About
Senior IT Auditor, TPRM Analyst, and Offshore IT Audit Team Lead with 4+ years of experience conducting end-to-end vendor risk assessments. Proficient in reviewing SOC 2 Type II, ISO 27001, ISO 27701, HITRUST CSF, and NIST 800-53 frameworks, and conducting risk assessments for healthcare SaaS platforms, IoT, and medical device environments. Proven track record in leading QA reviews, managing audit workflows, and delivering executive-level risk reporting with a sub-2% error rate across offshore audit operations. Deep expertise in vendor security questionnaire reviews, gap analysis, risk rating, risk reporting, and remediation tracking. Adept at bridging offshore and onshore teams, maintaining SLA compliance, and driving process improvements that reduce turnaround time and improve audit throughput. Holding CEH, ISO/IEC 27001 Lead Auditor, and ISO/IEC 27701 Lead Auditor certifications, with strong knowledge in Information Security, Privacy Compliance, Third-Party Risk Management, and GRC. Currently pursuing CISA.
Skills & Expertise (22)
Work Experience
Senior IT Auditor and TPRM Analyst | Offshore IT Audit Team Lead
Kalpa Consulting Services
Dec 2021 - Apr 2026
Conducted comprehensive risk-based assessments of third-party vendors by analyzing security questionnaires (NIST 800-53, CIS Controls, SIG Lite/Full, ISO 27001, and custom frameworks) for onboarding and periodic reassessments. Performed detailed reviews of vendor security questionnaires for regulated healthcare environments — including medical devices and healthcare SaaS platforms — ensuring alignment with HIPAA, HITRUST, NIST, and industry compliance requirements. Mapped vendor questionnaire responses, security certifications (SOC 2 Type II, ISO 27001, HITRUST), and audit reports to internal control requirements to validate control coverage and effectiveness. Reviewed and evaluated audit evidence including policies, procedures, penetration test reports, vulnerability scans, certifications, and system screenshots; documented findings in risk management database for enhanced tracking and reporting. Analyzed vendor reports to document risk findings, assign risk ratings, and provide prioritized remediation recommendations aligned with client risk appetite and regulatory requirements. Performed gap analysis of security frameworks and certifications, identifying control weaknesses and areas for improvement across vendor portfolios. Prepared executive risk summaries that articulated key findings, risk ratings, and prioritized remediation plans for U.S.-based healthcare clients and senior management, facilitating informed decision-making. Validated vendor submitted remediation evidence to confirm effective implementation of corrective actions prior to risk closure, maintaining audit integrity and documentation standards. Led Quality Assurance (QA) reviews across the offshore team, achieving a <2% error rate in final deliverables and maintaining compliance with established quality standards prior to delivery. Managed case assignments and workload distribution across the team; developed weekly tracking metrics and a structured feedback repository to improve operational efficiency and reporting transparency. Served as primary offshore point of contact for the client, ensuring SLA adherence and timely delivery of audit assessments across multiple concurrent engagements. Contributed to process improvement initiatives that streamlined vendor assessment workflows, enhancing turnaround time and throughput across offshore audit team. Prepared, reviewed, and updated information security policies, standards, and procedures aligned with organizational and regulatory requirements.
Education
Master of Technology (M. Tech) in Electrical Engineering - JNTUK
2016 - 2018 · India
Certifications
Certified ISO 27001:2022 Lead Auditor
Exemplar Global · 2026
Certified ISO 27701:2025 Lead Auditor
Mastermind · 2026
Certified Ethical Hacker
EC- Council · 2025
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Need Sponsorship
Relocation
Depends on Offer
Skills (22)
Click a skill to find developers with the same skill
