CL-0
initializing
⚡ ACCESS GRANTED: ADMIN CLEARANCE ⚡
$ audit --all → All controls: COMPLIANT ✓
Open to Opportunities
GRC & IS Audit Professional · Lalitpur, Nepal
IS Auditor GRC Analyst vISO
Establish Connection View Dossier
Scroll to Proceed
0+
Certifications
0+
Frameworks
0
GRC Platforms Built
0yr
Experience
Personnel Dossier
Access
Granted.
ID Card Verified
Sangit Pant
Sangit Pant
GRC & IS Audit Professional
Email
[email protected]
Phone
+977 9864729477
Location
Lalitpur, Nepal
LinkedIn
linkedin.com/in/sangit-pant
ISO 27001 SOC 2 NIST CSF CMMC GDPR IEC 62443 ISO 42001 ISO 9001 ISO 14001 ISO 20000-1 NRB IT NRB Cyber Nepal Ins. IT Cyber Essentials

I'm a GRC and IS Audit professional with experience across compliance frameworks — ISO/IEC 27001, SOC 2, NIST CSF, CMMC, ISO 9001, IEC 62443 and more. I translate regulatory complexity into structured, actionable security programs.

Skilled in IT risk assessments, control gap analysis, ISMS documentation, and audit evidence preparation. Experienced as a Virtual Information Security Officer (vISO) for a financial institution, bridging governance requirements with technical controls.

Beyond client work, I build GRC tools — BrahmaGrid and Khatra GRC — exploring how technology can streamline compliance workflows.

🛡️
GRC Programs
Framework implementation, gap analysis, SoA, ISMS documentation, Policy & Procedures.
🔍
IS Auditing
Evidence collection, control testing, management reporting.
⚠️
Risk Management
IT risk assessments, STRIDE threat modeling, risk registers.
📋
Security Assessments
EDR & AV evaluation, vulnerability assessments.
Operations Log
Mission
History.
Jan 2025 — Present
Vairav Technology
Security Pvt. Ltd.
Kathmandu
Active
Associate IS Auditor & GRC Analyst
  • Supported IT risk assessments and IS audits for technology and regulated clients.
  • Conducted Internal Audits against multiple compliance frameworks including ISO 27001, SOC 2, NIST CSF, CMMC, IEC 62443 etc.
  • Conducted threat modeling (STRIDE) and identified control gaps across people, process, and technology.
  • Developed and reviewed GRC documentation — policies, risk registers, and Statements of Applicability.
  • Prepared audit evidence, vulnerability assessments, and management-level compliance reports.
  • Served as Virtual Information Security Officer (vISO) for a financial institution client.
Sep 2024 — Jan 2025
Vairav Technology
Security Pvt. Ltd.
Kathmandu
IS Auditor & GRC Intern
  • Drafted GRC and ISMS documentation aligned to international security standards.
  • Supported IS audits and compliance assessments under ISO/IEC 27001, SOC 2, and NIST CSF.
  • Contributed to risk identification, control mapping, and audit documentation processes.
Jan 2023 — Feb 2024
Hansikar Technologies
Kathmandu
Freelance Content Writer
  • Delivered structured web content with SEO optimization, strengthening professional documentation skills applicable to compliance writing.
Arsenal
Clearance
Credentials.
01
Mastermind Assurance
ISO/IEC 42001:2023 Lead Auditor
2026
02
Mastermind Assurance
ISO/IEC 27001:2022 Lead Auditor
2025
03
ICTTF
Certified Ransomware Protection Officer
2025
04
ICTTF
Certified SME Cyber Security Officer
2025
05
ISC2
Certified in Cybersecurity (CC)
2024
06
SkillFront
ISO/IEC 27001 Information Security Associate
2024
07
Google / Coursera
Play It Safe: Manage Security Risks
2023
08
Google / Coursera
Foundations of Cybersecurity
2023
Classified Projects
Active
Operations.
Classified
PROJECT_001
Brahma Grid
GRC Automation Platform
A GRC platform designed to streamline compliance workflows, automate evidence collection, and manage audit readiness across multiple frameworks.
GRC Automation Compliance SaaS
BG
Classified
PROJECT_002
Khatra GRC
Risk Intelligence Tool
An intelligent risk management tool that maps threats to controls, generates risk registers, and provides real-time compliance posture visibility.
Risk Threat Intel Controls Dashboard
KG
Intel Reports
Field
Dispatches.
Dispatch No. 001
The Quiet Shift from Compliance Checkboxes to Continuous Assurance
By Sangit Pant
GRC Strategy
Organizations are moving beyond checkbox compliance toward integrated, continuous assurance models that embed controls into daily operations rather than annual audits.
Read Full Report →
Training Records
Academic
Foundation.
Bachelor of Information Technology
BIT — Information Technology
GPA: 4.0
Presidential Graduate School (Westcliff University)
2021-2025
Secure Channel
Let's
Connect.

Open to roles in GRC, IS Audit, and compliance. Need an Internal Auditor, GRC Analyst, or someone to build your security program — let's talk.

sangit@vault:~$ rm -rf / // just kidding. Your data is safe with Google.