Loveleen Mahna
Information Security Professional, Lead Implementer, Lead Auditor, Process Manager, and Project Manager
Noida
Summary
Information Security Professional with over 18 years of experience, specializing as a Lead Implementer, Lead Auditor, Process Manager, and Project Manager. Holds a CISA certification, demonstrating strong proficiency in IT auditing, control, and assurance. Adept in Third-Party Risk Management (TPRM) and Vendor Risk Assessments, with hands-on experience in evaluating vendor security postures and managing risk across cloud and on-prem environments.
Expert in conducting internal and external audits across platforms including AWS, Azure, GCP, and standards such as ISO/IEC 27001:2018, ISO/IEC 20000-1:2018, ISO 9001:2015, SOC 2, OPS Hi5, and Cisco Gold. Skilled in managing multiple projects simultaneously, ensuring delivery aligned with SLAs and client expectations. Proficient in preparing process documentation, conducting feasibility studies, and performing initial risk assessments.
Experienced in Governance, Risk & Compliance (GRC), including implementation of GRC frameworks, control testing, risk register management, and regulatory compliance. Familiar with tools like ServiceNow GRC, Archer, and MetricStream to streamline risk and compliance processes.
Strong background in ITIL-based process development, conducting awareness sessions, and training teams on ITSM tools and practices. Known for driving operational excellence through structured process improvement and stakeholder engagement.
Overview
9
9
Certifications
Work History
- Performed third-party risk tiering and risk assessments for multiple clients into third-party utilities, consumer, IT and banking sectors. In addition, was responsible for preparing and reporting overall TPRM operational activities status on a monthly basis.
- Led the implementation of GRC frameworks to align IT operations with regulatory requirements and business objectives, ensuring robust risk mitigation and compliance tracking.
- Conducted risk assessments and control evaluations across multiple business units, helping identify gaps and recommend actionable remediation plans.
- Collaborated with internal audit and compliance teams to streamline reporting processes and enhance visibility into risk posture using automated dashboards.
- Managed policy lifecycle and control mapping within GRC platforms like RSA Archer and ServiceNow GRC, improving governance efficiency.
- Facilitated stakeholder workshops to drive awareness and adoption of GRC processes, resulting in improved compliance scores and reduced audit findings.
- Oversaw end-to-end ITSM process design and optimization, including Incident, Problem, Change, and Request Management using ServiceNow.
- Implemented ITIL best practices to improve service delivery and reduce mean time to resolution (MTTR) across critical IT services.
- Led cross-functional teams in the rollout of self-service portals and knowledge bases, enhancing user experience and reducing ticket volumes.
- Monitored SLAs and KPIs to ensure consistent service performance and drive continuous improvement initiatives.
- Developed TPRM policy, standard and procedures to manage risks associated with third parties for multiple clients into consumer and IT sectors. In addition, developed supporting control inventories and artifacts to execute TPRM program activities such as third-party risk tiering, risk assessment, issue and exception management, and terminate & offboard.
- Performed Business Impact Assessment and Legal & Regulatory assessments for business applications and IT infrastructure and provide defensible recommendations on technical , physical and administrative control implementation based on assessment findings while balancing the cost versus benefits.
- Established IT Risk Management, ISO Standards, Policies, Procedures, Objectives and ongoing risk & controls monitoring / reporting in multiple projects.
- Established and drafted processes, policies and guidelines based on ISO 27001:2013, SOX,SOC,ISO 20000-1:2011 and ISO 20000-1:2018 for multiple global clients.
- Identify and assess inherent risk and residual risk across various domains including, Asset Management, Identity and Access Management, Application Security, Data Protection, Network Protection, Configuration, Back-up & Restoration and design & implemented controls for the same for Banking, insurance, Oil & Gas industries.
- Designed/updated cyber security policy documents on the following domains: Access Management, Backup Management, Data Retention, Cryptography, Incident Management, Asset Management, End User Management and Information Classification and Acceptable Usage as per ISO 27001:2013 standard, IT Act 2000 and Industry Best Practices for various industries.
