Open to opportunities

Sameer Gupta

@sameergupta1

Message

I lead third-party risk and cyber-resilience programs, aligning controls to ISO, SOX, GDPR, NIST, and PCI-DSS.

India

Message

What I'm looking for

I’m looking to lead TPRM and cyber-resilience programs where I can align governance to ISO/SOX/GDPR/NIST/PCI-DSS, close control gaps fast, strengthen vendor security posture, and operationalize AI governance with practical, audit-ready controls.

I’m a Governance, Risk, and Compliance professional focused on enterprise risk, cybersecurity, and regulatory alignment, with 9 years of experience driving TPRM, ITGC audits, data privacy, and business continuity initiatives for global financial services and Fortune 500 clients. I’m currently a Team Lead at MetLife, leading comprehensive risk assessments aligned with ISO 27001, SOX, GDPR, NIST, and PCI-DSS standards.

I deliver internal audits across SOX, ISO 27001, and PCI DSS, identifying and remediating 100+ control gaps across global client accounts. Across two audit cycles, I coordinated internal and external audits to achieve zero major non-conformities, and I improved audit readiness through enterprise-wide ITGC control testing across infrastructure and third-party environments.

I lead third-party due diligence and ongoing monitoring of vendor security posture, integrating risk scoring models into Archer GRC platforms. I’ve used tools like SIG Lite, ServiceNow, and MetricStream for control tracking, issue management, and real-time risk dashboarding, and I embed AI governance through frameworks aligned to ISO/IEC 42001 and the EU AI Act.

I’m recognized for audit readiness, cyber resilience, and impactful compliance training—having trained 30+ employees across cybersecurity awareness, data privacy, and GRC compliance. Through initiatives like the AI Discovery Initiative, I help teams identify AI use cases and build practical risk controls while strengthening resilience with improved BCP/DRP and vendor incident-readiness practices.

Experience

Work history, roles, and key accomplishments

Current

Team Lead, TPRM

Current

MetLife

Nov 2021 - Present (4 years 5 months)

Led enterprise-wide third-party risk management (TPRM) and governance aligned to ISO 27001, NIST, SOX, and PCI-DSS, driving vendor due diligence and control gap closure. Achieved zero non-conformities on SOX/PCI-DSS/ISO 27001 audits, closed 100+ control gaps, established AI governance frameworks, enhanced BCP/DRP for high-risk vendors, and trained 30+ employees on cyber/data privacy and GRC.

Third Party Risk Management Due Diligence ISO 27001 SOX PCI DSS NIST CSF Archer GRC ServiceNow GDPR Compliance EU AI Act

Executive - TPR Security

BMW India

Jul 2020 - Jul 2021 (1 year)

Conducted comprehensive third-party security risk assessments and developed actionable mitigation strategies for management and stakeholders. Monitored vendor performance against SLAs and led remediation of audit findings through corrective actions to strengthen vendor risk posture.

Third Party Risk Management Vendor Risk Management Risk Mitigation Audit Remediation

Project Manager - Vendor Risk

American Express

Jan 2020 - Jul 2020 (6 months)

Performed independent reviews and due diligence to assess third-party financial, regulatory, operational, and compliance risks. Coordinated with global teams and auditors to address high-risk contracts, implemented corrective actions, monitored KPIs/KRIs, and escalated risks to senior stakeholders.

Due Diligence Risk Analysis Regulatory Compliance KPIs Audit Coordination

Assistant Manager - Audits

Superhouse Ltd.

Sep 2017 - Dec 2019 (2 years 3 months)

Assisted audit processes by performing gap analysis and compliance monitoring to identify control gaps and strengthen the control environment. Monitored key metrics and provided recommendations to improve governance and remediation outcomes.

Compliance Monitoring Gap Analysis GRC Reporting Control Environment

Executive - Regulatory Compliance

International Institute of Fashion Design (INIFD)

Jun 2016 - Sep 2017 (1 year 3 months)

Supported regulatory compliance activities by managing audits, enforcing controls, and monitoring gap remediation. Conducted risk analysis and internal audit activities to improve compliance adherence and control effectiveness.

Regulatory Compliance Internal Audit Gap Remediation Tracking Enforcement Risk Analysis Compliance Management

Audit Assistant - Compliance

Mishra Satyendra & Co.

Dec 2014 - May 2016 (1 year 5 months)

Managed risk analysis, process planning, and compliance activities while ensuring timely coordination with auditors for process improvements. Supported audit readiness by contributing to compliance execution and remediation planning.

Risk Analysis & Compliance Evidence Tracking