Summary
Overview
Work History
Education
Skills
Accomplishments
Certification
Timeline
Generic
Shandeep Krishnan Moorthy

Shandeep Krishnan Moorthy

Manager - Information Security GRC
Chennai

Summary

Senior Technology & Cyber Risk professional with 17+ years of IT experience and 10+ years in Information Security, Technology Risk, Internal Audit, Control Assurance, and Governance, Risk & Compliance (GRC). Proven experience operating in second line-of-defence and partnering with first line-of-defense teams to provide independent challenges, oversight, and guidance across ICS and Technology Risk domains. Strong background in regulatory engagement, RCSA, risk appetite reporting, SOX, ITGC, NIST, ISO 27001, SOC1/SOC2, vulnerability management, IAM, and third-party risk. Experienced in financial services, pharmaceuticals, and regulated enterprise environments with strong stakeholder management and executive communication skills.

Talented Manager with expert team leadership, planning, and organizational skills built during successful career. Smoothly equip employees to independently handle daily functions and meet customer needs. Diligent trainer and mentor with exceptional management abilities and results-driven approach.

Overview

16
16
years of professional experience
7
7
Certificates
4
4
years of post-secondary education

Work History

Manager – IT Security / Technology & Cyber Risk

Guidehouse Inc
06.2022 - Current
  • Operate as senior technology and cyber risk partner providing independent challenge and oversight to 1LoD teams.
  • Lead enterprise-wide ICS and Technology Risk assessments, including ITGC, IAM, SOC1/SOC2, ISO 27001, GDPR, HIPAA and CIS benchmarks.
  • Own vulnerability management governance, penetration testing coordination, phishing simulations, and remediation tracking.
  • Perform third-party / vendor security risk assessments and review control environments against regulatory and policy requirements.
  • Oversee Risk & Control Self-Assessments (RCSA), maintain risk register, track issues, and ensure timely mitigation.
  • Prepare and review risk papers, risk metrics, and executive updates for senior leadership and CISO sign-off.
  • Lead security exception governance forums, providing risk-based recommendations and supporting informed decision-making.
  • Support regulatory and audit engagements, including evidence management, responses to findings, and remediation assurance.
  • Deliver internal risk awareness and control training to technology and business stakeholders.

Senior Consultant – Cyber Security & Technology Risk

AstraZeneca
03.2015 - 06.2022
  • Performed SOX ITGC and technology risk assessments aligned to NIST and internal governance frameworks.
  • Led IAM risk assessments, access reviews, and control assurance across joiners, movers, leavers and privileged access.
  • Executed internal audits, self-assurance reviews, and design effectiveness testing for key technology controls.
  • Coordinated with external auditors and stakeholders on audit queries, evidence, and remediation plans.
  • Identified, documented, and tracked control gaps, operational risks, and compliance issues to closure.
  • Supported risk appetite monitoring and management reporting for technology and security risk domains.

Sr. Systems Engineer

Hexaware Technologies Ltd
07.2014 - 03.2015
  • Supported data center deployments, VM migrations, and infrastructure operations with security and change controls.
  • Managed VMware and Hyper-V environments, ensuring stability, availability, and compliance with IT policies.

Sr. Systems Engineer

Hexaware Technologies Ltd
05.2012 - 03.2014
  • Executed large-scale data center deployments and migrations with focus on control, risk, and change management.

Assoc. Infrastructure Specialist

UST Global Technologies
06.2012 - 06.2012
  • Managed HP server infrastructure across 45 global data centers, supporting operational risk and availability controls.

Senior Engineer – IT

Merrill Corporation India Pvt Ltd
11.2009 - 04.2012
  • Member of Windows server operations team supporting 75+ global data centers.
  • Provided Level 3 support for 1500+ physical and virtual servers, ensuring high availability and operational risk controls.

Education

B. Tech - Information Technology

Anna University
06.2003 - 04.2007

MBA - Business Consulting & Strategy

BITS Pilani
10.2025 - Current

Skills

Operational Risk Management

Technology Risk Management

Cybersecurity Risk (ICS)

Second Line of Defence (2LoD)

First Line of Defence (1LoD) Oversight

Governance, Risk & Compliance (GRC)

Enterprise Risk Management Framework (ERMF)

Risk & Control Self-Assessment (RCSA)

Risk Appetite & KRI/KPI Reporting

Regulatory Engagement & Regulatory Change Management

ITGC, SOX, SOC1, SOC2

Team leadership

Operations management

Performance management

Workforce management

Staff development

Strategic planning

Decision-making

Employee onboarding

Vendor management

Policy implementation

Accomplishments

    Orchestrated ISO 27001 recertification and surveillance audits, ITGC SOX internal audits, Designed and implemented the third party security management program a consulting company from the scratch, Conducted multiple risk assessment program including PEN testing and Phishing simulation campaigns and helped organization to close/reduce/mitigate the security gaps/risks.

Certification

CISM – Certified Information Security Manager (ISACA)

Timeline

MBA - Business Consulting & Strategy

BITS Pilani
10.2025 - Current

Manager – IT Security / Technology & Cyber Risk

Guidehouse Inc
06.2022 - Current

Senior Consultant – Cyber Security & Technology Risk

AstraZeneca
03.2015 - 06.2022

Sr. Systems Engineer

Hexaware Technologies Ltd
07.2014 - 03.2015

Assoc. Infrastructure Specialist

UST Global Technologies
06.2012 - 06.2012

Sr. Systems Engineer

Hexaware Technologies Ltd
05.2012 - 03.2014

Senior Engineer – IT

Merrill Corporation India Pvt Ltd
11.2009 - 04.2012

B. Tech - Information Technology

Anna University
06.2003 - 04.2007
Shandeep Krishnan MoorthyManager - Information Security GRC