Naushad Mugut

GRC PROGRAM MANAGER: STRENGTHENING ORGANIZATIONAL DEFENSES AND RESILIENCE

 PROFESSIONAL SUMMARY

• GRC Program Manager with proven success in designing and implementing enterprise security and compliance programs across the US, UK, and Europe. 
• Experienced in leading SOC 2, PCI DSS, and ISO 27001 audits, automating GRC workflows and strengthening business continuity and Third-Party Risk Management (TPRM). 
• Known for enabling audit readiness, policy alignment, and risk mitigation through cross-functional leadership and modern GRC platforms (Vanta, AuditBoard, HyperComply, OneTrust).
• Elevated Customer Trust Assurance maturity from CMMI Level 0→4 through integrated Business Continuity Management and Vendor risk programs, enhancing resilience and continuity across global operations.

Core Competencies: Security Governance, Compliance, and Standards | Risk Identification, Assessment, and Mitigation | GRC Tool Onboarding | Cybersecurity Awareness Program Implementation | Incident Response Strategy & Crisis Management | Policy Lifecycle Management | Vendor Risk Management & Third-Party Due Diligence | Audit Readiness and Management (Internal & External) Recovery Planning and Execution | Leadership & Capability Building | Training and Mentoring

 Technical Skills: JIRA | Confluence | AuditBoard | Vanta | HyperComply | BitSight | Microsoft Azure | CrowdStrike | Qualys | ServiceNow | OneTrust | ISO/IEC 27001 | SOC 2 Type I & Type II | NIST CSF | NIST 800-53 | PCI DSS 4.0 | COBIT | ISO/IEC 42001 (AI Governance) | CIS Controls | SOX | GDPR | Cloud Security | Risk Register Management| Continuous Monitoring | TPRM.

PROFESSIONAL EXPERIENCES

Manager – GRC Engineering | Workstreet (Remote) | 07/2025 to 10/2025 

Workstreet is a global provider of AI-powered security and compliance solutions, specializing in Virtual CISO services, SOC 2 and ISO 27001 readiness, HIPAA compliance, and Vanta implementation. It empowers fast-growing technology companies to scale securely and build operational resilience through strategic compliance.

• Led end-to-end audit readiness and compliance programs for 15+ clients across diverse industries, leveraging Vanta to achieve 3 SOC 2 Type I audits, 1 SOC 2 Type II audit, and 1 ISO 27001 certification all completed with zero major findings, strengthening client trust and compliance maturity.
• Partnered with client CISOs and compliance teams to design and implement AI-driven GRC workflows, reducing manual audit preparation time by 40% through automation and streamlined documentation.
• Optimized SOPs and audit playbooks, aligning them with best practices for continuous improvement, driving measurable gains in team efficiency and project turnaround.
• Supported multiple engagements involving Vanta implementation and migration, enabling seamless platform adoption and accelerating clients’ compliance certification timelines.
• Served as a trusted advisor to startups and hyper-growth technology firms, translating complex compliance frameworks (SOC 2, ISO 27001, CMMC, GDPR) into scalable, business-aligned solutions.

Senior Governance, Risk & Compliance Manager | Aeries Technology Group, Pune | 11/2021 to 07/2025

Developed and implemented an Information Security Management System (ISMS) aligned with ISO 27001 and NIST standards. Achieved successful SOC 2 Type II and PCI certifications with zero major findings. Identified, and mitigated risks across projects and corporate functions, elevating the overall maturity level of the Governance, Risk, and Compliance (GRC) program to level 3.

• Orchestrated the onboarding process for security tools like Qualys, CrowdStrike and Desktop Central, leading to a 25% reduction in critical vulnerabilities through timely scans and remediation efforts.
• Implemented Cloudware and Desktop Central for asset reconciliation. 
• Improved asset visibility and accuracy, and reduced asset discrepancies by 50%, achieved 90% accuracy rate in asset inventory management.
• Addressed third-party risk assessment questionnaires and conducted audit meetings with third-party vendors, leading to a 60% improvement in client satisfaction scores through proactive engagement and transparent communication.
• Transformed the exception management workflow from manual processes using SharePoint and email to an automated system within the GRC tool, leading to 50% reduction in exception resolution time.
• Orchestrated the elevation of CMMI maturity level from 0 to 4 within 12-14 months, overcoming initial challenges of a non-existent process framework.
• Designed and implemented a vendor risk management program that reduced vendor-related security incidents by 50%, enhanced overall vendor risk posture, and ensured adherence to regulatory requirements such as CFIUS and GDPR.
• Successfully reduced click rates in phishing campaigns from an initial 22% to 4.8% through the implementation of cybersecurity training, incentivization, and continuous monitoring, ensuring compliance with SOC 2 audit requirements.
• Successfully initiating and implementing phishing and training programs, achieved 40% increase in cybersecurity awareness.

