Summary
Overview
Work History
Education
Skills
Languages
Standards & Frameworks
Timeline
Generic
Taran Bemune

Taran Bemune

Hyderabad

Summary

Dynamic and results-driven IT GRC professional with 4+ years of experience in IT General Controls (ITGC), Third-Party Risk Management (TPRM), ISO 27001 compliance, Vulnerability Management, and Vendor Risk Governance. Proven track record in implementing security controls, ensuring regulatory compliance, and driving risk mitigation strategies across complex IT environments.

Overview

6
6
years of professional experience

Work History

Risk Analyst

Winnow IT Services Pvt Ltd
10.2020 - Current
  • Led development and implementation of IT governance frameworks aligned with ISO 27001, NIST CSF, COBIT, and CIS Controls.
  • Conducted comprehensive ITGC assessments evaluating design and operational effectiveness of controls across key IT processes.
  • Monitored compliance with internal policies and external regulations; prepared detailed risk-rated audit reports for senior management.
  • Collaborated with external auditors to support IT audits, certifications, and timely delivery of audit evidence.
  • Designed and delivered GRC training programs to enhance organizational awareness of ISO 27001 and compliance obligations.
  • Established and managed an enterprise-wide Vulnerability Management Program covering network, application, and cloud assets.
  • Coordinated periodic vulnerability scans using tools such as Qualys/Tenable; prioritized findings using CVSS scoring and business impact.
  • Aligned vulnerability management lifecycle with NIST SP 800-40 and ISO 27001 Annex A controls for continuous risk reduction.
  • Built and maintained a TPRM framework covering onboarding, periodic assessments, and offboarding of third-party vendors.
  • Conducted risk-tiered vendor assessments evaluating data privacy, cybersecurity posture, operational resilience, and regulatory compliance.
  • Leveraged BitSight and RiskRecon for continuous vendor monitoring, tracking risk score trends and triggering reassessments on degradation.
  • Drove remediation of vendor control gaps by issuing risk exception requests, remediation plans, and contractual security clauses.
  • Ensured vendor engagements comply with PCI DSS, GDPR, CCPA, SOX, and HIPAA; maintained compliance evidence for audit readiness.
  • Served as the primary point of contact for all third-party risk inquiries; collaborated with Procurement and Legal for contract negotiations.
  • IT GRC & Audit

Education

Master of Science - Computer Science

Silicon Valley University
California, USA
08-2016

Skills

  • Risk assessment
  • IT audit
  • GRC
  • PCI DSS
  • ISO 27001
  • NIST
  • COBIT
  • ITGC
  • Incident Response
  • Vulnerability Management
  • Vendor Risk Management
  • TPRM
  • CIS Controls
  • BitSight
  • ServiceNow GRC
  • Qualys
  • Data Visualization

Languages

  • Telugu
  • Hindi
  • English

Standards & Frameworks

  • ISO 27001
  • PCI DSS
  • NIST CSF
  • COBIT
  • CIS Controls
  • GDPR
  • SOX
  • HIPAA
  • CCPA
  • SOC 2

Timeline

Risk Analyst

Winnow IT Services Pvt Ltd
10.2020 - Current

Master of Science - Computer Science

Silicon Valley University

Similar Profiles

CREATE PROFILE
Taran Bemune