Open to opportunities

PANGULURI SAI DEEPIKA

@pangulurisaideepika

Message

I’m a GRC and information security leader specializing in ISO 27001 automation.

India

Message

What I'm looking for

I’m looking for a role where I can lead ISO 27001/GRC automation, partner cross-functionally, and drive audit-ready compliance with measurable risk reduction in fast-paced fintech/SaaS environments.

I’m a Certified ISO 27001 Lead Implementer and CPISI professional with 5+ years of experience leading Governance, Risk, and Compliance (GRC) initiatives across FinTech and SaaS environments. I implement, operationalize, and automate compliance programs including ISO 27001, PCI DSS, SOC 2, FedRAMP, and HIPAA using Hyperproof, Sprinto, Scrut Automation, and ControlMap.

I’ve managed RBI, SEBI, and NPCI regulatory compliance while running enterprise risk assessments and driving audit readiness initiatives end-to-end. At Cloudflare, I reduced manual audit evidence collection effort by 60% through Hyperproof automation workflows, and I integrated FedRAMP and PCI DSS control mappings into GRC automation workflows for better evidence validation.

I thrive partnering with Engineering, Product, Legal, Audit, and Leadership to strengthen security posture and compliance maturity. At Last9, I established the information security and compliance program from the ground up, while at Groww I led ISO 27001:2022 across 4 business entities with zero major non-conformities during certification audits.

Experience

Work history, roles, and key accomplishments

Current

Information Security GRC Analyst

Current

Cloudflare

Jan 2026 - Present (5 months)

Integrated FedRAMP and PCI DSS control mappings into GRC automation workflows and improved evidence validation and audit alignment. Automated audit evidence collection workflows, reducing manual evidence effort by 60%, and supported CCF attestation and continuous compliance monitoring using Hyperproof.

FedRAMP PCI DSS GRC Audit Evidence Hyperproof CCF Attestation AI Workflow Automation Compliance Monitoring Control Mappings

Lead Information Security Engineer

Last9

Aug 2025 - Nov 2025 (3 months)

Owned and operationalized the information security and compliance program from scratch, establishing ISMS governance and audit readiness practices. Implemented SOC 2, ISO 27001, PCI DSS, and HIPAA using Sprinto, built policy frameworks (AI governance, vendor management, access control, incident response, acceptable use), and managed third-party risk and technology risk registers.

SOC ISO 27001 PCI DSS HIPAA Sprinto Third Party Risk Management Policy Governance Technology Risk Management Risk Register

Senior Information Security Engineer

Groww

Aug 2024 - Aug 2025 (1 year)

Led ISO 27001:2022 implementation across four business entities, driving gap assessments, internal and external certification audits, and achieving zero major non-conformities. Owned BISO responsibilities and supported regulatory alignment across SEBI CSCRF and RBI/SEBI/NPCI requirements while executing PCI DSS compliance and SOC 2 Type II readiness activities.

ISO 27001 Audit Readiness BISO Responsibilities SEBI CSCRF PCI DSS SOC II Third Party Risk Management

Information Security Engineer

Groww

Jul 2021 - Aug 2024 (3 years 1 month)

Developed and operationalized security policies and procedures aligned to ISO 27001, RBI, SEBI, and PCI DSS requirements, and drove enterprise IT risk assessments using SEBI CSCRF. Conducted RCSA and TPRM assessments, performed control validation across IAM and vulnerability management, and managed ISMS/GRC operations with Scrut Automation and ControlMap.

ISO 27001 RBI SEBI NPCI Compliance Enterprise Risk Management Vulnerability Management Scrut Automation

Information Security Intern

Groww

Jan 2021 - Jun 2021 (5 months)

Assisted ISO 27001 implementation and CIS Controls enforcement across business entities by supporting ISMS policy development, audit checklists, and compliance validation. Contributed to database security governance and internal compliance monitoring activities.

ISO 27001 CIS ISMS Policy Development Validation Database Security Compliance Monitoring Security Governance

Security Test Engineer

Digilocker (Government of India)

Oct 2020 - Mar 2021 (5 months)

Performed web application security testing and vulnerability assessments for government digital platforms, identifying and documenting issues with remediation recommendations. Supported daily security reporting and vulnerability tracking to drive closure of findings.

Security Testing Vulnerability Assessment Vulnerability Reports