Sangit
Pant.

GRC Analyst · IS Auditor · ISO 27001 Lead Auditor

I translate regulatory complexity into structured, durable security programs. ISO 27001 to SOC 2. NIST CSF to CMMC. Governance frameworks to actual controls; because compliance that only lives on paper protects no one.

CLEARED
&
VERIFIED

0+

Certifications

0+

Frameworks

0

GRC Platforms Built

0yr

Field Experience

Primary Discipline

GRC & IS Auditing

Active Status

Open to Opportunities

Scope

Global / Remote + Nepal

Access
Granted.

ID / GRC-001

Full Name

Sangit Pant

Designation

GRC & IS Audit Professional

Location

Lalitpur, Nepal · LAT 27°40′N

/sangit-pant

I'm a GRC and IS Audit professional with hands-on experience across the compliance spectrum — from ISO 27001 and SOC 2 to NIST CSF, CMMC, and IEC 62443. My work lives at the intersection of risk, governance, and technology — making the complex legible, and the abstract actionable.

I have experience in IT risk assessments, control gap analysis, ISMS documentation, and audit evidence preparation. As a Virtual Information Security Officer (vISO), I've bridged governance requirements with real technical controls for a financial institution not as a checkbox exercise, but as a durable security posture with ownership.

Beyond client delivery, I build. BrahmaGrid and Khatra GRC are my experiments in using technology to make compliance less painful and more continuous.

Framework Coverage

ISO 27001 SOC 2 NIST CSF CMMC GDPR IEC 62443 ISO 42001 ISO 9001 ISO 14001 ISO 20000-1 NRB IT NRB CRG Cyber Essentials Cyber Essentials Plus Nepal Insurance IT

01

GRC Programs

Framework implementation, gap analysis, SoA, ISMS documentation, Policies & Procedures.

02

IS Auditing

Evidence collection, control testing, management-level compliance reporting.

03

Risk Management

IT risk assessments, STRIDE threat modeling, risk registers, risk treatment plans.

04

Security Assessments

EDR & AV evaluation, vulnerability assessments, control gap analysis.

Mission
History.

Jan 2025
— Present

Associate IS Auditor & GRC Analyst

Vairav Technology Security Pvt. Ltd. · Kathmandu ACTIVE

Supported IT risk assessments and IS audits for technology and regulated clients, adapting scope to each client's risk profile.
Conducted Internal Audits against ISO 27001, SOC 2, NIST CSF, CMMC, and IEC 62443 — sometimes all in the same quarter.
Performed STRIDE threat modeling and identified control gaps across people, process, and technology layers.
Developed GRC documentation — policies, risk registers, Statements of Applicability, and control mapping matrices.
Prepared audit evidence packages, vulnerability assessment reports, and executive-level compliance dashboards.
Served as vISO for a financial institution client — providing ongoing governance advisory and regulatory alignment.

Sep 2024
— Jan 2025

IS Auditor & GRC Intern

Vairav Technology Security Pvt. Ltd. · Kathmandu

Drafted ISMS documentation aligned to ISO/IEC 27001, SOC 2, and adjacent standards — learning that a good policy is also good writing.
Supported internal IS audits and compliance assessments: evidence collection, control testing, audit reporting.
Contributed to risk identification, control mapping, and structured audit documentation processes.

Jan 2023
— Feb 2024

Freelance Content Writer

Hansikar Technologies · Kathmandu

Delivered structured web content with SEO optimization — building the documentation precision and clear communication that now anchors every GRC deliverable.

Additional entry — clearance required:

[REDACTED OPERATION] · ████████████████████████████████████ · Duration: ████████

Clearance
Credentials.

01

Mastermind Assurance

ISO/IEC 42001:2023 Lead Auditor

2026

02

Mastermind Assurance

ISO/IEC 27001:2022 Lead Auditor

2025

03

ICTTF

Certified Ransomware Protection Officer

2025

04

ICTTF

Certified SME Cyber Security Officer

2025

05

ISC²

Certified in Cybersecurity (CC)

2024

06

SkillFront

ISO/IEC 27001 Information Security Associate

2024

07

Google / Coursera

Play It Safe: Manage Security Risks

2023

08

Google / Coursera

Foundations of Cybersecurity

2023

Auditor's Note: 8 certifications documented. Credential fatigue: ██████████████. Next target: █████████████████████████████.

Active
Builds.

In Development

Project — 001

BrahmaGrid

GRC Automation Platform

A GRC platform designed to streamline compliance workflows, automate evidence collection, and manage audit readiness across multiple frameworks — so audit season stops being a fire drill.

GRC Automation Multi-framework SaaS

In Development

Project — 002

Khatra GRC

Risk Intelligence Tool

An intelligent risk management tool that maps threats to controls, generates risk registers, and provides continuous compliance posture visibility — because khatra (danger) should surface in a dashboard, not in an audit finding.

Risk Intel Threat Mapping Controls Dashboard

Status of third project: ████████████████████████████████████████████████████

Field
Dispatches.

Dispatch No. 001 · LinkedIn Article · GRC Strategy

SOC 2 and ISO 27001 are useless. But are they really?

By Sangit Pant

SOC 2 and ISO 27001 don't stop attacks, but the absence of their basic controls makes incidents far more likely. A simple guest-Wi-Fi scan exposed a CCTV admin interface. No exploitation, no advanced tools, just missing security hygiene.

This article maps that real scenario to specific control failures and explains where compliance genuinely reduces risk — and where it doesn't.

Read Full Report ↗

Forthcoming Dispatches

Dispatch No. 002 · ████████████████████████████████████████████ Pending

Dispatch No. 003 · █████████████████████████████ Pending

Dispatch No. 004 · ████████████████████████████████████████████████ Pending

Academic
Foundation.

Degree Status

Completed

GPA

4.0

Institution

Presidential Graduate School (Westcliff University)

Program

Bachelors of Science in Information Technology

Concentration

CyberSecurity

Period

2021 — 2025

Examiner's Note

████████████████████████████████████████████████████████

* Academic performance is officially documented. Any claims of a social life during this period are ████████████████.

Let's
Connect.

Open to GRC, IS Audit, and compliance roles. Need an Internal Auditor, GRC Analyst, or someone to build your security program from first principles — the channel is open.

Location

Lalitpur, Nepal

OPEN TO
OPPORTUNITIES

Message Form — Ref: SP-2026