Mohiuddin Shaik
Hyderabad
Summary
Cybersecurity and IT Risk Management professional with 5+ years of experience in developing and operationalizing risk, compliance, and governance programs. Proven expertise in conducting enterprise-wide risk assessments, managing third-party cyber risks, and ensuring compliance with ISO 27001, NIST, and SOC2 frameworks. Strong background in vulnerability management, automation, and cross-functional collaboration. Skilled at translating technical cybersecurity issues into actionable business insights to improve enterprise resilience and regulatory compliance.
Overview
6
6
years of professional experience
1
1
Certification
Work History
Senior GRC Analyst
UltraViolet Cyber
09.2022 - Current
- TPRM Strategy & Automation Leadership: Transformed the Third-Party Risk Management (TPRM) function by shifting it from a largely manual, reactive workflow to a streamlined, automation-driven operating model.
- Established a strategic framework that strengthened vendor oversight, improved compliance alignment, and significantly shortened assessment turnaround times.
- Executed deep-dive security and compliance reviews on external vendors to evaluate cybersecurity posture, identify gaps, and validate readiness against corporate and regulatory standards.
- Cyber Risk Management: Played an active role in enterprise-level cybersecurity risk programs by identifying emerging risks, evaluating their impact, and supporting mitigation planning.
- Applied standardized risk-reporting practices to document threats, assess severity, and outline clear remediation steps tailored to stakeholders.
- Led formalized risk reviews to gather comprehensive risk details and guide business units with actionable recommendations.
- Risk Assessment & OneTrust (RATP Implementation): Developed and deployed an ISO 27001:2022-compliant Risk Assessment and Treatment Plan (RATP) framework within OneTrust. Performed likelihood and impact analysis, assigned treatment activities to responsible owners, and ensured continuous tracking of remediation progress.
- Data Analytics & Reporting: Built and maintained automated PowerBI-based analytical dashboards to provide daily, weekly, and monthly reporting on TPRM performance, enabling leadership visibility and data-driven decisions.
- Automation & Process Optimization: Supported the Loopio automation effort to streamline customer security questionnaire responses, increasing speed, accuracy, and consistency.
- Managed enhancement initiatives for BitSight and OneTrust to improve risk scoring transparency and optimize vendor evaluation workflows.
- Incident & Process Improvement Initiatives: Designed and rolled out vendor escalation pathways in ServiceNow to improve issue tracking and accountability.
- Created standardized incident-handling processes and built a vendor incident reporting questionnaire for consistent, structured documentation.
- OneTrust Governance & Configuration: Created templates for TPRM assessments, reassessments, and M&A workflows.
- Configured advanced risk rules, automated workflows, and inherent risk logic to support governance and improve assessment consistency.
- AI-Driven Innovation: Built a customized ChatGPT-based solution for TPRM to accelerate document analysis and vendor evaluation, reducing manual review efforts and improving assessment quality.
- Cross-Functional Collaboration: Worked closely with Cyber Threat Intelligence (CTI), Incident Response (IR), Supplier Management, and M&A teams on reassessments, diligence reviews, and integration activities.
Associate Consultant
Ernst & Young Pvt Ltd
04.2022 - 09.2022
- Performing Third Part Risk assessments on the supplier who is providing services to the client.
- Supporting coordinating, tracking and reporting of TPRM team strategy and goals.
- Following up with the vendors on open gaps and ensure the identified gaps are remediated as per agreed timeline.
Associate Professional Software Engineer-Infosec
DXC Technology
06.2020 - 03.2022
- Note: Secured campus placement during final year, commencing work prior to graduation due to COVID-19.
- Worked with information security audit team to complete quarterly audits in scope as per annual calendar.
- Performed evidence collection, control testing, and walkthroughs across key IT domains - access management, change management, and backup procedures.
- Participated in post-audit review meetings, communicating findings and recommending control enhancements to senior stakeholders.
- Assisted in developing audit dashboards and metrics reports, improving visibility into compliance performance and remediation progress.
- Supported internal audits by preparing and validating audit documentation, risk registers, and remediation plans.
Education
Bachelor of Technology B.Tech - Electronic And Communication Engineering (ECE)
MJCET
Hyderabad09-2020
High School Diploma -
VNRVJIET
Hyderabad04-2017
Skills
- OneTrust
- BitSight
- ServiceNow
- Risk Management
- TPRM
- Cloud Security
- Creativity
- Third-party risk management
- Cybersecurity compliance
- Risk assessment frameworks
- Automation techniques
- Cross-functional collaboration
- Teamwork
- Communication
- Problem-solving
- Leadership
- Time management
Certification
- ISO 27001 LA
- IS2CC
- AZ 900
- Aviatrix Multi Cloud Certification
Timeline
Senior GRC Analyst
UltraViolet Cyber
09.2022 - Current
Associate Consultant
Ernst & Young Pvt Ltd
04.2022 - 09.2022
Associate Professional Software Engineer-Infosec
DXC Technology
06.2020 - 03.2022
Bachelor of Technology B.Tech - Electronic And Communication Engineering (ECE)
MJCET
High School Diploma -
VNRVJIET