Summary
Overview
Work History
Education
Skills
Accomplishments
Certification
TOOLS & PLATFORMS
Timeline
Generic

SHASHANK TANWAR

Hyderabad,TG

Summary

Certified GRC Manager and Lead Auditor with 14+ years in IT, 9+ years in Security. Proven track record delivering 100% audit readiness, reducing security gaps by 30% and leading risk frameworks aligned with ISO 27001, NIST CSF, IRAP, SOC2, SOX, GDPR and CIS Controls.

Overview

16
16
years of professional experience
1
1
Certification

Work History

Senior Principal Information Security Analyst

Skillsoft
12.2023 - Current
  • - Led ISO 31000/NIST CSF risk assessments for AWS environments, reducing security gaps by 30%.
  • - Designed enterprise compliance program aligned to ISO 27001, SOX, SOC2, IRAP, GDPR and CIS Controls.
  • - Executed IRAP assessment, achieving compliance with Australian Government ISM standards.
  • - Authored and standardized 10+ policies and process documents to improve audit evidence quality.
  • - Conducted gap analysis across four workstreams to establish unified risk management processes.

Senior Consultant – Cybersecurity and Compliance

Wipro
07.2022 - 11.2023
  • - Delivered ITGC and SOX audits for multi-cloud environments achieving 100% regulatory compliance and zero major findings.
  • - Led control assessments for AWS workloads aligned to ISO 27001 and NIST CSF.
  • - Updated 15+ security policies to strengthen regulatory alignment and audit readiness.
  • - Improved audit evidence turnaround by 25% through streamlined processes.

Information Security Consultant

Kyndryl Inc. (formerly IBM)
05.2019 - 07.2022
  • - Directed Third-Party Risk Management program including assessments, remediation planning and contract reviews.
  • - Conducted SOC2 and GDPR compliance assessments across cloud environments, reducing audit findings by 20%.
  • - Developed risk control plans based on ISO 31000 improving organizational security posture.
  • - Collaborated with stakeholders to close audit findings and mitigate risks.

Senior Consultant – Risk and Compliance

Capgemini India
12.2017 - 04.2019
  • - Implemented cloud control testing strategies ensuring alignment with ISO 27001 and NIST CSF.
  • - Coordinated internal and external audits to ensure regulatory compliance.
  • - Managed vendor risk assessments, enhancing due diligence and mitigation plans.

Specialist – Information Security

DCM Data Systems
08.2016 - 06.2017
  • - Led IT control compliance projects achieving ISO 27001 readiness.
  • - Executed internal and external audits reducing non-compliance findings by 20%.

Associate Consultant

Microland Ltd.
01.2014 - 01.2016
  • - IAM audits and stakeholder management.

Associate Professional

CSC India Pvt. Ltd.
01.2010 - 01.2014
  • - IT messaging administration for US clients.

Education

MBA -

NMIMS University
01.2023

BCA - undefined

Monad University
01.2021

Diploma - Electronics and Communication Engineering

Board of Technical Education
01.2010

Skills

  • - Enterprise Risk Assessment & Management (ISO 31000, NIST CSF)
  • - Internal Audit & Control Testing (ITGC, SOX, SOC2)
  • - Policy Development & Compliance Frameworks
  • - Regulatory Alignment (ISO 27001, GDPR, IRAP)
  • - Control Gap Analysis & Remediation
  • - Vendor & Third-Party Risk Management
  • - Cloud Security Governance (AWS, Azure)
  • - Framework Integration & Audit Evidence Management
  • Strategic leadership
  • Organizational development
  • Team collaboration
  • Verbal and written communication
  • Relationship building and networking
  • Training and mentoring

Accomplishments

  • - Delivered 100% audit readiness across SOX, SOC2, IRAP frameworks.
  • - Reduced security gaps by 30% through targeted risk assessments.
  • - Authored 10+ standardized policies improving audit evidence quality.

Certification

  • - ISO 27001:2013 Lead Auditor (IRCA Accredited)
  • - AWS Certified Cloud Practitioner
  • - Azure AZ-900 & AZ-104 Certified
  • - Google Cloud Digital Leader
  • - ITGC and SOX Implementor Certified
  • - ISC2 Certified in Cybersecurity
  • - ISO 31000:2018 Risk Management (Trained)
  • - ITIL V3 Foundation Certified

TOOLS & PLATFORMS

  • - OneTrust, AuditBoard, Jira, O365, ServiceNow
  • - Actively preparing for the CISA exam (expected completion: August 2025)

Timeline

Senior Principal Information Security Analyst

Skillsoft
12.2023 - Current

Senior Consultant – Cybersecurity and Compliance

Wipro
07.2022 - 11.2023

Information Security Consultant

Kyndryl Inc. (formerly IBM)
05.2019 - 07.2022

Senior Consultant – Risk and Compliance

Capgemini India
12.2017 - 04.2019

Specialist – Information Security

DCM Data Systems
08.2016 - 06.2017

Associate Consultant

Microland Ltd.
01.2014 - 01.2016

Associate Professional

CSC India Pvt. Ltd.
01.2010 - 01.2014

BCA - undefined

Monad University

Diploma - Electronics and Communication Engineering

Board of Technical Education

MBA -

NMIMS University

Similar Profiles

CREATE PROFILE
SHASHANK TANWAR