Summary
Overview
Work history
Education
Skills
Certification
Timeline
Generic

ANKITA MEHDIRATTA

London,UK

Summary

Ankita is a seasoned Information Technology Risk manager with 10 years of experience in security Governance, Risk and Compliance (GRC) supporting clients in the financial services and consumer industries across US and UK. Ankita has proven expertise in leading information security risk and capability maturity assessments, integrated security controls framework and policy / procedure development, security strategy and regulatory compliance projects, cyber security awareness and training.

Other focus areas include third-party risk management, cloud security, insider risk, controls testing, operating cyber programs.

Adept at stakeholder engagement, cross-cultural team collaboration strong commitment to team development and continuous learning

Overview

15
15
years of professional experience
2
2
years of post-secondary education
1
1
Certification

Work history

Manager

Deloitte LLP
London
03.2012 - 07.2025
  • CISO, major financial org, nist, reported uplift these areas, global reassurance in UK
  • Cybersecurity Maturity Assessments against the NIST CSF
  • Led the assessment with delivery support from a consultant – led stakeholder interviews, documentation review and gap analysis.
  • Developed tailored recommendations and a prioritized roadmap. Supported security risk management at the client by evaluating risk related to current issues and reporting to the Board and risk committees.
  • Cyber Program Planning – key outcome, highlight priorituse cyber investment – 180mn budget
  • As the Engagement Manager led a team of senior consultants and consultants to deliver Cyber Program Planning, defining the project portfolio that enables prioritisation and cost estimation using risk scoring and budget calculation mechanisms.
  • Delivered executive-level reporting and stakeholder updates across governance forums and steering committees.
  • Interacted with business stakeholders and technology groups to provide wider support to the program management office.
  • ISO/IEC 27001:2022 Certification
  • Lead a team of 3 juniors in the execution of the ISO27001 compliance program, ensuring timely delivery and alignment with regulatory requirements.
  • Supported the client with certification against the newly released ISO/IEC 27001:2022 standard by scoping and performing a controls assessment against the select controls.
  • Performed testing to identify gaps in controls design and implementation and developed the risk and controls matrix (RACM).
  • Training and Awareness, Executive Wargaming and Tabletop Exercise
  • Organized a training and awareness session to educate the executive committee on the current threat landscape and impacts of data breach.
  • Designed and facilitated cyber tabletop exercises simulating data breach scenarios for Board and Executive Committee.
  • Delivered post-exercise risk reports with actionable recommendations mapped to Operational Resilience and risk mitigation goals.
  • Cybersecurity Policy and Controls Framework
  • Conducted a comprehensive review of existing information security (IS) policies, standards, and procedures across all domains (e.g., access control, data protection, asset management, vulnerability management) and performed a gap analysis aligned with regulatory requirements (GDPR, HIPAA), industry standards (NIST 800-53, ISO27001) and best practices (CIS).
  • Conducted stakeholder (control owners, business owners, compliance, legal) workshops and SME interviews to understand current practices and identify policy intent versus actual implementation.
  • Developed the policy hierarchy, IS Policy, supporting standards, guidelines, and procedures.
  • Refreshed or authored information security policies, standards and guidelines across all security domains, linking each policy control to the applicable regulatory or framework requirement.
  • Controls Testing Evaluation and Assurance
  • Reviewed the existing controls testing processes at the client to identify deficiencies and areas of improvement regarding methodology, approach, documentation etc. for controls testing.
  • Provided actionable recommendations, and helped design a mature, repeatable controls testing process.
  • This engagement was performed in line with Skilled Person Reviews for Financial Conduct Authority (FCA).
  • Third-Party Risk and Controls Assessment
  • Built supplier risk management program from the ground up including categorization methodology, risk workflows, and control checks.
  • Conducted cyber risk assessments for critical vendors using RiskRecon, Archer, and Jira, supporting both cloud and on-premises environments.
  • Tracked residual risks and collaborated with internal and external stakeholders to mitigate exposure.
  • Security Risk Policies and Cloud Governance
  • Created cloud-specific information security risk and governance policies aligned to NIST 800-53 and secure cloud adoption practices.
  • Developed procedures for data protection, IAM, and CI/CD governance (including threat modelling, application security, vulnerability management) across the cloud environments.
  • Information Security Strategy and Maturity Assessment
  • Supported design of multi-year cybersecurity strategy and roadmap.
  • Conducted recurring (series of 4) cyber capability maturity assessments against NIST CSF, benchmarking with industry peers.
  • Monitored risk remediation efforts and reported progress to both technical and executive stakeholders.

Systems engineer

Infosys Limited
, India
03.2010 - 06.2012
  • Collaborated closely with stakeholders on project requirements definition and scope delineation, achieving better alignment between business needs and technological capabilities.

Education

Master of Business Administration - Information Technology

Symbiosis Center for Information Technology
India
06.2012 - 03.2014

Skills

  • Security Frameworks: ISO27001
  • NIST CSF
  • CIS
  • CI/CD
  • IAM
  • Vulnerability Management
  • Compliance and Governance: GDPR
  • HIPAA
  • Cloud (risk focus): AWS
  • IT Risk Management: NIST 800-53
  • CPNI Personnel Security
  • Stakeholder Communication and Reporting
  • Security Awareness & Training
  • IT controls testing

Certification

  • ITIL V3 Foundation certified
  • Certified ISO 27001 Lead Implementer
  • In Progress / Targeted: CISSP, CGRC

Timeline

Master of Business Administration - Information Technology

Symbiosis Center for Information Technology
06.2012 - 03.2014

Manager

Deloitte LLP
03.2012 - 07.2025

Systems engineer

Infosys Limited
03.2010 - 06.2012
ANKITA MEHDIRATTA