Summary
Overview
Work History
Education
Skills
JOB ROLES AND RESPONSIBILITIES
Timeline
Generic

CHETAN SK

Bengaluru,KA

Summary

Experienced ITGRC professional specializing in IT Governance, Risk, and Compliance. Strong expertise in IT General Controls, Third-Party Risk Management, SOX compliance, and Information Security. Proven track record implementing ISMS frameworks aligned with ISO 27001, managing regulatory compliance (SOX, GDPR, HIPAA), and conducting thorough risk assessments. Skilled in developing and enforcing IT policies, optimizing audit processes, and utilizing GRC tools to enhance organizational security and resilience.

Overview

10
10
years of professional experience

Work History

SPECIALIST

LTIMINDTREE
12.2022 - Current
  • Currently Working as “SPECIALIST” with LTIMINDTREE from Dec 2022 to Present.

CONSULTANT

CAPGEMINI
11.2021 - 12.2022
  • Worked as a “CONSULTANT” at CAPGEMINI from Nov 2021 to Dec 2022.

ASSISTANT MANAGER

DELOITTE
04.2021 - 11.2021
  • Worked as an “ASSISTANT MANAGER” at DELOITTE from April 2021 to Nov 2021.

ASSOCIATE CONSULTANT

KPMG
11.2019 - 09.2020
  • Worked as an “ASSOCIATE CONSULTANT” at KPMG from Nov 2019 to Sep 2020.

SYSTEMS ENGINEER

TCS
09.2015 - 02.2019
  • Worked as a “SYSTEMS ENGINEER” at TCS from Sep 2015 to Feb 2019.

Education

Bachelor of Engineering -

Visveswaraya Technological University
01.2015

PUC - PCMB

SBR PU College
01.2011

SSLC - undefined

CBSE Board
01.2009

Skills

  • IT Governance, Risk, and Compliance (ITGRC)
  • Third-Party Risk Management (TPRM)
  • IT General Controls (Access, Change, Operations)
  • SOX Compliance and IT Audit Coordination
  • Information Security Management System (ISMS)
  • Risk Assessment and Vulnerability Management
  • ISO 27001 Implementation and Auditing
  • Data Privacy and Regulatory Compliance (GDPR, HIPAA, PCI DSS)
  • GRC Tools (eg, RSA Archer, ServiceNow, MetricStream)
  • Incident Response and Root Cause Analysis

JOB ROLES AND RESPONSIBILITIES

  • Developed and maintained an ITGRC framework, ensuring compliance with SOX, GDPR, and ISO 27001 standards.
  • SOX 404, SOX Compliance, Logical access, Change Management, SOC2, ISO 27001:2013 and PCI DSS.
  • Microsoft Office (Word, excel, PowerPoint) Basic knowledge of HIPPA and Hi-Trust Compliances & Standards, Internal Audit, ISO/IEC 27001, Risk Assessment & Management, and Vulnerability Assessments.
  • Basic knowledge of, PCI DSS, Vendor Assessments, GDPR Compliance Corporate Audits, IT General Controls Advisory Solution Risk Advisory Team Management, Reporting & Documentation.
  • PCI DSS, ITGC, ISO 27001/02, TPRM, Internal Audits, SOC2 Enterprise Risk Assessments, Security Operations, Business Continuity Planning, Vulnerability Assessment. Vulnerability Management, Change Management Procedures.
  • Conducted risk-based IT audits of the IT Environment and evaluated against technical controls and operating procedures.
  • Identify and evaluate business and technology risks, internal controls that mitigate risks, and opportunities to improve internal controls within the organization in line with the changing business needs
  • Responsible for ensuring audit findings and evidence are collected, reviewed, remediated, and presented clearly and concisely to the Management teams
  • Responsible for documenting audit procedures, recommending remediation plans, and follow-up to validate the implementation
  • Performed Data Security, Data Retention/Intellectual Property, Physical Security, EHS
  • Review system-generated reports, logs, audit reports, vulnerability test results, and penetration test reports
  • Worked closely with the global Cyber Security, Legal, and Privacy teams to implement security controls and regulatory requirements consistently across all vendor engagements.
  • Conducted ITGC testing across key areas, including access management, change management, and system operations, reducing audit findings by 30%.
  • Led Third-Party Risk Management (TPRM) processes, evaluating vendor compliance with security and privacy standards, and mitigating risks through detailed assessments.
  • Designed and implemented ISMS policies and procedures, achieving ISO 27001 certification within a targeted timeline.
  • Coordinated internal and external IT audits, ensuring timely resolution of control gaps and maintaining a 95% compliance score.
  • Conducted periodic risk assessments to identify vulnerabilities and develop mitigation strategies, reducing overall IT risk exposure by 25%.
  • Collaborated with cross-functional teams to monitor SOX controls, ensuring compliance with regulatory requirements and supporting audit readiness.
  • Performed third-party security assessments, reviewing vendor contracts, SLAs, and compliance documentation to ensure alignment with organizational security policies.
  • Led the review and enhancement of IT policies, ensuring they aligned with COBIT and NIST cybersecurity frameworks.
  • Automated compliance reporting using GRC tools, streamlining risk tracking and reducing manual effort by 40%.
  • Managed the implementation of security controls and risk assessments as part of the organization’s ISMS, achieving GDPR compliance.
  • Oversaw vulnerability assessments and penetration testing, collaborating with IT teams to remediate identified weaknesses.
  • Conducted security awareness training, improving employee understanding of data privacy and IT security best practices.
  • Supported incident response activities, including investigation, root cause analysis, and development of corrective actions.
  • Created detailed reports and dashboards for senior management to monitor the effectiveness of security and compliance initiatives.
  • Implemented an ITGC framework that reduced audit findings by 30% and enhanced control effectiveness.
  • Conducted third-party risk assessments for 50+ vendors annually, mitigating potential security risks and ensuring compliance with organizational standards.
  • Led an organization-wide ISO 27001 implementation project, achieving certification within 12 months.
  • Automated compliance monitoring using RSA Archer, reducing manual effort by 40% and improving reporting accuracy.
  • Achieved ISO 27001 certification within 12 months by leading ISMS implementation, including policy development and risk assessments.
  • Reduced ITGC audit findings by 35% through the development and enforcement of robust access and change management controls.
  • Developed a scalable Third-Party Risk Management framework, reducing vendor-related security incidents by 20%.
  • Responsible for assisting in the Pre-auditing preparation and supporting SMEs in RFI activities for various internal / External auditing like ISO 27001 (ISMS), PCI DSS, SOC, etc.

Timeline

SPECIALIST

LTIMINDTREE
12.2022 - Current

CONSULTANT

CAPGEMINI
11.2021 - 12.2022

ASSISTANT MANAGER

DELOITTE
04.2021 - 11.2021

ASSOCIATE CONSULTANT

KPMG
11.2019 - 09.2020

SYSTEMS ENGINEER

TCS
09.2015 - 02.2019

PUC - PCMB

SBR PU College

SSLC - undefined

CBSE Board

Bachelor of Engineering -

Visveswaraya Technological University
CHETAN SK