About
ISO 27001 Lead Auditor and Third-Party Risk Management (TPRM) professional with a solid background in Governance, Risk, and Compliance (GRC). Skilled in conducting risk assessments, performing vendor due diligence, and applying industry standards such as ISO 27001 to strengthen organizational security posture. Proficient in preparing clear risk reports, identifying control gaps, and collaborating with cross-functional stakeholders to enhance risk management processes and ensure continuous compliance.
Skills & Expertise (9)
Work Experience
Junior Associate
Atos Global IT Solutions
Nov 2021 - Apr 2024
Collaborated with various cross-functional teams to strengthen vendor risk governance. Developed and presented audit reports, risk findings, and remediation plans to senior management, ensuring timely resolution of identified risks. Continuously monitored third-party vendors through security ratings, and incident tracking to mitigate evolving risks. Ensured Vendors regulatory compliance by supporting internal/external audits and regulatory reviews.
Associate Analyst
Optiv
Jun 2024 - Jul 2025
Conducted ISO 27001 audits and Third-Party Risk Management (TPRM) audits for banks and financial institutions, ensuring adherence to regulatory and industry standards. Led vendor due diligence assessments, evaluating third-party security controls through risk assessments and security questionnaires to mitigate supply chain risks. Managed the end-to-end audit process, including scoping, planning, execution, reporting, and post-audit follow-ups, ensuring closure of identified compliance gaps.
Information Security Analyst
ResourcePro
Jul 2025 - Present
Participate in internal audits and prepare evidence for ISO 27001 audits. Collaborated with external auditors, furnished required documents and evidence, and supported audit walkthroughs for ISO 27001. Worked on reviewing and supporting SOC 1 and SOC 2 audit requirements by understanding control objectives, gathering relevant evidence, and providing all required reports and documentation to external auditors. Performed regular mobile device audits to verify policy compliance, monitored control deviations, and prepared detailed audit reports. Handled exceptions and exemptions, validated requests, coordinated approvals, updated the tracker, and followed up until closure. Assisted in delivering security awareness programs and reinforcing employee adherence to information security policies. Collaborated with IT and security teams to implement ISO 27001 controls, monitor their effectiveness, and address any compliance gaps. Conducted spot audits and provided security compliance awareness to ensure adherence to organizational policies.
Education
B.E. - Jain Institute of Technology (affiliated to VTU)
2017 - 2020 · Afghanistan
