Open to opportunities

Siddharth Subramaniam

@siddharthsubramaniam

Message

Cybersecurity & GRC leader specializing in ISO 27001:2022 and SOC 2 programs—building ISMS frameworks that cut risk.

India

Message

What I'm looking for

I’m looking for a security leadership role where I can own ISO 27001/SOC 2 programs, strengthen risk management and compliance execution, and partner cross-functionally to reduce vulnerabilities and improve audit outcomes.

I’m a results-driven Cybersecurity and GRC professional with 5+ years of hands-on experience leading ISO 27001:2022 and SOC 2 Type II programmes across multi-national operations spanning India, UK, Australia, Bulgaria, and the USA.

In my current role as an IT Risk and Compliance Specialist, I spearheaded ISO 27001:2022 certification for 2025 & 2026 with ISMS scope across five global offices, delivering “zero non-conformities” at each cycle. I also drove SOC 2 Type II accreditation by using the ISO 27001 control framework to reduce duplicated audit effort, and I built an in-house GRC tool to replace a third-party SaaS platform and save approximately £5,000 annually.

I’m at my best translating complex security requirements into actionable business outcomes—authored ISMS policies, maintained a live risk register through regular assessment cycles, and led teams across audit readiness, incident readiness (including tabletop exercises and wargames), and vulnerability management. Previously, as a Manager and Senior Unit Manager – Information Security, I led security operations for a fintech SaaS platform, achieved a 95% reduction in open vulnerabilities, managed SOC 2 Type II audits across cycles, and served as a security SPOC for major banking and NBFC clients.

Experience

Work history, roles, and key accomplishments

Current

IT Risk and Compliance Specialist

Current

ClearRoute India Pvt. Ltd.

Jan 2025 - Present (1 year 4 months)

Spearheaded ISO 27001:2022 certification for 2025–2026 across five global offices, ensuring zero non-conformities at each cycle and driving SOC 2 Type II accreditation using the ISO control framework. Built an in-house GRC tool to replace third-party SaaS (saving ~£5,000 annually), improved remediation throughput with an NCCA tracker, and maintained ISMS and incident response documentation aligned

ISO 27001 SOC II ISMS GRC Tooling Risk Management NCCA Tracker Incident Response Policy Development AWS

Senior Unit Manager, Security

Bajaj Finserv Ventures Ltd.

Dec 2023 - Jan 2025 (1 year 1 month)

Acted as sole information security lead for a newly established Bajaj Finance group entity, building an ISMS from scratch and remediating end-to-end security posture in the first quarter. Resolved critical Cisco SWG, firewall, and VPN misconfigurations, redesigned endpoint management for 1,700+ assets, and cleared banking/partner audits with no material findings.

ISMS Information Security Leadership Firewalls VPN Endpoint Security Access Control Incident Management Tabletop Exercises

Manager – Information Security

Lentra AI Pvt. Ltd.

Jun 2020 - Nov 2023 (3 years 5 months)

Led a 11-member information security team managing security operations, audit readiness, and compliance programs for a fintech SaaS platform. Delivered a vulnerability management program that reduced open vulnerabilities by 95%, managed SOC 2 Type II audits with minimal observations, and served as a security SPOC for 10+ banking/NBFC clients, including launching a customer trust portal and running

SOC II Vulnerability Management Penetration Testing Audit Readiness Trust Portal Stakeholder Management Security Awareness Training Security Questionnaires

Information Security Intern

BDO LLP

Nov 2019 - May 2020 (6 months)

Performed web application penetration testing and network vulnerability assessments for BFSI clients, identifying and reporting critical and high-severity findings. Used Burp Suite, Nmap, and Metasploit to simulate real-world attack scenarios and validate remediation effectiveness.

Penetration Testing Vulnerability Assessment Burp suite Nmap Metasploit Vulnerability Reports Remediation Validation