Open to opportunities

Ayushma Shrestha

@ayushmashrestha

Message

Information security auditor and GRC specialist focused on compliance and risk.

Nepal

Message

What I'm looking for

I am seeking a role where I can lead compliance and security audits, develop ISMS policies, drive risk-based remediation, and collaborate cross-functionally to strengthen organizational security and compliance.

I am a dedicated information security audit and GRC professional with hands-on experience implementing standards and leading IS audits across financial institutions, education, and fintech clients.

I have led ISO/IEC 27001:2022 internal audits and certification projects, developed ISMS policies, and executed full audit lifecycles aligned with NIA IT Guidelines, NRB IT Guidelines, Digital Payment Policies, SOC 2, PDPL, and related frameworks.

My strengths include risk assessment, control gap identification, policy development, and translating technical requirements into clear recommendations for stakeholders. I have supported clients with corrective and preventive actions, audit reporting, and advisory work to improve cybersecurity maturity.

I seek to continue contributing to organizational security through collaborative engagements, practical remediation guidance, and continual compliance improvement while expanding my expertise in GRC tools and security program optimization.

Experience

Work history, roles, and key accomplishments

Current

IS Audit Officer

Current

Eminence Ways

Oct 2025 - Present (3 months)

Lead external information systems and security audits and ISO/IEC 27001:2022 internal audit engagements, identifying control weaknesses and driving corrective actions to enhance clients' cybersecurity posture.

Security Auditing ISO 27001 NRB IT Guidelines Audit Reporting Risk Assessment Policy Development CAPA

GRC Consultant

CyberArrow

Jan 2025 - Jun 2025 (5 months)

Led compliance implementation for ISO/IEC 27001, SOC 2, PDPL and ISO/IEC 20000, developed policies and risk registers, and advised on GRC solution enhancements for client onboarding and compliance alignment.

GRC ISO 27001 SOC Risk Assessment Policy Development Client Onboarding

GRC Associate

Islington College

Aug 2024 - Jan 2025 (5 months)

Led an ISO/IEC 27001:2022 certification project for the institution, conducted security audits and risk assessments, and developed ISMS policies to close compliance gaps.

ISO 27001 Security Auditing Policy Writing Cross Functional Collaboration

Information Security Auditor

Vairav Technology

May 2024 - Aug 2024 (3 months)

Collaborated on external and internal information security audits for financial institutions, led a Virtual Information Security Officer project, and supported ISO/IEC 27001 and SOC 2 compliance efforts.

Security Auditing NRB IT Guidelines ISO 27001 SOC Policy Development Audit Reporting

Education

Degrees, certifications, and relevant coursework

Islington College

Master of Science, IT and Applied Security (Cyber Intelligence)

Pursuing an MSc in IT and Applied Security with specialization in Cyber Intelligence, focusing on advanced topics in information security and cyber intelligence.

Islington College

Bachelor of Science (Honours), Computer Networking & IT Security

2021 - 2024

Grade: First Class Honors

Activities and societies: Student Academic Representative (STaR) 2022–2024

Completed a Bachelor (Hons) in Computer Networking & IT Security with First Class Honors, covering networking, security, and related applied technologies.