Swayam Nandi

I’m a B.Tech CS graduate and ISO/IEC 27001:2022 Certified Lead Auditor with six months of GRC consulting at Deloitte for enterprise banking clients. I specialize in turning compliance requirements into clear, structured audit findings and risk treatment recommendations.

In my Deloitte role, I conducted ISO/IEC 27001:2022 Annex A control assessments, evaluated control effectiveness, and supported audit lifecycle activities from planning through corrective action tracking. I also performed compliance gap analyses against ISO 27001, NIST, and PCI-DSS, ensuring stakeholders received practical, defensible outcomes.

I co-developed security policy frameworks and governance documentation, communicating results through written reports and client deliverables. My compliance training spans nine international frameworks, including NIST, ISO 27001/27002, COBIT, PCI-DSS, HIPAA, GDPR, DPDP Act, and CCPA, and I’ve completed CompTIA Network+, Security+, and Cloud+ coursework.

My GRC portfolio reflects hands-on judgment across real scenarios—covering PCI DSS network segmentation review, ISO 27001 Statement of Applicability (all 93 controls), EU AI Act high-risk assessment (Articles 9–15), GRC control automation design, and enterprise risk acceptance documentation. I prioritize assumptions, trade-offs, and residual risk acknowledgment—never “template” thinking.