Focused on IT Governance, Risk, and Compliance (GRC), with a target of entering Big 4 Risk Advisory and BFSI security roles. Building domain expertise through structured certifications, cloud security fundamentals, and formal ISM training at SCIT Pune.
The context behind the credentials.
I'm a BCA graduate from SICSR Pune (CGPA: 7.0) entering the MBA-ITBM programme at SCIT Pune with an Information Security Management specialisation — aligned with the ISACA model curriculum for information security management.
My focus is the intersection of technology risk, control frameworks, and business assurance — specifically IT audit and GRC advisory. The goal is clear: Big 4 Risk Advisory or a senior BFSI security role within 3–5 years of graduating.
Before SCIT, I completed a DevOps internship at HJCloud Systems and earned my AWS Cloud Practitioner certification — giving me hands-on exposure to cloud architecture that most GRC candidates don't have at entry level. I'm using the pre-MBA window deliberately: AWS SAA by March, Security+ by May, then SCIT in June.
"Most MBA students walk into GRC with zero technical context. I'm walking in with cloud architecture experience and two security certifications. That gap is the plan."
I'm tracking toward CISA and CRISC — the two credentials that define serious IS audit and enterprise risk management careers.
Beyond technical credentials, I've demonstrated early leadership through roles as House Captain, Student Committee Member, and Football Team Captain — responsible for team coordination, decision-making under pressure, and representing peer interests in structured environments. These experiences built the communication and stakeholder management skills that GRC roles demand.
A structured credential path, not a random collection.
Where I've been, where I am, where this compounds.
Honest levels — this profile is designed to compound, not to overclaim.
Pre-formal training exercises. Labeled honestly — the depth compounds with SCIT, CISA, and real internship engagements.
An analysis of how the AWS Shared Responsibility Model distributes security obligations between the cloud provider and the customer — and where residual risk concentrates on the customer side. Uses the Asset → Risk → Control → Framework mapping template.
This exercise reframes a technical cloud concept through a risk and control lens — the core translation skill in IS audit and GRC advisory.
| Asset | Risk | Control | Framework Ref |
|---|---|---|---|
| S3 Bucket | Unintended public exposure of sensitive data | Block Public Access setting; bucket policy review | ISO 27001 A.8.2 |
| IAM Roles | Privilege escalation via overly permissive policies | Principle of least privilege; periodic access review | NIST AC-6 |
| EC2 Instances | Unpatched OS vulnerabilities post-launch | AWS Systems Manager Patch Manager; patching schedule | ISO 27001 A.12.6 |
| CloudTrail Logs | Tampering or deletion of audit trail evidence | Log file integrity validation; S3 MFA Delete | NIST AU-9 |
Foundational exercise — pre-formal training. Framework references sourced from public NIST SP 800-53 and ISO/IEC 27001:2022 documentation.
A structured risk identification exercise applied to a generic college ERP system covering student records, fee management, and faculty portals. Demonstrates systematic threat identification and basic control suggestion across common risk categories.
The goal here isn't deep technical audit — it's demonstrating that risk thinking can be applied systematically to a familiar operational context.
| Risk | Category | Impact | Suggested Control |
|---|---|---|---|
| Unauthorised access to student records | Access Control | Data breach, regulatory exposure | RBAC; session timeout; MFA for admin accounts |
| SQL injection via unvalidated form inputs | Application Security | Data manipulation, extraction | Input validation; parameterised queries; WAF |
| Data loss due to absence of backup procedures | Availability | Operational disruption | Automated scheduled backups; tested recovery plan |
| Fee payment data intercepted in transit | Data Confidentiality | Financial data exposure | TLS enforcement; HTTPS-only policy |
| Shared admin credentials across departments | Access Control | Audit trail failure, insider risk | Individual accounts; privileged access management |
Foundational exercise — pre-formal training. Intended to demonstrate structured analytical thinking, not professional-grade audit output.
Real GRC and IS audit artifacts from internship engagements will replace these foundational exercises. The profile compounds as credentials and experience accumulate.
A structured gap analysis against ISO 27001 controls for a hypothetical organisation — to be developed during the ISO 27001 Lead Implementer preparation.
Open to conversations, not just opportunities.
I'm building in public — deliberately, incrementally, and with a long horizon. If you're a recruiter, hiring manager, fellow GRC student, or a professional in Risk Advisory or BFSI security, I'm genuinely happy to talk.
I don't have everything figured out yet. What I do have is a clear target, a structured path, and the intellectual honesty to know the difference between where I am and where I'm going.
That combination is rare. I'd like to think it's worth a conversation.
Preferred contact: LinkedIn