HimalayasHimalayas logo
Aryan MaharjanAM
Open to opportunities

Aryan Maharjan

@aryanmaharjan

GRC Analyst specializing in third-party risk management and compliance-ready security assessments.

Nepal
Message

What I'm looking for

I’m looking for a GRC/Third-Party Risk role where I can validate HITRUST/CRF and map controls to HIPAA, SOC 2, ISO, and GDPR. I want to work cross-functionally, produce audit-ready documentation, and help accelerate remediation with clear risk scoring and governance.

I’m a results-driven GRC and Third-Party Risk Management professional, conducting vendor risk assessments for Fortune 500 enterprises. I validate HITRUST CSF and Common Risk Framework (CRF) assessments against HIPAA, SOC 2, ISO 27001, and GDPR, using evidence review and policy analysis to pinpoint gaps in PHI/PII handling, access management, and incident response.

I review security policies, map controls to compliance frameworks, and present risk findings to senior leadership for approval and escalation decisions. In my recent role, I reduced remediation closure timelines by 25% and improved downstream workflow accuracy by 30% through an internal AI-powered compliance knowledge library and standardized control mapping templates.

Experience

Work history, roles, and key accomplishments

SE
Current

GRC & Third-Party Risk Analyst

SecurityPal

Apr 2025 - Present (11 months)

Conducted end-to-end third-party risk management for Humana, validating vendor HITRUST CSF and Common Risk Framework assessments against HIPAA/HITECH, SOC 2 Type II, ISO 27001, GDPR, and NIST CSF. Reduced average remediation closure timelines by 25% and downstream compliance workflow errors by 30% through evidence-based control validation, gap analysis, and audit-ready risk reporting.

Third Party Risk ManagementHIPAASOC IIISO 27001GDPR
CS

Security Research Analyst Trainee

Code Rush / SecurityPal

Feb 2025 - Apr 2025 (2 months)

Investigated cyber threats and helped produce GRC-focused security policy and risk control reports aligned to NIST, ISO 27001, and HIPAA frameworks. Supported application of risk management and regulatory compliance requirements across healthcare and technology contexts.

Security ResearchGRCNIST CSFISO 27001HIPAARisk Management

Education

Degrees, certifications, and relevant coursework

LF

Lord Buddha Education Foundation

Bachelor of Science in Information Technology, Information Technology

2021 - 2024

Earned a B.Sc. in Information Technology from Lord Buddha Education Foundation (affiliated with Asia Pacific University, Malaysia) from 2021 to 2024.

Tech stack

Software and tools used professionally

Splunk logo

Splunk

Gmail logo

Gmail

Jira logo

Jira

Linux logo

Linux

Mapped logo

Mapped

Evidence logo

Evidence

Availability

Open to opportunities

Location

Nepal

Authorized to work in

Nepal

Job categories

GRC AnalystThird Party Risk ManagerCompliance AnalystSecurity AnalystCybersecurity InternGRC Analyst JobsIT GRC AnalystGRC Jobs

Skills

Third Party Risk ManagementHIPAAHITECHSOC IIISO 27001ISO 27701NIST CSFNIST 800 53GDPRPCI DSSFedRAMPCRFDue DiligenceRisk ScoringPHI PII Data GovernanceControl MappingsSecurity QuestionnairesGRC ToolingPolicy ReviewsIncident ResponseOWASPSDLCSplunkJiraConfluenceCLIPythonVulnerability TestingThreat DetectionCVSSEvidenceGmailLinuxMapped

Interested in hiring Aryan?

You can contact Aryan and 90k+ other talented remote workers on Himalayas.

Message Aryan

People also viewed

View all talent

Find your dream job

Sign up now and join over 100,000 remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan