Expertise Experience Case Studies Credentials Insights Contact Terminal Mode
Available · Remote & Visa-Sponsored Roles

Kathan
Joshi

GRC Consultant with 3 years of hands-on experience in ISO 27001 audit management, ISMS implementation, internal audit coordination, and compliance delivery across regulated industries.

ISO 27001 CISA Audits AUA / KUA Internal Audits GRC ISMS VAPT PCI DSS Risk Assessment Gap Analysis
Get in Touch View Case Studies Terminal
joshikathan11@gmail.com linkedin.com/in/kathan-joshi India · IST (UTC +5:30)
KJ
Kathan Joshi
GRC Consultant · Cybersecurity Analyst
3
Years in GRC & Cybersecurity
10+
Client Engagements Delivered
4
Audit Standards Practised
8
Certifications & Completions
ISO 27001 ISO 27701 ISO 42001 PCI DSS NIST CISA AUA/KUA VAPT
Open to Remote & Visa-Sponsored Roles Globally
3
Years in GRC & Security
12+
Client Engagements
4
Audit Standards Practised
100+
Vulnerabilities Documented
Expertise

Practice
areas

Four operational disciplines developed through consulting engagements across financial services, healthcare, and technology sectors.

01 / 04
Governance & Compliance

Framework implementation and compliance assurance for organisations pursuing or maintaining security certifications.

ISO 27001 ISMS design & implementation
Regulatory gap analysis & remediation plans
Security policy development & review
UCB & NHB standards alignment
Compliance programme management
02 / 04
Audit & Risk Management

End-to-end audit lifecycle delivery — planning, evidence management, findings and closure.

ISO 27001 audit coordination
CISA, AUA/KUA audit facilitation
Internal audit programme management
Risk assessment & control gap analysis
Corrective action tracking & closure
03 / 04
Project Coordination

Structured delivery of cybersecurity programmes from scoping through to final reporting across multiple concurrent clients.

Engagement planning & scoping
Stakeholder communication & status reporting
Evidence pack preparation & review
Multi-client delivery management
Technical documentation & deliverables
04 / 04
VAPT & Security Assessment

Vulnerability identification and remediation guidance across web applications, networks and infrastructure.

Web application penetration testing
Network vulnerability assessment
Phishing simulation design & execution
Findings documentation & risk rating
Remediation tracking & re-testing
Process

Audit
lifecycle

How I approach a typical ISO 27001 audit engagement — from initial scoping through to certification support.

This represents the structured methodology applied across compliance audit engagements. Each phase has defined inputs, outputs, and quality checkpoints to ensure audit readiness and repeatable delivery.

01
Scoping &
Planning
Define audit boundary, objectives, schedule and resource requirements
02
Document
Review
Review ISMS documentation, policies, procedures and prior findings
03
Evidence
Collection
Gather, validate and organise control evidence against audit criteria
04
Gap
Analysis
Identify control gaps, non-conformities and areas requiring remediation
05
Remediation
Support
Coordinate corrective actions, track closure and validate effectiveness
06
Audit Report
& Closure
Produce findings report, management summary and certification readiness assessment
Experience

Professional
history

Progressive career development across GRC consulting, audit management, and security project delivery — built through client-facing work in regulated environments.

Current
Feb 2026 — Present
Infopercept
Ahmedabad, India
Consultant — GRC

Managing compliance audit programmes for multiple client organisations across financial services and technology sectors. Primary responsibilities span ISO 27001, CISA and AUA/KUA audit delivery, evidence management, and certification readiness coordination.

Coordinating ISO 27001 audit lifecycle — scoping, evidence collection, findings documentation, corrective action tracking and closure.
Facilitating CISA and AUA/KUA audits, ensuring clients meet statutory and regulatory compliance obligations within required timelines.
Managing internal audit programmes, including audit scheduling, evidence review and management reporting across multiple clients simultaneously.
Conducting pre-audit gap assessments to identify control weaknesses, reducing formal audit non-conformities before assessment.
Producing audit documentation, evidence packs and compliance reports aligned with international audit standards.
ISO 27001CISA Audits AUA/KUAInternal Audits GRCEvidence Management
Jul 2025 — Jan 2026
Anzen Technologies Pvt. Ltd.
Mumbai, India
Associate Consultant — GRC

Embedded with a financial services client to support their internal audit programme. Responsible for audit cycle coordination, evidence management and pre-audit preparation across monthly, quarterly and semi-annual review cycles.

