system status: active

Sai Seran S

> Senior GRC Analyst — Interim ISO 27001 Program Manager

ISO 27001 Program Manager
LocationHyderabad, India
LinkedIns-sai-seran

module // 01

Summary

Information security professional with 5+ years of experience and a certified ISO/IEC 27001:2022 ISMS Lead Auditor credential. Expertise in assessing internal controls, identifying risks, and reporting to stakeholders to drive corrective actions. Skilled in evaluating security policies and exception requests, with hands-on experience developing Power BI dashboards for Key Risk Indicators and Key Performance Indicators. Proficient in supplier risk management, customer RFQs, and compliance program management across ISO 27001, TISAX audits, NIST CSF assessments, and internal control automation.

Quick to pick up and apply new tools and technologies — from GRC platforms to self-hosted infrastructure — to optimize processes and cut manual effort. Regularly plans and builds automation using AI agents and tools like Claude and Microsoft Copilot to accelerate day-to-day work, and runs Ollama and local LLMs for personal AI-based project development.

5+ yrsexperience

module // 02

Core Competencies

governance & risk

ISO 27001 Lead Auditor
Risk & Compliance
Security Exception Mgmt.
NIST CSF
TISAX
Third-Party Risk Mgmt.
Program Management
GRC Tools

security & strategy

Information Security
Emerging Tech Adoption
Process Optimization

automation & ai

Automation Planning
AI Agents & Tools (Claude, Microsoft Copilot)
Ollama & Local LLMs
Python

infrastructure & systems

Docker & Containerization
Server Administration
IT Troubleshooting
Microcontroller Programming
Embedded Systems

module // 03

Certifications

ISO/IEC 27001:2022 Information Security Management Systems (ISMS) Lead Auditor
AZ-900 — Microsoft Azure Fundamentals
MTA — Database Management

module // 04

Work Experience

Senior GRC Analyst — Interim ISO 27001 Program Manager
Micron Technologies
  • Lead the global ISO 27001 program as Program Manager and core ISMS team member, steering strategic roadmap and cross-functional governance to elevate organizational security posture by 30%.
  • Drive end-to-end risk lifecycle management — identification, assessment, mitigation, and continuous monitoring — enhancing risk visibility across the org.
  • Oversee governance of policy and security exception requests, ensuring compliance with corporate mandates and regulatory requirements.
  • Manage internal and third-party audit programs end to end, reducing audit findings year-over-year.
  • Build and maintain Power BI dashboards giving senior leadership real-time visibility into third-party risk, internal assessments, and exception backlogs.
  • Respond to customer inquiries on the organization's security posture, sustaining a 95% customer satisfaction rate.
  • Author and maintain SOPs standardizing risk management processes enterprise-wide.
Cyber Risk Analyst
KPMG Global Services
  • Developed and monitored ServiceNow dashboards and KRIs for accurate risk tracking and reporting.
  • Collected, analyzed, and updated KRI-specific data to maintain real-time risk visibility.
  • Analyzed policy exceptions weekly, mapping them to control objectives and associated risks.
  • Delivered KRI activity reports to leadership to support informed decision-making.
  • Automated the KRI data collection process, cutting manual effort by ~30% and improving accuracy.
IoT Automation
Technical Hub
  • Developed IoT-based automation solutions integrating with existing manual processes.
  • Programmed microcontrollers and worked with microprocessors to interface sensors and actuators for embedded IoT devices.
  • Built backend server code in Python with MongoDB and SQL as non-server data storage.

module // 05

Projects

grc

Audit Support

Coordinated internal readiness for ISO 27001 and NIST CSF frameworks, defined controls, and educated control owners through the audit lifecycle — evidence deadlines, interviews, and documentation.

grc

Risk Management: Centre of Excellence

Analyzed risk forecasting frameworks and built KRIs and dashboards using ServiceNow Performance Analytics, plus automation for firm-wide KRI data collection.

grc

ISO 27001 Compliance Program

Ran day-to-day global ISO 27001 readiness as a core ISMS team member — reviewing Annex A controls with engineering, IT, and legal, and closing gaps before formal audits.

grc

Disaster Recovery Management

Assumed temporary leadership of the DR function, managing recovery simulations and business continuity exercises while expanding program scope.

grc

Customer Trust Program

Managed customer inquiries on the org's security posture, coordinating with technical teams for accurate, legally-approved responses — sustaining 95% satisfaction.

module // 06

Personal Projects & Technical Interests

Outside of GRC work, I build and self-host infrastructure end to end — from server setup to application code — largely in support of a personal gaming and content-creation operation.

deployed

Home Media Server & Homelab

Self-hosted a suite of media and photo management services via Docker on a Windows PC, with GPU-accelerated transcoding, a reverse proxy for secure access, and OAuth-based authentication.

deployed

Automated Streaming & Clip Pipeline

A five-scene OBS setup with NVENC encoding, paired with Python scripts for audio-peak-based clip detection, faster-whisper transcription, and automated folder watching across a two-machine workflow.

ongoing

Gaming & Content Creation

Stream and create gaming content across PC, PS5, and Xbox Series X, publishing clips and highlights weekly on YouTube and Instagram.

module // 07

Education

2020
Post Graduate Program — Cyber Security
Aegis School of Data Science, Cyber Security and Telecommunication
2019
B.Tech / B.E. — Electronics and Telecommunication Engineering
Aditya College of Engineering, Surampalem

module // 08

Additional Information

Gaming (PC / PS5 / Xbox)
Content Creation & Streaming
Custom PC Building
Running
Travelling
English
Hindi
Telugu