Open to opportunities

Himanshi Vashista

@himanshivashista

Message

GRC leader specializing in AI-enabled governance, risk, compliance, and privacy across global enterprises.

India

Message

What I'm looking for

I’m looking to lead AI-enabled GRC programs—owning privacy/regulatory compliance, third-party risk, and automated enterprise risk lifecycles—while partnering with engineering and legal to deliver measurable business outcomes.

I’m a GRC leader with 9+ years of experience designing and scaling governance, risk, and compliance programs across global organizations including JioHotstar (Disney+Hotstar), Salesforce, Ernst & Young, and MetLife. I’m proven in AI-enabled GRC and AI governance aligned to ISO/IEC 42001, and I drive enterprise privacy and regulatory compliance across DPDPA, GDPR, PIPEDA, CERT-In, and SOC 2 Privacy.

In my current role as Associate Director, GRC, I lead a team of 6 and spearhead AI implementation across risk assessment, compliance monitoring, and policy management. I automate the full enterprise risk lifecycle, extend DSPM to SOC 2 Privacy criteria, and strengthen access certification through hands-on UAR automation—while translating the GRC roadmap into executive-ready reporting and measurable business outcomes.

Experience

Work history, roles, and key accomplishments

Current

Associate Director, GRC

Current

JioHotstar

Nov 2025 - Present (7 months)

Led a team of 6 GRC professionals to drive AI-enabled governance and GRC automation aligned to ISO/IEC 42001. Owned enterprise privacy and regulatory compliance (DPDPA, GDPR, CERT-In), automated the risk lifecycle, and expanded SOC 2 Privacy coverage including data discovery, classification, and protection.

ISO 42001 AI Governance Privacy Regulations (GDPR CERT In Enterprise Risk Lifecycle Automation RSA Archer Drata N8n Automation

Tech Lead, GRC

Disney+Hotstar

Oct 2022 - Nov 2025 (3 years 1 month)

Designed and delivered enterprise GRC technology solutions integrating SOX, PCI-DSS, ISO 27001, SOC 2 (Privacy Trust Services), and SSAE 18 requirements. Automated the Enterprise Risk Register, Audit & Compliance board, and TPRM inventory using Drata and JIRA workflows, and supported privacy compliance across DPDPA, GDPR, PDPA, and PIPEDA.

GRC SOX Compliance PCI DSS ISO 27001 Drata JIRA Workflows Privacy Policy Routing Bot

Senior Analyst, Security & Compliance

Salesforce.com Inc.

Mar 2021 - Oct 2022 (1 year 7 months)

Managed cybersecurity and security/compliance RFI/RFPs across global markets and served as an SME for Salesforce CRM and Hyperforce. Ensured regulatory alignment for PCI-DSS, GDPR, and HIPAA, supported HITRUST-aligned customer audits, and achieved 100% completion for security and compliance training.

Salesforce Security PCI DSS GDPR HIPAA Audit Support

Senior Consultant, Risk Advisory & TPRM

Ernst & Young

Feb 2020 - Mar 2021 (1 year 1 month)

Led third-party risk management (TPRM) engagements by conducting inherent and residual risk assessments with business and security stakeholders. Designed TPRM frameworks, reviewed audit reports and policies (SOC 2, PCI-DSS, ISO 27001), and delivered stakeholder training on TPRM best practices.

Third Party Risk Management Inherent Residual Risk Assessments Client Stakeholder Management Risk Advisory SOC PCI DSS ISO 27001 Remediation Feedback

Associate/Senior Associate, Vendor Risk

MetLife

Feb 2017 - Feb 2020 (3 years)

Conducted vendor risk assessments and due diligence across IaaS, SaaS, PaaS, business services, consultants, legal services, TPAs, and brokers. Implemented a common control framework and administered risk assessments via RSA Archer, aligning controls with IRDAI guidelines and producing formal audit findings and risk recommendations.

Vendor Risk Assessment Due Diligence IaaS SaaS PaaS Risk Controls RSA Archer RSA Archer Risk Assessments IRDAI Regulatory Alignment Security Assessments Audit Findings & Recommendations