Coordinated internal audit cycles at monthly, quarterly and semi-annual cadence within a complex financial services regulatory environment.
Managed evidence collection and validation aligned with Internal Audit Standards (IAS) — ensuring audit-ready documentation ahead of each review cycle.
Performed pre-audit control checks, identifying gaps and coordinating corrective actions before formal engagements commenced.
Worked directly with cross-functional stakeholders to streamline audit workflows and reduce time-to-closure on open findings.
Internal AuditsIAS Evidence ManagementFinancial Services GRC
Apr 2024 — Jul 2025
Cyber Octet Pvt. Ltd.
India
Cybersecurity Analyst & Project Coordinator

Client-facing role covering VAPT assessments, ISO 27001 audit support, and GRC programme delivery across concurrent client engagements in regulated industries.

Delivered VAPT assessments, ISO 27001 audit support and GRC implementations across 10+ client engagements — several resulting in successful certification.
Coordinated control implementations that contributed to a 40% reduction in high-risk vulnerability counts across client environments.
Managed end-to-end project delivery from scoping through to final reporting, maintaining consistent delivery timelines across a concurrent client portfolio.
Maintained 95% client satisfaction across all engagements through structured communication and proactive issue resolution.
VAPTISO 27001 GRCProject Delivery Client Management
Jul 2023 — Mar 2024
Cyber Octet Pvt. Ltd.
India
Junior Cybersecurity Analyst
Conducted network and web application VAPT assessments, identifying and documenting over 100 vulnerabilities with severity ratings and remediation guidance.
Produced security assessment reports used directly in client risk management and board-level reporting processes.
Developed practical foundations in penetration testing methodology, OWASP guidelines, and professional security reporting standards.
VAPTNetwork Security Web App TestingSecurity Reporting
Case Studies

Engagement
examples

Anonymised summaries of representative engagements. Specific client details withheld for confidentiality. Outcomes reflect actual results from completed work.

ISO 27001 Certification Audit Programme
Financial services · ISMS scope covering core banking operations · 6-month engagement
ISO 27001 Internal Audit ISMS
Challenge
Client needed to achieve ISO 27001 certification within a fixed regulatory deadline. Existing ISMS documentation was incomplete and internal teams had limited audit experience.
Approach
Conducted a gap assessment against Annex A controls. Built an evidence collection framework. Ran mock audit cycles with internal teams prior to formal assessment.
Execution
Managed full audit lifecycle — documentation review, evidence validation, findings tracking, corrective action coordination and final audit report preparation.
Frameworks
ISO/IEC 27001:2022 · Annex A controls · Internal Audit Standards · Statement of Applicability review
Outcome
Client achieved certification within the required timeline. Formal audit non-conformities reduced significantly from mock audit to final assessment. Internal team gained repeatable audit process for future review cycles.
Multi-Client GRC Programme Delivery
Technology & services sector · 10+ concurrent client engagements · 14-month period
GRC ISO 27001 Project Management
Challenge
Managing concurrent GRC and VAPT engagements across clients with different regulatory requirements, maturity levels, and internal resource constraints.
Approach
Developed a standardised engagement template adapted per client context. Used risk-based prioritisation to sequence corrective actions and compliance activities.
Execution
End-to-end delivery across VAPT assessments, ISO 27001 gap analyses, and GRC framework implementations — with structured status reporting to client stakeholders throughout.
Frameworks
ISO 27001 · NIST CSF · OWASP Top 10 · PCI DSS baseline checks · Internal control frameworks
Outcome
High-risk vulnerability count reduced by approximately 40% across assessed environments. All project deliverables met agreed timelines. 95% client satisfaction maintained across the portfolio.
Regulatory Audit Management — Financial Sector
Financial services · Internal audit programme · Monthly / quarterly / semi-annual cycles
Internal Audits IAS Compliance
Challenge
Client operated under tight regulatory obligations requiring audit evidence at multiple review frequencies. Existing processes lacked structure and audit-readiness documentation was inconsistent.
Approach
Mapped audit requirements by frequency and scope. Developed an evidence collection calendar and standardised evidence templates aligned with IAS requirements.
Execution
Coordinated audit cycles end-to-end — evidence gathering, validation, pre-audit gap checks, corrective action management, and management reporting at each cycle close.
Frameworks
Internal Audit Standards (IAS) · Regulatory control frameworks · Financial sector compliance obligations
Outcome
Consistent audit-ready documentation maintained across all review cycles. Pre-audit gap checks reduced open findings at formal review. Stakeholder reporting improved clarity and turnaround time.
Credentials

