Kshitiz Agrawal

GRC Presales

• Responsible for Governance, Risk and Compliance support for RFP / RFQ / RFI received from clients from various domain (BFSI, Healthcare, Resources, etc).
• End to End Presales support at different stages of Scoping, Pricing, Solution Finalization, Solution Bid Defense, Due Diligence and support Service Demos with Service Delivery Team.
• Versed with Compliances from different regions specifically US (HIPAA, SOX, CCPA), Europe (GDPR) and APAC (PDPA Singapore, AUS and NZ Privacy Act)
• Knowledge on GRC Automation Tools: RSA Archer and MetricStream
• Engagement with clients in Gap analysis for regulatory requirements and industry standards
• IT Compliance, Audits and controls testing catering to standards such as ISO 27001, NIST 800, SOC2.

GRC Practice

1. Third Party Risk Management

• Understand all aspects of Client’s TPRM Governance structure such as Risk Appetite, Risk Tolerance, Risk Acceptance Process; identify opportunities and provide inputs on process improvement.
• Onboarded & Conducted risk assessments on multiple vendors to analyze control gaps using ProcessUnity Tool.
• Validated vendor’s responses on controls and establish follow-up processes. Identified critical controls & created a list of artifacts to be reviewed for each assessment.
• Presented findings to key stakeholders. Coordinated with business and vendors on issue remediation.

2. Control Testing & Compliance Management

• Spearheaded a comprehensive SOX compliance transition project for a consumer products company, intricately defining project scope and aligning it with regulatory standards.
• Implemented a systematic control identification and mapping process, ensuring precise alignment with critical infrastructure elements and regulatory requirements.
• Orchestrated control testing procedures, meticulously validating evidences and identifying exceptions, contributing to a robust and auditable compliance framework.
• Collaborated seamlessly with cross-functional teams, fostering transparent stakeholder communication through detailed reporting on compliance status, exceptions, and remediation efforts.
• Initiated and drove continuous improvement initiatives, leveraging lessons learned to optimize control frameworks and enhance overall efficiency in the compliance management process.

Information Security

• Conducted 150+ Internal Assessments of projects from various domain (BFSI, Healthcare, Resources) and clients to report compliance of Contractual Requirements. These assessments enhanced the data security of various projects and brought more business to Accenture.
• Facilitated ISMS Assessments for various corporate functions.
• Organized Information Security Sessions for the resources and various corporate functions.
• Facilitated Client Audits & Visits, prepared reports & held presentations to improve IS Practices.