ANKITA MEHDIRATTA
London,UK
Summary
Ankita is a seasoned Information Technology Risk manager with 10 years of experience in security Governance, Risk and Compliance (GRC) supporting clients in the financial services and consumer industries across US and UK. Ankita has proven expertise in leading information security risk and capability maturity assessments, integrated security controls framework and policy / procedure development, security strategy and regulatory compliance projects, cyber security awareness and training.
Other focus areas include third-party risk management, cloud security, insider risk, controls testing, operating cyber programs.
Adept at stakeholder engagement, cross-cultural team collaboration strong commitment to team development and continuous learning
Overview
15
15
years of professional experience
2
2
years of post-secondary education
1
1
Certification
Work history
Manager
Deloitte LLP
London
03.2012 - 07.2025
- CISO, major financial org, nist, reported uplift these areas, global reassurance in UK
- Cybersecurity Maturity Assessments against the NIST CSF
- Led the assessment with delivery support from a consultant – led stakeholder interviews, documentation review and gap analysis.
- Developed tailored recommendations and a prioritized roadmap. Supported security risk management at the client by evaluating risk related to current issues and reporting to the Board and risk committees.
- Cyber Program Planning – key outcome, highlight priorituse cyber investment – 180mn budget
- As the Engagement Manager led a team of senior consultants and consultants to deliver Cyber Program Planning, defining the project portfolio that enables prioritisation and cost estimation using risk scoring and budget calculation mechanisms.
- Delivered executive-level reporting and stakeholder updates across governance forums and steering committees.
- Interacted with business stakeholders and technology groups to provide wider support to the program management office.
- ISO/IEC 27001:2022 Certification
- Lead a team of 3 juniors in the execution of the ISO27001 compliance program, ensuring timely delivery and alignment with regulatory requirements.
- Supported the client with certification against the newly released ISO/IEC 27001:2022 standard by scoping and performing a controls assessment against the select controls.
- Performed testing to identify gaps in controls design and implementation and developed the risk and controls matrix (RACM).
- Training and Awareness, Executive Wargaming and Tabletop Exercise
- Organized a training and awareness session to educate the executive committee on the current threat landscape and impacts of data breach.
- Designed and facilitated cyber tabletop exercises simulating data breach scenarios for Board and Executive Committee.
- Delivered post-exercise risk reports with actionable recommendations mapped to Operational Resilience and risk mitigation goals.
- Cybersecurity Policy and Controls Framework
- Conducted a comprehensive review of existing information security (IS) policies, standards, and procedures across all domains (e.g., access control, data protection, asset management, vulnerability management) and performed a gap analysis aligned with regulatory requirements (GDPR, HIPAA), industry standards (NIST 800-53, ISO27001) and best practices (CIS).
- Conducted stakeholder (control owners, business owners, compliance, legal) workshops and SME interviews to understand current practices and identify policy intent versus actual implementation.
- Developed the policy hierarchy, IS Policy, supporting standards, guidelines, and procedures.
- Refreshed or authored information security policies, standards and guidelines across all security domains, linking each policy control to the applicable regulatory or framework requirement.
- Controls Testing Evaluation and Assurance
- Reviewed the existing controls testing processes at the client to identify deficiencies and areas of improvement regarding methodology, approach, documentation etc. for controls testing.
- Provided actionable recommendations, and helped design a mature, repeatable controls testing process.
- This engagement was performed in line with Skilled Person Reviews for Financial Conduct Authority (FCA).
- Third-Party Risk and Controls Assessment
- Built supplier risk management program from the ground up including categorization methodology, risk workflows, and control checks.
- Conducted cyber risk assessments for critical vendors using RiskRecon, Archer, and Jira, supporting both cloud and on-premises environments.
- Tracked residual risks and collaborated with internal and external stakeholders to mitigate exposure.
- Security Risk Policies and Cloud Governance
- Created cloud-specific information security risk and governance policies aligned to NIST 800-53 and secure cloud adoption practices.
- Developed procedures for data protection, IAM, and CI/CD governance (including threat modelling, application security, vulnerability management) across the cloud environments.
- Information Security Strategy and Maturity Assessment
- Supported design of multi-year cybersecurity strategy and roadmap.
- Conducted recurring (series of 4) cyber capability maturity assessments against NIST CSF, benchmarking with industry peers.
- Monitored risk remediation efforts and reported progress to both technical and executive stakeholders.
Systems engineer
Infosys Limited
, India
03.2010 - 06.2012
- Collaborated closely with stakeholders on project requirements definition and scope delineation, achieving better alignment between business needs and technological capabilities.
Education
Master of Business Administration - Information Technology
Symbiosis Center for Information Technology
India 06.2012 - 03.2014
Skills
- Security Frameworks: ISO27001
- NIST CSF
- CIS
- CI/CD
- IAM
- Vulnerability Management
- Compliance and Governance: GDPR
- HIPAA
- Cloud (risk focus): AWS
- IT Risk Management: NIST 800-53
- CPNI Personnel Security
- Stakeholder Communication and Reporting
- Security Awareness & Training
- IT controls testing
Certification
- ITIL V3 Foundation certified
- Certified ISO 27001 Lead Implementer
- In Progress / Targeted: CISSP, CGRC
Timeline
Master of Business Administration - Information Technology
Symbiosis Center for Information Technology
06.2012 - 03.2014
Manager
Deloitte LLP
03.2012 - 07.2025
Systems engineer
Infosys Limited
03.2010 - 06.2012
Similar Profiles
DEIRDRE TIMMSDEIRDRE TIMMS
Staff Accountant II at Deloitte LLPStaff Accountant II at Deloitte LLP
Nitin ParsoothNitin Parsooth
Global Payroll & Compensation Lead at Deloitte LLPGlobal Payroll & Compensation Lead at Deloitte LLP
Adam CichockiAdam Cichocki
Partner at Deloitte LLPPartner at Deloitte LLP
Jose Toledo SalesJose Toledo Sales
Assistant Manager at Ole & Steen, Canary WharfAssistant Manager at Ole & Steen, Canary Wharf
Ibrahim AbdellaIbrahim Abdella
Barista and Roastery production assistant at The Colombian Coffee CompanyBarista and Roastery production assistant at The Colombian Coffee Company