Amisha Khanal

AK

Open to opportunities

Amisha Khanal

@amishakhanal

I’m a GRC-focused security professional specializing in ISO/IEC 27001 ISMS/PIMS audits, policy reviews, and compliance reporting.

What I'm looking for

I want to work in a compliance-first environment where I can perform ISO/IEC 27001 ISMS/PIMS audits, conduct gap assessments, and report findings that leadership can act on—while improving my skills in risk assessment and security assurance.

I have a strong interest in Governance, Risk, and Compliance (GRC), with hands-on experience working on ISMS (Information Security Management System) and PIMS (Privacy Information Management System) under ISO/IEC 27001. I actively review and analyze policies to ensure they align with organizational needs and industry expectations. I also work with the NIST framework to document and present policies and frameworks that support compliance.

In my ISMS and PIMS experience, I conduct ISO/IEC 27001 policy review, work with the NIST framework, and document and present the policy and framework. I also support internal audit activities for ISO/IEC 27001:2022 through evidence collection and compliance verification. I perform gap assessments for ISO/IEC 27001 implementation and prepare detailed audit reports with findings and recommendations, so teams can close control gaps effectively.

I’m equally comfortable supporting broader audit work, including NTA audit activities for an Internet Service Provider (ISP), reviewing security controls and compliance with regulatory guidelines. Beyond documentation and reporting, I strengthen my security mindset through practical projects such as developing a cost-effective SEIM tool using Wazuh, Zeek, Graylog, and Grafana, and demonstrating SQL injection attack techniques to communicate real application risks. I’m looking to grow in GRC and security assurance where clear reporting, critical thinking, and continuous improvement directly strengthen organizational controls.

Experience

Work history, roles, and key accomplishments

EW

Information Security Intern

Eminence Ways

Jul 2025 - Sep 2025 (2 months)

Supported internal audits for ISO/IEC 27001:2022 through evidence collection and compliance verification. Performed ISO/IEC 27001 gap assessments, prepared audit reports with findings and recommendations, and assisted in NTA audits for an ISP by reviewing security controls against regulatory guidelines.

& Compliance Audit Reporting NTA IT Audit Guidelines

NS

ISMS Intern

Nepal Realistic Solution

Oct 2024 - Dec 2024 (2 months)

Reviewed ISMS and PIMS policies under ISO/IEC 27001 and worked with the NIST framework. Documented and presented policies and frameworks to align organizational practices with industry standards.

ISMS NIST Information Security Governance

IT

System Network Intern

Insight Technology

Jul 2024 - Aug 2024 (1 month)

Conducted network assessments and developed solutions. Created documentation, quotes, and presentations and wrote blog posts on network best practices and insights.

Network Troubleshooting Documentation Technical Presentations Blog Writing And Best Practices

Education

Degrees, certifications, and relevant coursework

IU

Islington College, London Metropolitan University

Bachelor of Computer Networking and IT Security, Computer Networking and IT Security

2023 - 2025

Pursuing a bachelor’s degree in computer networking and IT security at Islington College (London Metropolitan University) from 2023 to 2025.

OC

Omega Int’l College

2020 - 2022

Completed high school studies under the NEB Board from 2020 to 2022.

OS

Occidental Public School

2019 -

Completed studies under the NEB Board starting in 2019.

Tech stack

Software and tools used professionally

Gmail

Graylog

Grafana

SQL

Evidence

Wazuh

Find your dream job

Sign up now and join over 100,000 remote workers who receive personalized job alerts, curated job matches, and more for free!