GRC · Cybersecurity · AI Safety Governance
Sai
Rakshith.
· ISO 27001/NIST CSF/COBIT policy development
· Vulnerability assessments across 3 enterprise clients
· 35% reduction in mean response time · Invesco Cyber Incident Response Analyst · Sep 2021–Nov 2022 · End-to-end incident investigation, PCI DSS scope
· NIST 800-61 framework across 3 regional SOC teams
· 40% reduction in false positive alert volume
· Trained 15 junior analysts on triage procedures · Google Senior BCM Associate · Nov 2022–Aug 2023 · BIA across 12 critical service lines at scale
· ISO 22301-aligned IT-DR, 99.95% recovery success
· BCM governance: plan staleness 40% → under 10%
· Quarterly resilience metrics to senior leadership · DivIHN Inc. BCM Consultant → Solutions Consultant · Oct 2024–Present · BIAs for 4 enterprise clients, 60+ business functions
· C-suite advisory on ISO 22301 maturity
· GRC consulting: ISO 27001, NIST CSF, SOC 2
· DORA and NIS2 alignment for financial services clients
The Problems I Solve
Built ISO 27001 policy suites for enterprise clients, aligned BCM programmes to DORA and NIS2, and delivered prioritised remediation roadmaps directly to C-suite. Governance that gets approved and actually implemented.
Led business impact analyses across 12 critical service lines at Google, achieving 99.95% recovery success rates. Reduced BCM plan staleness from 40% to under 10%. Recovery programmes that work when it matters most.
Researched AI governance for agentic AI systems at postgraduate level. Certified Trusted AI Safety Expert (TAISE). Building the oversight structures organisations need before regulators demand them.
Frameworks Built for Problems That Matter
Each one addresses a real gap.
Each one is open source.
43% of UK financial services firms missed DORA's January 2025 deadline. This framework maps both regimes article-by-article — so organisations can close the gap without running two separate compliance programmes.
75% of UK financial services firms use AI. Only 37% have standardised policies. This management system gives organisations the structure to deploy AI responsibly — and prove it to regulators.
ISO 27001 is the most cited framework in UK GRC job descriptions. This kit covers all 93 controls, a complete Statement of Applicability, and 10 ready-to-use policies — everything needed for first-time certification.
90% of UK security teams experienced supply chain incidents in 2025. This programme builds the vendor tiering, DORA Register of Information, and exit strategy methodology that organisations actually need.
The FCA/PRA compliance deadline passed March 2025. PS7/26 adds more obligations from March 2027. This self-assessment covers IBS identification, impact tolerances, and scenario testing — the whole framework.
I started my career watching security alerts scroll past on a SIEM screen at HCL Technologies. I ended up leading business continuity programmes at Google.
In between, I worked incident response at Invesco — investigating and containing security incidents across global investment management systems — and spent a year in Aberdeen deliberately studying the strategic side of risk.
Every role reinforced the same truth: the hard part isn't the technical answer. It's helping the right people understand the risk, trust the plan, and make the call.
That's what I do now at DivIHN Inc.
Trusted by People Who Know
Add your first LinkedIn recommendation here. A quote from a manager or colleague at Google, Invesco, or DivIHN carries real weight.
Your second LinkedIn recommendation. Copy them directly from your LinkedIn recommendations section.
Your third recommendation — a peer from your MSc, a DivIHN client, or a professional contact all work well.
→ Copy directly from your LinkedIn recommendations
Got a risk problem?
Let's talk.
I work with organisations navigating complex governance, resilience, and AI safety challenges. If that sounds like yours — reach out directly or schedule a call.