Summary
Overview
Work History
Education
Skills
Timeline
Generic

Pavanth Pachipala

Toronto

Summary

Information Security Analyst with 3+ years of experience in governance, risk, and compliance (GRC), supporting large-scale security and compliance initiatives in the insurance industry. Skilled in conducting risk assessments, third-party security reviews, and ITGC control validation, with a focus on ISO 27001, SOC 2, GDPR, and PCI-DSS frameworks. Adept at collaborating with technology and business units to close compliance gaps, strengthen policies, and implement proactive security measures. Recognized for building audit-ready documentation, enhancing security awareness, and supporting enterprise resilience programs.

Overview

3
3
years of professional experience

Work History

Information Security Analyst – GRC

Allstate India
07.2020 - 12.2023
  • Conducted risk assessments across business and IT processes, applying probability-impact models to evaluate risk exposure
  • Introduced automated evidence collection templates, cutting audit preparation time by 25%
  • Supported ISO 27001 certification and SOC 2 audits, preparing Statements of Applicability (SOA), control narratives, and remediation evidence
  • Performed ITGC and SOX control validation, including user access reviews, change management, and system configuration testing
  • Authored and maintained security policies, standards, and SOPs covering data classification, vendor management, and incident response
  • Managed third-party/vendor risk assessments, reviewing contracts, SLAs, and security questionnaires.
    Collaborated with IT teams to track and remediate vulnerability scan results, reducing outstanding high-risk issues by 40%
  • Conducted IAM and privileged access reviews for core applications, identifying excessive access and enforcing least-privilege
  • Developed compliance dashboards and risk registers in GRC platforms to enhance leadership reporting
  • Assisted in incident response investigations, documenting RCAs and lessons learned for phishing and insider threat events
  • Participated in BCP/DR exercises, validating recovery objectives and updating response documentation
  • Delivered awareness training sessions and phishing simulations, improving employee reporting rates by 30%
  • Reduced audit and compliance gaps by 35% year-over-year through proactive remediation
  • Partnered with data privacy teams to ensure GDPR and PCI-DSS compliance, including encryption and retention controls
  • Collaborated with external auditors, ensuring zero repeat findings during successive audit cycles

Education

GED -

Centennial College
Toronto, ON
04-2025

GED -

Pures College of Technology
Toronto, ON
08-2024

Bachelor of Science -

JNTUH
Hyderabad, India
05-2020

Skills

  • Governance & Frameworks: ISO 27001:2022, SOC 2, NIST CSF, PCI-DSS, GDPR
  • Risk & Audit: Risk Assessments, Gap Analysis, SOX/ICFR Controls, Evidence Collection
  • Security Operations: SIEM Monitoring (QRadar, Splunk), IAM Reviews, Access Control, DLP
  • Vendor Assurance: Third-Party Risk Reviews, Security Questionnaires, Compliance Reporting
  • Continuity & Response: BCP/DR Planning, Phishing Simulations, Incident Handling, RCA
  • Documentation & Reporting: Policies & SOPs, RCMs, SOAs, Compliance Dashboards, Audit Presentations
  • Cloud & IT Controls: Azure & AWS Security, Endpoint Security, Encryption, MFA

Timeline

Information Security Analyst – GRC

Allstate India
07.2020 - 12.2023

GED -

Centennial College

GED -

Pures College of Technology

Bachelor of Science -

JNTUH

Similar Profiles

CREATE PROFILE
Pavanth Pachipala