Surabhi S, CISSP — Business Analyst

Information Security & GRC professional with 5+ years of experience leading global compliance, audit, and risk management programs across complex regulatory environments. I specialize in translating regulatory requirements into practical, scalable security programs that enable business growth. As a Global Compliance Lead, I have owned and delivered end-to-end ISO external audits across multiple geographies, strengthening organizational maturity through strategic planning, executive stakeholder alignment, and disciplined execution. I have successfully implemented and certified ISO 27001:2022, ISO 22301:2019, and ISO 27701:2019, directly supporting enterprise readiness, customer assurance, and regulatory commitments. My experience extends to SOC 2 and HITRUST assurance engagements, internal audits, and Third-Party Supplier Risk Management, where I work closely with cross-functional teams to identify, assess, and mitigate risk in real-world operational contexts. I am actively involved in AI governance and risk initiatives, contributing to ethical and compliance guardrails, and secure adoption strategies that align innovation with responsible security practices particularly at the intersection of GRC and emerging technologies. CISSP-certified, detail-driven, and collaborative by nature, I focus on building resilient, audit-ready security programs while fostering a proactive, business-aligned compliance culture.

Stackforce AI infers this person is a seasoned Information Security and GRC professional with a focus on compliance in complex regulatory environments.

Location: Thiruvananthapuram, Kerala, India

Experience: 4 yrs 11 mos