Summary
Overview
Work History
Education
Skills
Websites
Certification
Tools and Software
Timeline
Generic

SATHYA A M

Summary

Cybersecurity and IT risk professional with over 8 years of experience specializing in governance, risk, and compliance (GRC), regulatory assessments, IT audit, and data privacy (GDPR, HIPAA, PDPB). Proven expertise in managing RCSAs, regulatory gap assessments, audit readiness, and enhancing the Technology Control Environment. Strong background in cybersecurity awareness programs, risk reporting, and test data privacy initiatives. Certified ISO 27001:2013 Lead Auditor and DSCI DCPLA, with a track record of aligning technology and business strategies to improve risk management and compliance.

Overview

8
8
years of professional experience
1
1
Certification

Work History

IT Risk Associate

IG
08.2022 - Current
  • Maintained the Technology Control Environment by conducting regular Risk and Control Self-Assessments (RCSA) to identify, assess, and update technology risks in line with regulatory obligations and industry best practices.
  • Identified key IT risk areas by reviewing internal processes and ensuring relevant controls were current and effectively managed.
  • Collaborated with 2LOD and control owners on RCSA and OneSumX control attestations, offering recommendations to enhance control effectiveness and remediate identified gaps.
  • Reviewed third-party assurance reports (SOC1/SOC2) to evaluate the risk posture and control effectiveness of critical technology vendors.
  • Supported internal and external audits by coordinating stakeholder walkthroughs, gathering audit evidence, and addressing audit queries across all stages of the audit lifecycle, from readiness to closure.
  • Led policy governance by aligning internal controls with frameworks such as PCI DSS, MAS, DFSA, COBIT, NIST, COSO, ITIL, DORA, and ISO 27001.
  • Maintained and updated the policy and control documentation repository, collaborating with stakeholders to track policy changes and provide feedback on draft policies, procedures, and frameworks.
  • Reviewed control deficiencies and advised control owners on remediation strategies to improve control design and ratings.
  • Contributed to regulatory and industry standards gap assessments (e.g., MAS, PCI DSS, DFSA etc), identifying misaligned controls and supporting teams in aligning with emerging regulatory requirements
  • Took ownership of the Control Action List (CAL) closure process, engaging with action owners, issuing proactive reminders, and ensuring timely resolution of audit and risk issues.
  • Prepared and contributed to senior management reports highlighting CAL progress, team priorities, and overall risk posture.
  • Managed risk issues through Problem Management, including raising, tracking, and escalating issue tickets to support timely resolution.
  • Fostered a risk-aware culture across technology teams by promoting proactive risk identification and embedding risk management practices through cross-functional collaboration.
  • Partnered with business and technical teams to integrate risk insights into operational processes, supporting IG's operational resilience goals.

Risk Analyst

GE Corporate
01.2020 - 07.2022
  • Ensuring regulatory compliance for the upcoming Indian Data protection Bill regulatory requirements. Conducted dry runs as part of the assessment on the business applications.
  • Supporting Internal Audit based on ISO/IEC 27001:2013 ISMS
  • Program excellence and risk prioritization by conducting non-authorized software, non-authorized USB identification, Incidents, top attacked users exercise for regions across the globe & reviewing the results for corrective actions and reduced the number of incidents by 70% over a year
  • Identifying, assessing & tracking the risks as part of risk management
  • Conducting Cyber Security awareness trainings in India & across other regions for 5k employees/contractors
  • Implementing Global regional cyber security metrics through BI Analytics tool
  • Provide Phishing as a service to the across business within the organisations.

Risk Specialist

GE Digital
02.2017 - 12.2019
  • Provided Test Data Management services across GE Businesses to run discovery and scrambling activity on critical applications which contains the personally identifiable information/PII, PHI w.r.t GDPR, HIPPA & other country specific regulations.
  • Excellent backend skills in creating SQL objects like Tables, Stored Procedures, Views, Indexes, Triggers, Rules, Defaults, and functions also contributed resolving ongoing operational challenges
  • Experienced in Sisense Business Intelligence (BI) software in creating and launched the dashboard for data visualizations

Education

BE - Computer science

Visvesvaraya Technology University
Bangalore
01-2016

High School Diploma -

Karnataka State Board
Bangalore
01-2012

Skills

  • Cybersecurity and information security risk
  • Governance, risk, and compliance (GRC)
  • IT audit and risk assessment
  • Risk and Control Self-Assessments (RCSA)
  • Regulatory compliance (GDPR, HIPAA, ISO 27001)
  • Privacy and data protection (PII, PDPB)
  • Technology control environment
  • Cybersecurity awareness and training
  • Policy governance and control mapping
  • Regulatory gap assessment
  • Stakeholder engagement
  • Audit coordination
  • Risk assessment and management
  • Control effectiveness
  • Compliance management

Certification

  • DCPLA - DSCI Certified privacy Lead assessor 2020
  • CQI and IRCA ISO/IEC 27001:2013 ISMS Lead Auditor 2021-2026

Tools and Software

  • GRC & Risk Platforms: OneSumX, ServiceNow (SNOW), JIRA
  • Test Data management &Cybersecurity Awareness Tools: Mentis, PhishMe (Cofense)
  • BI & Automation: Sisense, Microsoft Power Automate
  • Terminal & File Transfer Tools: iTerm, PuTTY, WinSCP
  • Databases: Oracle 11g/10g/12g, MS SQL Server 2012/2008, MySQL, PostgreSQL
  • SQL Tools: SQL Developer, custom scripts for data validation/reporting

Timeline

IT Risk Associate

IG
08.2022 - Current

Risk Analyst

GE Corporate
01.2020 - 07.2022

Risk Specialist

GE Digital
02.2017 - 12.2019

BE - Computer science

Visvesvaraya Technology University

High School Diploma -

Karnataka State Board

Similar Profiles

CREATE PROFILE
SATHYA A M