Open to GRC Roles · Melbourne, AU

Cybersecurity GRC
Professional.

Bridging 5 years of commercial lending operations with hands-on cybersecurity GRC — assessing risks, mapping controls and building practical recommendations across ISO 27001, NIST CSF 2.0, APRA CPS 234 and Essential Eight.

LinkedIn pooja.mangwani@hotmail.com
View Projects Get In Touch

Background

About Me

Pooja Mangwani

I am building a career in cybersecurity Governance, Risk and Compliance, bringing 5 years of commercial lending operations experience into the field.

Through hands-on projects I have worked across ISO 27001, NIST CSF 2.0, APRA CPS 234 and Essential Eight — assessing risks, mapping controls and developing practical recommendations. This portfolio showcases my GRC project work as I grow in this space.

  • LocationMelbourne, Australia
  • Emailpooja.mangwani@hotmail.com
  • FocusCybersecurity GRC · Security Risk Assessments · ISO 27001 · NIST · Essential Eight · APRA CPS 234 · IT Risk Management · IAM

Work

Projects

OSCORP Cybersecurity GRC Assessment
Solo Project

A full cybersecurity GRC assessment of Oscorp evaluating their security posture against ISO 27001 and NIST CSF 2.0, with a gap analysis, risk register and prioritised remediation roadmap.

ISO 27001 NIST CSF 2.0 Gap Analysis Risk Register GRC

Background

Oscorp is a technology and research organization with an established IT function but limited cybersecurity maturity. While the organization has invested in foundational IT controls such as business continuity, network security and physical security, significant gaps exist across critical cybersecurity domains including identity and access management, detection and response, vulnerability management and third party risk.

Deliverables

  • Current State Assessment

    Reviewed Oscorp's existing security controls across all key domains — documenting what is in place, what is working well and areas of concern. This formed the foundation for all subsequent analysis.

  • Gap Analysis

    Compared Oscorp's controls against ISO 27001 and NIST CSF 2.0 requirements, rating each gap as Critical, High, Medium or Low. Key findings included the absence of MFA, no SIEM capability, shared admin passwords and no formal vulnerability management program.

  • Risk Register

    Identified the top 13 cybersecurity risks facing Oscorp, scored by likelihood and impact (1–5). Each risk includes the threat, current control and recommended control. Critical and High risks require immediate leadership attention.

  • Recommendations & Roadmap

    A prioritised roadmap organised into immediate, short-term and medium-term timeframes, mapped to NIST CSF 2.0 and ISO 27001. Recommended for board-level presentation given the number of critical gaps identified.

More projects coming soon

Currently working on additional GRC assessments and framework implementations.

Expertise

Skills & Frameworks

GRC Frameworks

ISO 27001 NIST CSF 2.0 APRA CPS 234 Essential Eight

GRC Capabilities

Risk Assessment Gap Analysis Control Mapping Risk Register Remediation Planning Policy Development Compliance Monitoring

Domain Knowledge

Cybersecurity Governance Third-Party Risk Incident Response Planning Business Continuity Commercial Lending Operations Financial Services

Certifications

🎓 ISO 27001 Lead Auditor 🎓 GRC Mastery 🎓 Microsoft SC-900 🎓 CompTIA Security+ 🎓 Vulnerability Management Foundation 🎓 Okta Professional

Get In Touch

Contact

Interested in collaborating or have a GRC opportunity? I'd love to connect.