage the archer upload of all penetration testing finding for final report.
- Worked on the re-test (Low and Medium) by using different types of tools like Nmap, MySQL, Wire shark, Nesses. Also responsible for maintaining operations, technical order checklist and client relationships.
- Report daily, weekly and monthly as per project requirements.
- Working on the ISO_IEC 27001 engagement where I managing the different analysis report, weekly report and assessment report update the trackers and excel sheet.
- Collaborated with cross-functional teams to enhance project delivery.
- Conducted research to identify industry trends and best practices.
- Prepared detailed reports to communicate findings and recommendations.
- Supported clients in implementing change management strategies effectively.
Senior Risk Analyst
Deloitte
Bengaluru
05.2022 - 06.2024
- Performing Cyber Maturity Assessments using Deloitte's proprietary CSF framework
- Assessing key domains such as - User Access management, SDLC, BCP, Network Security, Incident management, Physical security, Cyber analytic etc.
Risk Analyst
Deloitte
Bengaluru
09.2021 - 05.2022
- Performed security configuration reviews - using CIS-PRO scripts
- Worked and managed multiple engagement of ISO_IEC 27002 and ISO_IEC 27001
- Worked on manufacturing client audit review also provide with Assist with work paper review and report preparation
- Identify potential risks and controls and assist in developing scope and work programs
- Keep tracking and encoded the company's receipts, financial reports, and taxation requirements
- Provided the loopholes/audit-Related gaps which helped the client's PNL growth, Assist with documentation process controls including performing walk-throughs and reviewing the testing of controls.
Student Intern
Cinfy Systems - Coding Pathshala
Jabalpur
10.2020 - 03.2021
- I worked as an Intern in cinfy System which is a part of Jabalpur Incubation center
- In that, my role is VAPT i.e.Vulnerability Assessment and Penetration Testing in both Linux and windows and tools which I used to penetrate the website like JIC and E-commerce are Nmap, Mysql, Burp Suite, Nikto, Metasploit, Splank, Wireshark, Nessus, and Pro-discover.
- Cinfy System is a part of Jabalpur Incubation center
Education
Master of Technology - CyberSecurity
Jain (Deemed-to-be University)
Bangalore 08.2019 - 06/2021
Bachelor's of Engineering - Information Technology
Gyan Ganga Institute of Technology Sciences
Jabalpur 08.2015 - 06.2019
Skills
- ISO27001
- ISO27002:2022
- Risk Management
- IT Audit
- Audit (internal and external)
- Vendor risk management/TPRM
- Cybersecurity analysis
- TRS Audit
- Project Management
- Security Audit
- Security Controls
- Risk Assessment
- Vendor risk management
- Process Improvement
- IT Governance Compliance
- Vulnerability Assessment
- Compliance Monitoring
- Security Auditing
- Risk Assessment
Certification
Cisco Certified Network Security Specialist (CNSS)
Languages
- Hindi, Advanced
- English, Fluent
Personal Information
- Date of Birth: 06/14/96
- Nationality: Indian
Languages
English
Advanced (C1)
C1
Hindi
Proficient (C2)
C2
Timeline
IT Auditor
Cornerstone OnDemand
11.2024 - Current
Consultant
Deloitte
07.2024 - 11.2024
Senior Risk Analyst
Deloitte
05.2022 - 06.2024
Risk Analyst
Deloitte
09.2021 - 05.2022
Student Intern
Cinfy Systems - Coding Pathshala
10.2020 - 03.2021
Master of Technology - CyberSecurity
Jain (Deemed-to-be University)
08.2019 - 06/2021
Bachelor's of Engineering - Information Technology
Gyan Ganga Institute of Technology Sciences
08.2015 - 06.2019