Divya MK
https://www.linkedin.com/in/divyarun0701
Summary
TPRM professional with 5.1 years of experience managing vendor onboarding, security questionnaires, and full-cycle risk assessments. Experienced in assessing information security and cybersecurity controls and supporting organizations in enhancing security posture and overall risk maturity.
Overview
5
5
years of professional experience
4
4
years of post-secondary education
1
1
Certification
Work History
EY - Assistant Manager
01.2025 - Current
- Led and managed TPRM consultants and managed multiple projects, overseeing end-to-end execution of third-party risk assessments across multiple industries, ensuring strong governance, quality, and alignment with client expectations.
- Conducted and reviewed high-risk vendor assessments across security, operational, compliance, and resilience domains, including quality checks (QC) of evidence, documentation, and due diligence reports to ensure accurate risk identification.
- Facilitated stakeholder discussions, governance reviews, and fieldwork sessions; managed resource planning and delivery tracking while driving continuous process improvements.
- Executed and supported TPRM assessments using tools such as ServiceNow, ProcessUnity, TPRM AI, and Appian to enhance efficiency and standardization.
- Evaluated third-party/vendor risks by reviewing onboarding documents, security questionnaires, and compliance requirements.
- Monitored vendor performance and risk posture by tracking issues, managing follow-ups, and ensuring timely remediation of identified risks.
- Performed control mapping between internal policies and industry frameworks (e.g., ISO 27001, NIST), ensuring alignment and identifying control gaps.
- Supported rationalisation and standardisation of controls by eliminating duplicates and improving control clarity and coverage.
- Conducted vendor data cleansing activities by validating, standardizing, and de-duplicating vendor records to improve data accuracy and reporting.
- Assisted in maintaining vendor master data by identifying inconsistencies, missing information, and ensuring data quality across systems.
KPMG - Executive
01.2021 - 01.2025
- Led offshore team for a major US retail client, overseeing third-party risk assessments, ITGC/ITAC testing, due diligence reporting, and periodic client status meetings while ensuring high-quality, accurate, and timely deliverables.
- Managed end-to-end reporting and governance activities, including preparing quarterly TPRM metrics, weekly status updates, maintaining project trackers, and reviewing team outputs for quality assurance and stakeholder alignment.
- Supported tool implementations (ServiceNow, Appian) through UAT participation, trained new team members, and contributed to technical knowledge development within the Technology Risk Management (TRM) practice.
Education
Master of Computer Applications - CyberSecurity -
JAIN UNIVERSITY
04.2025 - 04.2026
Bachelor of Computer Applications -
Jindal First Grade College for Women
06.2017 - 01.2020
Skills
- TPRM
- Risk Management
- Leadership and Team Building
- Project Management
- GRC Tool(ServiceNow, Appian, ProcessUnity, TPRM AI)
Certification
- Microsoft Azure Fundamentals (AZ-900)
- ISO 27001 Lead Auditor
- Pursuing CISA & ISO 42001
Accomplishments
- Recognized with multiple awards including Extraordinary Awards (2025-26), Busy BEE (4×), Spot Lite, Round of Applause, and Extra Mile (2024)
- Consistently earned 10/10 CSAT scores across engagements
- Received outstanding appraisal ratings
- Earned continuous client appreciation for high-quality, efficient delivery
Timeline
Master of Computer Applications - CyberSecurity -
JAIN UNIVERSITY
04.2025 - 04.2026
EY - Assistant Manager
01.2025 - Current
KPMG - Executive
01.2021 - 01.2025
Bachelor of Computer Applications -
Jindal First Grade College for Women
06.2017 - 01.2020