Summary
Overview
Work History
Education
Skills
Certification
Languages
Tools
Timeline
Generic

Smriti Kushwaha

Hyderabad

Summary

Dynamic GRC Lead Auditor with extensive experience at Eclat Health Solutions, specializing in ISO 27001 compliance and risk assessment. Proven track record in delivering impactful training and enhancing governance activities. Adept at stakeholder collaboration and audit reporting, driving process improvements to ensure robust information security and compliance frameworks.

Overview

7
7
years of professional experience
1
1
Certification

Work History

GRC LEAD AUDITOR

ECLAT HEALTH SOLUTIONS
04.2024 - Current
  • Led the transition from ISO 27001:2013 to ISO 27001:2022, ensuring compliance with updated standards.
  • Conducting gap assessments and risk assessments on key infrastructure, identified risk areas, and provided detailed reports with recommendations.
  • Delivering training sessions on various Information Security and Cybersecurity topics.
  • Performing internal audits, including HITRUST audits, identified risk areas, and prepared comprehensive reports with conclusions and actionable recommendations within ISMS-scoped areas.
  • Managing client audits, responded to RFPs, and ensured compliance with security and privacy requirements.
  • Working on SOC 2 compliance requirements.
  • Organizing and conducted Information Security and Privacy awareness programs and training sessions for employees across the organization.
  • Developing policies, procedures, and essential templates for various departments to enhance security and compliance.
  • Fully responsible for governance-related activities, ensuring adherence to regulatory and compliance standards.

AUDIT EXECUTIVE

EXTERNETWORKS INDIA PRIVATE LIMITED
11.2022 - 03.2024
  • Team Member part of Audit and compliance supporting the ongoing activities related to ISO 27001:2013, 20000-1:2018, 9001:2015.
  • Conduct Gap assessment, Risk Assessment on the key infrastructure, identify risk areas and prepare reports with recommendations.
  • Conducting Internal Audits, reporting areas of risks, preparing conclusions and recommendations for appropriate actions within ISMS Scoped areas.
  • Working on SOC2 requirements.
  • Conduct Information Security and Privacy awareness and training programs for the employees across the organization.
  • Working on framing Policies, Procedures and required templates for various departments.

ASSOCIATE

09.2021 - 10.2022
  • Team Member part of Audit and compliance supporting the ongoing activities related to ISO 27001:2013, 22301:2019.
  • Review of existing corporate Information Security Policies and supporting the team in writing new policies for the organization with respect to ISO 27001:2013.
  • Conduct Gap assessment on the key infrastructure, identify risk areas and prepare reports with recommendations.
  • Conducting Internal Audits, reporting areas of risks, preparing conclusions and recommendations for appropriate actions within ISMS Scoped areas.
  • Involved in Customer audits and worked on Customer audit findings and taken into compliance/closure.
  • Validate Change Management docs / incident management docs.
  • Conduct Information Security and Privacy awareness and training programs for the employees across the organization.

ASSOCIATE

03.2021 - 07.2021
  • Assist Compliance Manager in creating/modifying policies, procedures, review documents, guidelines.
  • Conduct audits of across organization as per requirements ISO 27001:2013.
  • Conduct Information Security Audits / awareness sessions.
  • Conduct Information Risk Management.
  • Periodic Monitoring of all the key Information Security Domains for all the support functions and the Delivery Functions.
  • Monitoring includes - Review of evidence, Gap Assessment, Root Cause Analysis, and initiating the steps for implementation of Corrective actions.

SENIOR EXECUTIVE

Cognizant Technology Solutions
08.2018 - 01.2020
  • Involved in the Internal, and External audits.
  • Collaborate with the relevant stakeholders for the purpose of conveying and or gathering information required to perform audit duties.
  • Gather Audit evidence and liaison with Auditors and auditees.
  • Review Audit evidence for the accuracy and perform integrity checks, and identify/document the observations.
  • Resolve Audit issues.
  • Review Reports for accuracy and completeness.
  • Review Audit Documents for accuracy and, where needed, update them.

Education

B.E - Electrical Engineering

Vindhya Institute of Technology and Science
06.2017

Intermediate -

Christ Jyoti Senior Secondary School
06.2013

High School -

Christ Jyoti Senior Secondary School
06.2011

Skills

  • ISO 27001 compliance
  • Risk assessment
  • Internal auditing
  • Policy writing
  • Information security
  • SOC 2 compliance
  • Gap assessment
  • Client management
  • Governance activities
  • Audit reporting
  • Training delivery
  • Stakeholder collaboration
  • Information security awareness
  • Process improvement
  • Audit plan development
  • Risk mitigation strategies
  • BIA, BCP
  • HIPAA Compliance

Certification

  • ISO 27001:2022 Information Security Management System Lead Auditor
  • ISO 27701:2019 Privacy Information Management System Lead Auditor
  • ISO 22301:2019 Business Continuity Management System Lead Auditor
  • ISO 31000:2018 Risk Management Guuidelines

Languages

  • English
  • Hindi

Tools

  • JIRA
  • ServiceNow
  • Service Desk Plus
  • KnowBe4 training tool
  • Microsoft Word and Excel
  • Hitrust My CSF

Timeline

GRC LEAD AUDITOR

ECLAT HEALTH SOLUTIONS
04.2024 - Current

AUDIT EXECUTIVE

EXTERNETWORKS INDIA PRIVATE LIMITED
11.2022 - 03.2024

ASSOCIATE

09.2021 - 10.2022

ASSOCIATE

03.2021 - 07.2021

SENIOR EXECUTIVE

Cognizant Technology Solutions
08.2018 - 01.2020

B.E - Electrical Engineering

Vindhya Institute of Technology and Science

Intermediate -

Christ Jyoti Senior Secondary School

High School -

Christ Jyoti Senior Secondary School

Similar Profiles

CREATE PROFILE
Smriti Kushwaha