Irshad Khan

Expertise in information security management, risk assessments, and
compliance audits to ensure adherence to information security and
regulatory standards.
Experienced in reviewing SOC 1 & 2, conducting TPRM, ITGC testing, and
ensuring compliance with ISO and NIST CSF frameworks.
Skilled in auditing third-party vendors, assessing their security posture, and
implementing best practices to mitigate associated risks effectively.
Led risk audits for global clients across APAC, US, UK, and Europe,
focusing on business optimization and risk mitigation strategies.
Coordinated cybersecurity initiatives with CISOs and security teams to align
cybersecurity practices with the organizationʼs overall business goals.
Possesses strong knowledge of HIPAA compliance, ensuring regulatory
adherence and data privacy for U.S. clients in healthcare sectors.
Proficient with risk assessment tools such as OneTrust, ServiceNow, DMS,
SAP Ariba, and UpGuard for auditing and evaluating security risks.
Strong interpersonal skills that foster collaboration, teamwork, and high
levels of client satisfaction promote strong, productive business
relationships.
Consistently delivered high-quality work within deadlines, earning
recognition for exceptional project completion and maintaining long-term
client satisfaction.
Skilled in using risk assessment tools like Onetrust, ServiceNow, GMS,
DMS, Archer, SAP Ariba, and UpGuard to audit and evaluate security risks.
Conduct walkthroughs, including documentation and process flow, for
validating the design effectiveness testing and operating effectiveness of
ITGCs, proposing remediation of controls based on deficiencies identified,
and drafting observations and risks.
Performing control testing on the external party's environment to check
compliance against the NIST cyber security framework.
Ensuring compliance with internal policies (audit methodology and risk
management) and regulatory requirements.
Security review for technical projects before implementation & assessing
the information security risks.
Monthly and quarterly dashboards are released to all the business
stakeholders for all the assigned accounts at the organisation and
engagement level.
Performing a risk assessment audit as per the control of information
security management system control framework library (CFL),
and NIST Framework.
Responsible for internal process governance, risk & compliance,
information security management system, cyber security, ITGC, TPRM.
Risk Review with Engagements as different aspects with baseline and
contractual requirements from MSA and SOW as per client requirement.

Expertise in information security management, risk assessments, and
compliance audits to ensure adherence to information security and
regulatory standards.
Experienced in reviewing SOC 1 & 2, conducting TPRM, ITGC testing, and
ensuring compliance with ISO and NIST CSF frameworks.
Skilled in auditing third-party vendors, assessing their security posture, and
implementing best practices to mitigate associated risks effectively.
Led risk audits for global clients across APAC, US, UK, and Europe,
focusing on business optimization and risk mitigation strategies.
Coordinated cybersecurity initiatives with CISOs and security teams to align
cybersecurity practices with the organizationʼs overall business goals.
Possesses strong knowledge of HIPAA compliance, ensuring regulatory
adherence and data privacy for U.S. clients in healthcare sectors.
Proficient with risk assessment tools such as OneTrust, ServiceNow, DMS,
SAP Ariba, and UpGuard for auditing and evaluating security risks.
Strong interpersonal skills that foster collaboration, teamwork, and high
levels of client satisfaction promote strong, productive business
relationships.
Consistently delivered high-quality work within deadlines, earning
recognition for exceptional project completion and maintaining long-term
client satisfaction.
Skilled in using risk assessment tools like Onetrust, ServiceNow, GMS,
DMS, Archer, SAP Ariba, and UpGuard to audit and evaluate security risks.
Conduct walkthroughs, including documentation and process flow, for
validating the design effectiveness testing and operating effectiveness of
ITGCs, proposing remediation of controls based on deficiencies identified,
and drafting observations and risks.
Performing control testing on the external party's environment to check
compliance against the NIST cyber security framework.
Ensuring compliance with internal policies (audit methodology and risk
management) and regulatory requirements.
Security review for technical projects before implementation & assessing
the information security risks.
Monthly and quarterly dashboards are released to all the business
stakeholders for all the assigned accounts at the organisation and
engagement level.
Performing a risk assessment audit as per the control of information
security management system control framework library (CFL),
and NIST Framework.
Responsible for internal process governance, risk & compliance,
information security management system, cyber security, ITGC, TPRM.
Risk Review with Engagements as different aspects with baseline and
contractual requirements from MSA and SOW as per client requirement.

Reported security assessments and risk management to CIS, CISO, and client function.
Conducted ITGC control testing and third-party risk assessments.
Led GCP integration testing and managed security incident tracking.
Performed risk assessments with SAP Ariba and UpGuard for security evaluations.
Developed disaster recovery plans, ensuring business continuity and policy alignment.
Ensured compliance with internal policies, regulatory frameworks, and contracts.
Conducted risk reviews and baseline assessments and produced reports.
Performed desktop assessments via VDI/Citrix and developed SOPs for incident response.
Aligned security practices with global frameworks (ISO 27001, NIST CSF, etc.).
Audited ISMS compliance, managed remediation efforts, and updated risk registers.

HCL
Led GRC initiatives across client projects, including ISMS and risk management.
Managed TPRM audits, ensuring compliance and risk mitigation.
Oversaw ISMS implementation and audits for banking, healthcare, and retail clients.
Conducted risk assessments across three verticals: applications, infrastructure, and BPO.
Ensured infrastructure and application security compliance for Health care sector, Banking, IT, Retail and insurance
sectors.
Coordinated cross-functional teams to align business objectives with compliance.
Reviewing business continuity and disaster recovery plans.
Release the Monthly and quarterly dashboards to all the business stakeholders.
Facilitated client reviews and escalated issues for timely resolution.
Aligned security practices with global frameworks (ISO 27001, NIST CSF, etc.).
Led enterprise and engagement-level risk assessments for global clients.

Conducted ISMS audits, documenting and addressing findings.
Provided HITRUST compliance evidence and coordinated with US auditors.
Maintained risk register and documentation, ensuring compliance.
Developed risk management policies and streamlined assessments.
Reviewed and ensured HIPAA policy compliance.
Led monthly reviews and created escalation reports for compliance tasks.

Conducted internal audits per ISMS and ISO 9001:2015 standards for Information Security and Quality Management.
Performed process audits to ensure compliance with procedures and standards.
Submitted detailed audit reports to senior management within deadlines.
Led monthly reviews, providing escalation reports to ensure timely audit completion.
Communicated audit findings to facilitate decision-making at the management level.

Conducted ISMS and ISO 9001:2015 QMS audits for compliance.
Collaborated with US clients for effective audit execution.
Coordinated RCA and CAPA reports with departments.
Implemented a global management system organization-wide.