- Drafted & implemented on-boarding & off-boarding, BCP/ BCM, Cyber Crisis Management processes along with Playbooks, SOPs for future references.
- Worked with multiple clients on developing and implementing SLAs and KPIs for effective operations across organization providing streamlined and less error-based transitioning.
- Executed end to end AWS MSP, Azure and GCP external audit which benefited the organization by getting waiver for both audit fee & next year audit.
- Performed internal audits for various sectors like Insurance, BFSI, Real estate etc. thereby focusing on data classification, access management and privacy controls basis RBI guidelines, IRDAI guidelines, and ISO 27001:2013.
- Conducted process and technical audits to ensure compliance with company policies and contractual requirements. Implemented ISO 27001:2013, ISO 9001:2008, 20000-1:2011 and 20000-1:2018 in Domestic Networks Operations Centre (DNOC), Technical Assistance Centre (TAC), IB-Tools and Cloud Operations for multiple clients across various sectors like Banking, Insurance, Health, Logistics etc.
- Conducted application , security and gap analysis assessments for multiple global customers and have delivered solutions, risk mitigation plan etc. to ensure business compliance & assurance and Conducted internal audit, Shadow audit for managed services projects and publishing reports to management. Successful executed various cloud audits (AWS, Azure, GCP, Cisco, SAP) successfully without NC and Observation.
- Implemented ISO 27001:2013, ISO 9001:2008, 20000-1:2011 and 20000-1:2018 in Domestic Networks Operations Centre (DNOC), Technical Assistance Centre (TAC), IB-Tools and Cloud Operations for multiple clients across various sectors like Banking, Insurance, Health, Logistics etc.
- Implemented ISO 27001:2013,20000-1:2011 standards in National Stock Exchange Operations Management Centre (NSE_OMC).
- Successful executed various cloud audits (AWS, Azure, GCP, Cisco, SAP) successfully without NC and Observation.
- Executed end to end AWS MSP, Azure and GCP external audit which benefited the organization by getting waiver for both audit fee & next year audit.
- Enabled digitally mature cloud operations empowered by process intelligence & automation tools e.g., Power BI.
- Conducted pre audits to detect any grey areas and bring it to closure before adversely impacting any of the regulatory audits such as ISO/IEC,SOC,SOX,FSA, Cloud audits etc. for multiple global clients .
- Keeping RBI standards at state identified factors causing deficient internal control conditions and remediation courses of action to improve controls and prepares the audit report.
- Monitoring and reports program performance against service level agreements and performance standard, initiating improvement actions when opportunities are identified.
- Manage audits to evaluate whether policies and Processes are designed & Operating effectively & Provide recommendations for improvement.
- Managing the complete range of project phases/activities right from initiation, technical planning , scheduling implementation & testing, customer acceptance and operational handover.
Education
MBA - Project & Quality
BCA Graduate - undefined
Skills
Governance, Risk & Compliance (GRC)
ISO 27001 Lead Implementer & Lead Auditor
Vendor Risk Assessments & Due Diligence
ITIL v3/v4 Framework Implementation
Vulnerability Management & Remediation
Certification
CISA Certified
Previous Organization Details:
- HCL ( March 2006 to Dec 2021)
- Tech M( Jan 2022 to May 2022)
- KPMG (June 2022 to Jan 2024)
- Protiviti (Jan 2024 to Mar 2025)
- EY India (Mar 2025 to till date)
Timeline
BCA Graduate - undefined
MBA - Project & Quality
Similar Profiles
Nathan AkliluNathan Aklilu
Volunteer at NAVolunteer at NA
Adrián Pópulo QuirogaAdrián Pópulo Quiroga
Canguro at NACanguro at NA
Zach StevensonZach Stevenson
FAA Ground Instructor at NAFAA Ground Instructor at NA
Cameron FowlerCameron Fowler
Tutor at NATutor at NA
DEEPAK AGARWALDEEPAK AGARWAL
Senior Director of Products at Mogli Labs India Pvt LtdSenior Director of Products at Mogli Labs India Pvt Ltd