Key Project Works and Highlights

• Facilitation of SOC 2 Type II Audit: Completed 3 SOC 2 Type II audits for Vercara (now part of DigiCert) with zero major findings, reinforcing organizational compliance maturity, customer trust, and alignment with global data protection standards.
• Facilitation of PCI DSS 4.0 Audit: Completed and closed 2 annual PCI DSS audits with no major findings. Completed the third PCI DSS 4.0 audit with 0 major findings, implementing new control requirements and ensuring full compliance with updated standards. Transitioned project management from Excel to JIRA, driving an 80% improvement in efficiency and collaboration.
• Onboarding and Implementation of Audit Board GRC Tool: Successfully navigated operational challenges by transitioning to the Audit Board GRC Tool, achieving a remarkable 60% improvement in process efficiency. Centralized all programs into 1 platform, eliminated tedious manual tasks previously carried out in SharePoint and Excel.
• Issue Management: Migrated issues to GRC Tool (AuditBoard) and JIRA. Defined an Exception Management process, reducing issue resolution time by 40% through a framework for addressing violations, governance gaps, and third-party risks.
• Risk Management: Implemented a structured risk management framework using AuditBoard, reducing enterprise risk exposure by 20%. Transitioned risk tracking from manual spreadsheets to AuditBoard, enhancing efficiency by 40%.
• Integration of BitSight Trust Portal (Beacon): Led comprehensive sales process overhaul, reducing cycle to 24 hours by addressing bottlenecks such as lengthy negotiations and approval procedures.
• Implemented workflow streamlining, and empowered teams with enhanced negotiation strategies, yielding an $8M revenue increase (7% growth).
• Integration of HyperComply (Vendor Security Questionnaire Automation): Integrated HyperComply to automate vendor security questionnaires, overhauling sales workflows to cut cycle time to 24 hours and drive an $8M revenue increase.

Rewards: Received the prestigious "I Applaud" Award Certificate in recognition of exemplary contributions to the organization's security and sales domains. 

Lead Consultant | Wipro Technologies, Pune | 07/2018 to 11/2021

Standardized the security exceptions process for Wipro acquired entities. Ensured widespread adoption of centrally mandated Security Solutions, that led to 15% increase in overall compliance with security controls. 

• Conducted risk assessments based on NIST 800-53 and ISO 27001 frameworks, leading to 10% enhancement in risk management maturity, significantly augmented Wipro’s capability to identify and mitigate security risks effectively.
• Implemented SOPs for Guest Access in Microsoft Teams for Non-Wipro users, enhancing collaboration while mitigating security risks and improving access controls to prevent unauthorized data exposure.
• Orchestrated quarterly CISO Council Meetings and monthly calls with entity teams, fostering collaboration and alignment on security initiatives, achieving 30% improvement in cross-entity security coordination and communication.
• Implemented Next Generation Antivirus (NGAV) Cylance on 5000 Windows Servers, achieving 40% reduction in malware infections and enhancing threat detection capabilities, markedly elevating the organization's endpoint security posture.
• Implemented a range of DLP (Data Loss Prevention) policies to restrict USB access, prevent web and file uploads, monitor email activity, and oversee mobile usage.

Sr. Technical Support Engineer - Advance Team | Broadcom Inc (Symantec Software India Pvt. Ltd.), Pune | 05/2011 to 07/2018

Core member of the information protection team, contributed to enhancing team efficiency and delivering high-quality solutions to clients, mitigating risks associated with data breaches and ensuring robust governance. 

• Orchestrated the successful implementation of Single Tier and Multi-Tier Data Loss Prevention (DLP) solutions, leading to a 20% increase in data security effectiveness and compliance adherence, aligning with regulatory requirements.
• Resolved issues across various platforms, reducing the average resolution time by 10% through efficient problem-solving techniques and collaboration with cross-functional teams, crucial for mitigating risks and ensuring operational resilience.
• Collaborated with Product Engineering Teams to resolve complex issues, significantly reducing mean time to resolution (MTTR) for critical product issues, enhancing the organization's ability to respond promptly to security incidents.
• Played a key role in conducting Beta Tests for new product releases, provided feedback to enhance product features and functionalities, thus contributing to strengthening the organization's cybersecurity posture and compliance readiness.

Rewards and Recognition

• Recognized with awards for achieving maximum case closures with 100% Customer Satisfaction (CSAT)
• Received multiple awards for outstanding performance in case management and resolution

PAST EXPERIENCES

Technical Lead | IBM Daksh, Pune | 06/2006 to 05/2011

Customer Care Executive | Mphasis India Pvt. Ltd., Pune | 12/2004 to 06/2006

Commerce Graduate from Mumbai University