Abhinav Dahiya

Experienced and results-oriented Information Security Consultant with over four years of expertise in Governance, Risk, Compliance (GRC), and Data Privacy. Specializes in designing and implementing comprehensive frameworks aligned with global standards such as ISO 27001, ISO 27701, GDPR, and PCI DSS, ensuring robust information security management, regulatory compliance, and data protection for organizations across the IT and retail sectors. Proficient in conducting risk assessments, developing customized security and privacy policies, and managing end-to-end GRC projects. Skilled in implementing data privacy frameworks, ensuring compliance with GDPR and other privacy regulations, and safeguarding sensitive customer and organizational information. Adept at identifying vulnerabilities, mitigating risks, and enhancing organizational security postures through effective governance and strategic planning. Excels in delivering complex initiatives on time and within scope while driving measurable results, such as reducing compliance audit findings, improving third-party risk management processes, and fostering a culture of information security and data privacy awareness. Demonstrates a commitment to helping organizations navigate the evolving threat landscape while achieving business objectives through robust information security practices.

• Certified Associate in Project Management (CAPM)-Project Management Institute
• ISO27701- Lead Auditor in Privacy Information Management Systems ISO/IEC27701:2019, Certified Partner Global

• Governance, Risk, and Compliance (GRC):
• Designed and implemented comprehensive GRC frameworks aligned with global standards such as ISO27001, GDPR, and PCI DSS, ensuring compliance and mitigating organizational risks.
• Conducted detailed risk assessments to identify, evaluate, and prioritize potential risks, enabling the development of targeted mitigation strategies and improving security postures.
• Developed policies and procedures for governance and compliance, tailored to client-specific needs, streamlining processes and ensuring adherence to regulatory requirements.
• Managed end-to-end GRC projects, including scope definition, risk analysis, and stakeholder engagement, delivering projects on time and within budget.
• Led internal and external audit preparations, ensuring a significant reduction in audit findings and improving regulatory compliance.
• Implemented third-party risk management frameworks, evaluating vendor security practices and ensuring compliance with contractual obligations and standards.
• Data Privacy:
• Designed and implemented data privacy frameworks in compliance with GDPR, Data Protection Act (UK), and other privacy regulations, safeguarding sensitive personal and organizational data.
• Conducted Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) to identify privacy risks and implement corrective actions.
• Audited data processing activities to ensure compliance with legal and regulatory requirements, providing recommendations for improvement.
• Developed and enforced policies around data retention, access control, and encryption, reducing the risk of data breaches and enhancing data lifecycle management.
• Delivered targeted training programs on data privacy best practices, improving awareness and compliance among client teams.
• Monitored and responded to data privacy incidents, ensuring timely resolution and compliance with reporting obligations under GDPR and similar regulations.