Aryan Thanki

adu1qh@r.postjobfree.com

240-***-****

SUMMARY

Experienced GRC Analyst with a proven track record in risk assessments, compliance audits, and incident response. Skilled in developing and implementing risk management plans, policies, and procedures. Led internal and external audits for SOC 2 Type 1 & 2, ISO 27001, and SOX compliance resulting in improved organizational posture. Proficient in using tools such as BitSight, Nessus, and Excel for automated vulnerability detection and management, and vendor risk assessments. Strong leadership, project management, and communication skills. WORK EXPERIENCE

THREATQUOTIENT, INC -Ashburn, VA

GRC Analyst, Jan 2020 - Present

• Conducted risk assessments and developed risk management plans for the organization's IT systems and processes

• Conducted regular compliance audits and assessments for industry regulations and standards such as GDPR, PCI-DSS, NIST SP 800-53, HIPPA and HITRUST, and developed and implemented corrective actions to address any identified non-compliances

• Led the internal and external audit process for SOC 2 Type 1 & 2, ISO 27001, and SOX compliance, and developed and implemented recommendations to improve the organization's compliance posture.

• Led the development and maintenance of the organization's ISO 27001-compliant ISMS, resulting in a significant improvement in the organization's information security posture.

• Implemented automated vulnerability detection and management processes, resulting in a reduction in the number of vulnerabilities and an improvement in the organization's overall security posture

• Enforced and conducted Security Awareness and Training using KnowBe4. Reduced number of Phishing incidents.

• Reviewed contracts such as SLA, NDA, and MSA with appropriate stakeholders

• Assisted in the development and maintenance of the organization's data protection and incident response policies and procedures

• Led the development of a risk management framework that was adopted by the organization, resulting in a reduction in the number of security incidents

• Developed and delivered training on data protection and incident response to staff, improving their awareness and understanding of these critical issues

•Created, updated, reviewed Policy and Procedures by identifying best practices, creating policies and procedures, and monitoring compliance with those policies.

2

VISTRADA -New York, NY

Risk Analyst, Jan 2019 – Nov 2020

• Proficiency in software and tools such as the Microsoft Office, and Google suite

•Using tools like Excel to analyze data, identify trends and present findings and recommendations to management and relevant stakeholders

• Experience with cybersecurity and data protection best practices, including the implementation of security controls such as Access control, change management, encryption, etc.

• Dealt with on-boarding vendors, sending/creating, and managing questionnaires such as SIG Core and Light, RFP, and RFI

•Assisted in the development and maintenance of the organization's data protection and incident response policies and procedures by reviewing and updating existing policies and procedures, and developing new ones as needed to ensure the organization was prepared for data breaches and other security incidents.

• Proficient in Third-Party Vendor Risk Management by assessing vendors' security controls, identifying and assessing potential risks, and working with vendors to address those risks

• Assessed documents such as SOC 2 Type 2, Incident response, etc.

• Proficient in Third-Party Vendor Risk Management

• Implemented continuous monitoring of vendors using tools such as BitSight, resulting in improved visibility and oversight of third-party risks, leading to a reduction in potential vulnerabilities and incidents.

• Implemented automated vulnerability detection and management processes by utilizing tools such as Nessus, and reviewing the results on a regular basis, prioritizing the vulnerabilities based on their risk level, and implementing appropriate mitigation strategies to reduce or eliminate them.

• Created, updated, developed risk registers, resulting in a more comprehensive and effective risk management program

• Monitored and reported on compliance with security policies and procedures, resulting in increased adherence to security best practices and standards

SKILLS:

• Time management

• Microsoft Excel

• Leadership

• Project Management

• Communications

• Presentation Skills

• Time management

• Documentation review, developing and implementing TOOLS:

• Jira

• Asana

• ServiceNow

3

• KnowBe4

• VenMinder

• Zendesk

• ZenGRC

• ProcessUnity

• BitSight

• RSAM

• Salesforce

CERTIFICATIONS

● Security+

● CISA- in progress

EDUCATION

Richard Montgomery High School

• Diploma

Montgomery College

• Cyber Security Degree -in progress

Contact this candidate