Open to opportunities

Ayushma Shrestha

@ayushmashrestha1

Message

Information Security Audit and GRC professional driving compliance and risk reduction.

Nepal

Message

What I'm looking for

I seek a role where I can lead IS/IT audits and GRC implementation, collaborate cross-functionally, drive compliance, and grow into broader security leadership.

I am an Information Security Audit and GRC professional with hands-on experience implementing ISO/IEC 27001, SOC 2, NRB and NIA IT guidelines, PDPL, ISO 20000 and UAE IA standards. I have led internal and external audits, developed ISMS policies and risk registers, and delivered actionable remediation plans that improve cybersecurity posture.

I collaborate closely with cross-functional teams and stakeholders to align controls with business objectives, provide advisory support on compliance and GRC tooling, and ensure audit readiness through clear reporting and prioritized recommendations. I am eager to apply my audit, policy development, and risk management expertise to strengthen organizational security.

Experience

Work history, roles, and key accomplishments

Current

IS Audit Officer

Current

Eminence Ways

Oct 2025 - Present (4 months)

Lead external information systems and security audits and ISO/IEC 27001:2022 internal audits, identifying control weaknesses and driving corrective actions to improve clients' cybersecurity posture.

Audit ISO 27001 NRB IT Guidelines Audit Reporting Risk Assessment IT Governance Policy Development & Compliance

GRC Consultant

CyberArrow

Jan 2025 - Jun 2025 (5 months)

Led compliance implementations (ISO/IEC 27001/27002, SOC 2, PDPL, ISO/IEC 20000, UAE IA), developed policies and risk registers, and supported client onboarding for GRC solutions.

GRC ISO 27001 SOC Risk Assessment Policy Development Client Onboarding

GRC Associate

Islington College

Aug 2024 - Jan 2025 (5 months)

Led an ISO/IEC 27001:2022 certification project for the institution, conducted security audits, and developed ISMS documentation to close compliance gaps.

ISO 27001 ISMS Security Auditing Risk Assessment Policy Development & Compliance

Information Security Auditor

Vairav Technology

May 2024 - Aug 2024 (3 months)

Collaborated on external and internal information security audits for financial institutions, led a VISO project for a fintech, and supported ISO/IEC 27001 and SOC 2 compliance efforts.

Security Auditing NRB IT Guidelines ISO 27001 SOC Policy Development Audit Reporting remediation

Education

Degrees, certifications, and relevant coursework

Islington College

Master of Science, IT and Applied Security with Specialization in Cyber Intelligence

Pursuing MSc in IT and Applied Security with specialization in Cyber Intelligence; coursework and research focused on advanced information security and cyber intelligence topics.

Islington College

Bachelor of Science (Hons), Computer Networking & IT Security

2021 - 2024

Grade: First Class Honors

Activities and societies: Student Academic Representative (STaR) 2022–2024

Completed BSc (Hons) in Computer Networking & IT Security with First Class Honors, focusing on networking, IT security, and practical security implementations.