Open to opportunities

Devendra Bhanuse

@devendrabhanuse

Cybersecurity GRC and Third-Party Risk consultant, helping organizations manage cyber risk with ISO/NIST-aligned controls.

India

Message

What I'm looking for

I’m looking for a cybersecurity GRC/TPRM role where I can drive ISO/NIST-aligned governance, run enterprise risk and maturity assessments, manage vendor risk, and deliver clear risk reporting and control improvement for senior leadership.

I’m a Cybersecurity GRC professional with around 10 years of experience across governance, risk management, regulatory compliance, and third-party risk management. I help organizations establish and improve cybersecurity governance frameworks, complete enterprise risk and maturity assessments, and implement security controls aligned with ISO/IEC 27001 and the NIST Cybersecurity Framework.

In my current role as a Senior Consultant (TPRM) at WTW, I’ve conducted 300+ security risk assessments and built enterprise risk registers to track cybersecurity risks, control gaps, and remediation activities. I review supplier compliance against ISO 27001, SOC2, PCI DSS, GDPR, and internal policies, then communicate actionable risks to Legal, Procurement, and Business stakeholders—building clear paths toward continuous improvement and audit-ready control effectiveness.

Experience

Work history, roles, and key accomplishments

Current

Senior Consultant (TPRM)

Current

WTW

Mar 2024 - Present (2 years 3 months)

Conducted 300+ third-party security risk assessments aligned to ISO 27001 and the NIST Cybersecurity Framework, identifying and reporting supplier engagement risks. Built and maintained enterprise risk registers and communicated high-risk supplier findings to Legal, Procurement, and Business stakeholders.

Third Party Risk Management ISO 27001 NIST Cybersecurity Framework Security Assessments Risk Register PCI DSS GDPR Compliance

Information Security Analyst

Infosys Limited

Oct 2021 - Mar 2024 (2 years 5 months)

Performed enterprise IT and cyber risk assessments to identify threats, evaluate exposure, and drive mitigation planning. Assessed security for org-wide rollouts (e.g., MicroSegmentation and SASE) and reviewed vendor security postures and 50+ client connectivity models to reduce supply chain and connectivity risk.

Threat Modeling Micro Segmentation SASE Data Flow & Architecture Review Identity and Access Management (IAM)DLP Incident Management Mitigation Planning

Technical Associate

Tata Communications Limited

Dec 2020 - Oct 2021 (10 months)

Supported internal and external audits by providing firewall rule sets, change logs, and network diagrams, remediating non-compliant rules and improving control effectiveness by 30%. Managed firewall/VPN access controls and tracked audit findings and approvals using AlgoSec and Archer.

Audit Support Firewall Rulebase Management Algosec Archer GRC Regulatory Compliance VPN Access Control

Technical Specialist

Wysetek System Technologists Pvt. Ltd

Jun 2017 - Dec 2020 (3 years 6 months)

Governed network and application security controls (WAF, firewalls, load balancers) for regulated clients, aligning delivery with ISO 27001, SOC 2 Security & Availability, and the NIST Cybersecurity Framework. Delivered audit-facing risk and control evidence (configs, change logs, SSL inventories, network diagrams) to achieve complete audit closure with minimal or no findings.

WAF Firewalls Load Balancers ISO 27001 NIST Cybersecurity Framework Audit Evidence

Desktop Support Engineer

IT Source Tech. Ltd

Jun 2016 - Feb 2017 (8 months)

Provided day-to-day support for network and system setups by configuring IP addressing and baseline network settings to improve asset identification and access visibility. Assisted with standard domain/device and Outlook/email configurations and helped reduce user-level security risk using secure proxy, browser, and endpoint settings while maintaining evidence for compliance reviews.

Desktop Support network settings IP Addresses Domain Policy Support Browser Security Settings