About
IT Compliance and Information Security professional with 11+ years of experience in IT Governance, Risk & Compliance, IT General Controls testing, SOC 1 / SOC 2 compliance, ISO 27001 implementation, and healthcare regulatory frameworks. Proven experience leading security compliance programs, managing internal and external audits, and implementing enterprise security controls and TPRM. Skilled in risk management, vendor risk assessments, BCP/DR testing, data privacy compliance, and continuous control monitoring to strengthen organizational security posture.
Skills & Expertise (19)
Work Experience
Operations Manager – IT Compliance
Reliance General & Reliance Health
Mar 2018 - Feb 2020
Conduct ITGC testing and compliance reviews across multiple applications including internal and third-party platforms. Review MSAs, SoWs, and vendor contracts to ensure alignment with information security and regulatory requirements. Support SOC / SSAE 18 audits and regulatory compliance initiatives. Implement continuous control monitoring (CCM) programs to improve visibility of security and operational risks. Identify and implement process improvements to strengthen IT governance and risk management frameworks. Coordinate with internal and external stakeholders through project status meetings and audit governance reviews.
Manager – Compliance
ICICI Lombard
Jul 2013 - Mar 2018
Conduct quarterly privileged access reviews to ensure compliance with organizational access control policies. Implement GRC processes and compliance monitoring mechanisms to track security controls and risk indicators. Perform IT control gap analysis and risk assessments, providing recommendations to strengthen control environments. Develop and maintain data protection policies and procedures aligned with regulatory requirements. Serve as liaison for data protection and privacy related regulatory inquiries. Monitor changes in privacy regulations and data protection laws and communicate updates to stakeholders.
Compliance Manager, Healthcare-IT
Reliance General
Aug 2023 - Present
Lead enterprise IT compliance and security governance programs aligned with ISO 27001, SOC 1, SOC 2, and Healthcare frameworks. Develop and implement information security policies, standards, and security controls to mitigate enterprise risk. Manage internal, client, and external security audits, ensuring timely remediation of audit findings. Lead BCP and Disaster Recovery testing, validating recovery capabilities and documenting improvements. Oversee risk management initiatives, cyber defense strategies, and data protection programs. Lead a team of security analysts and compliance professionals, ensuring delivery of audit and compliance objectives. Represent the information security function in client meetings, compliance reviews, and regulatory audits. Collaborate with cross-functional teams including legal, operations, and IT to support compliance initiatives.
Quality Analyst
TATA Business
Aug 2011 - Jul 2013
Supported IT operational audits and quality assurance reviews. Coordinated audit walkthroughs, stakeholder meetings, and compliance documentation. Assisted in troubleshooting system issues and monitoring system performance. Managed IT support activities including network configuration and system maintenance.
Education
B.Tech – Information Technology - Jawaharlal Nehru Technological University
- 2010 · Afghanistan
