Associate GRC Professional with Audit & Compliance Expertise

DHAWAN MN

Bangalore, Karnataka *********@*****.*** +91-903******* linkedin.com

Associate GRC professional with consulting experience in audit support, risk assessments, and control testing across SOC 2, ITGC, and ISO 27001 engagements.

WORK EXPERIENCE

Associate - Governance, Risk and Compliance Grant Thornton Advisors LLC 2024 - Present

● Assisted in ISO/IEC 27001 ISMS implementations by defining scope, identifying assets, and performing risk assessments, helping reduce audit observations.

● Executed compliance reviews across ISO 27001, SOC 2, ITGC, and internal control frameworks, identifying control gaps and assisting remediation to improve governance.

● Coordinated SOC 2 Type I and Type II engagements, overseeing audit evidence collection across access management, change management, incident response, and vendor oversight controls.

● Performed risk analysis by assessing likelihood and impact, linking risks to mitigating controls, and monitoring action plans, improving risk closure rates by 25% within one audit cycle.

● Conducted third-party risk assessments for vendor onboarding and compliance due diligence, improving visibility into vendor risk exposure.

● Updated and refined information security policies, standards, and procedures to align with business operations and reduce audit clarification requests.

● Managed audit evidence, tracked observations, and drafted management responses, improving audit acceptance by 15% and minimizing rework.

● Collaborated with Legal, IT, Engineering, and Product teams to interpret control requirements and implement corrective actions, accelerating audit readiness and issue resolution.

● Delivered security awareness initiatives by developing training content and monitoring participation, improving overall organizational security awareness.

SKILLS

GRC Audit Frameworks:

ISO/IEC 27001 SOC 1 SOC 2 SOX NIST Cybersecurity Framework (CSF) NIST SP 800-53 COBIT COSO ITIL IT Audit and Controls:

IT General Controls (ITGC) Access Management and IAM Reviews Change Management Logging and Monitoring Controls Regulatory and Compliance Controls

Risk and Compliance:

Risk Assessment and Remediation Gap Analysis Policy and Procedure Review Audit Planning and Execution Third-Party Risk Management (TPRM) Vendor Risk Assessments GDPR Compliance Cloud Security HIPAA Tools and Reporting:

Microsoft Excel Microsoft Word PowerPoint SharePoint CERTIFICATIONS

● Information Security Management Systems Certified Lead Implementer (ISO/IEC 27001:2022)

● Governance, Risk and Compliance (CGRC)

● Navigating privacy in AI: Insights for Data Privacy Day 2025 ACHIEVEMENTS

● Received the Best Excellence Award for outstanding contribution to audit and compliance initiatives at Grant Thornton.

● Participated in CSR activities, including delivering educational sessions and teaching support to NGO beneficiaries, helping improve learning engagement.

EDUCATION

Bachelor of Science 2019 - 2022

Nrupathunga University - Mathematics CGPA - 7.9

12th Grade 2018 - 2019

MES PU College CGPA - 8

Contact this candidate