CHETAN SK

Experienced ITGRC professional specializing in IT Governance, Risk, and Compliance. Strong expertise in IT General Controls, Third-Party Risk Management, SOX compliance, and Information Security. Proven track record implementing ISMS frameworks aligned with ISO 27001, managing regulatory compliance (SOX, GDPR, HIPAA), and conducting thorough risk assessments. Skilled in developing and enforcing IT policies, optimizing audit processes, and utilizing GRC tools to enhance organizational security and resilience.

• Developed and maintained an ITGRC framework, ensuring compliance with SOX, GDPR, and ISO 27001 standards.
• SOX 404, SOX Compliance, Logical access, Change Management, SOC2, ISO 27001:2013 and PCI DSS.
• Microsoft Office (Word, excel, PowerPoint) Basic knowledge of HIPPA and Hi-Trust Compliances & Standards, Internal Audit, ISO/IEC 27001, Risk Assessment & Management, and Vulnerability Assessments.
• Basic knowledge of, PCI DSS, Vendor Assessments, GDPR Compliance Corporate Audits, IT General Controls Advisory Solution Risk Advisory Team Management, Reporting & Documentation.
• PCI DSS, ITGC, ISO 27001/02, TPRM, Internal Audits, SOC2 Enterprise Risk Assessments, Security Operations, Business Continuity Planning, Vulnerability Assessment. Vulnerability Management, Change Management Procedures.
• Conducted risk-based IT audits of the IT Environment and evaluated against technical controls and operating procedures.
• Identify and evaluate business and technology risks, internal controls that mitigate risks, and opportunities to improve internal controls within the organization in line with the changing business needs
• Responsible for ensuring audit findings and evidence are collected, reviewed, remediated, and presented clearly and concisely to the Management teams
• Responsible for documenting audit procedures, recommending remediation plans, and follow-up to validate the implementation
• Performed Data Security, Data Retention/Intellectual Property, Physical Security, EHS
• Review system-generated reports, logs, audit reports, vulnerability test results, and penetration test reports
• Worked closely with the global Cyber Security, Legal, and Privacy teams to implement security controls and regulatory requirements consistently across all vendor engagements.
• Conducted ITGC testing across key areas, including access management, change management, and system operations, reducing audit findings by 30%.
• Led Third-Party Risk Management (TPRM) processes, evaluating vendor compliance with security and privacy standards, and mitigating risks through detailed assessments.
• Designed and implemented ISMS policies and procedures, achieving ISO 27001 certification within a targeted timeline.
• Coordinated internal and external IT audits, ensuring timely resolution of control gaps and maintaining a 95% compliance score.
• Conducted periodic risk assessments to identify vulnerabilities and develop mitigation strategies, reducing overall IT risk exposure by 25%.
• Collaborated with cross-functional teams to monitor SOX controls, ensuring compliance with regulatory requirements and supporting audit readiness.
• Performed third-party security assessments, reviewing vendor contracts, SLAs, and compliance documentation to ensure alignment with organizational security policies.
• Led the review and enhancement of IT policies, ensuring they aligned with COBIT and NIST cybersecurity frameworks.
• Automated compliance reporting using GRC tools, streamlining risk tracking and reducing manual effort by 40%.
• Managed the implementation of security controls and risk assessments as part of the organization’s ISMS, achieving GDPR compliance.
• Oversaw vulnerability assessments and penetration testing, collaborating with IT teams to remediate identified weaknesses.
• Conducted security awareness training, improving employee understanding of data privacy and IT security best practices.
• Supported incident response activities, including investigation, root cause analysis, and development of corrective actions.
• Created detailed reports and dashboards for senior management to monitor the effectiveness of security and compliance initiatives.
• Implemented an ITGC framework that reduced audit findings by 30% and enhanced control effectiveness.
• Conducted third-party risk assessments for 50+ vendors annually, mitigating potential security risks and ensuring compliance with organizational standards.
• Led an organization-wide ISO 27001 implementation project, achieving certification within 12 months.
• Automated compliance monitoring using RSA Archer, reducing manual effort by 40% and improving reporting accuracy.
• Achieved ISO 27001 certification within 12 months by leading ISMS implementation, including policy development and risk assessments.
• Reduced ITGC audit findings by 35% through the development and enforcement of robust access and change management controls.
• Developed a scalable Third-Party Risk Management framework, reducing vendor-related security incidents by 20%.
• Responsible for assisting in the Pre-auditing preparation and supporting SMEs in RFI activities for various internal / External auditing like ISO 27001 (ISMS), PCI DSS, SOC, etc.