Frameworks & certifications

Standards & Frameworks
27001
ISO/IEC 27001 — Information Security Management Systems
27701
ISO/IEC 27701 — Privacy Information Management
42001
ISO/IEC 42001 — AI Management Systems
PCI
PCI DSS — Payment Card Industry Data Security
NIST
NIST Cybersecurity Framework
OWASP
OWASP Top 10 — Application Security Risks
UCB
UCB Cybersecurity Standards
NHB
NHB Regulatory Standards
Professional Certifications & Training
UKAS
AIQI ISO/IEC 42001 Awareness eLearning
AI Management Systems
Qualys
PCI Compliance
Payment Card Industry Security
Management & Strategy Institute
Lean Six Sigma White Belt
Process Improvement
Udemy
ISO/IEC 27701 Information Security Management
Privacy Information Management
CyberWarFare Labs
Purple Teaming Fundamentals
Offensive & Defensive Security
CodeRed
Ethical Hacking with Nmap
Network Security
Cyber Octet Pvt. Ltd.
Advanced Diploma in Ethical Hacking & Cybersecurity
Security Operations
CodeRed
Practical Penetration Testing with BackBox
Penetration Testing
Technical Skills
ISO 27001 Audits CISA Audits AUA/KUA Audits Internal Audits Risk Assessment Gap Analysis ISMS Design Evidence Management Audit Planning Burp Suite Nmap Nessus Metasploit Wireshark OWASP ZAP Qualys Kali Linux Stakeholder Reporting Security Policy Writing UCB Standards NHB Standards
Insights

Perspective on GRC practice

Observations from working across compliance audit, risk management and VAPT engagements in regulated environments.

Audit Practice
Why pre-audit gap checks reduce formal non-conformities
A pre-audit control check — conducted 4–6 weeks before formal assessment — allows organisations to address gaps before they become official findings. In practice, this approach consistently reduces the number of non-conformities raised during Stage 2 audits and shortens post-audit remediation cycles.
Observation from ISO 27001 audit engagements · 2024–2026
Risk Management
Evidence management as the single biggest audit bottleneck
Across multiple client engagements, the most common cause of delayed audit readiness is not control gaps — it is the absence of a structured evidence collection process. Organisations that maintain an always-current evidence register move through audit cycles significantly faster than those that scramble to gather evidence at each review.
Pattern observed across financial services and technology sector clients · 2023–2026
GRC Operations
The operational gap between ISMS documentation and practice
Achieving ISO 27001 certification is the beginning, not the end. The organisations that maintain strong security posture are those where documented controls are actively practised and reviewed — not stored as static artefacts. Bridging the documentation-to-practice gap is where GRC consulting creates the most sustainable value for clients.
Developed through ISMS implementation and post-certification review work · 2023–2026
Contact

Get in
touch

Available for GRC analyst, compliance consultant, audit, and security governance roles. Open to international remote and visa-sponsored positions. Response within 24 hours.

Email
joshikathan11@gmail.com
LinkedIn
linkedin.com/in/kathan-joshi
WhatsApp
Available for quick conversations
Send a message