Anish Pudasaini

GRC Practitioner & IT Security Expert

Passionate about cybersecurity, governance, risk management, and compliance. Dedicated to ensuring robust IT security measures and adherence to industry standards.

Anish Pudasaini

About Me & My Expertise

I am a dedicated Governance, Risk, and Compliance (GRC) practitioner and IT security expert with over 3+ of experience. My passion lies in safeguarding organizations by blending technical acumen with a deep understanding of business risk management.

Throughout my career, I have collaborated with a diverse range of organizations to design and implement robust security programs. I ensure that each solution not only meets industry standards such as GDPR, HIPAA, and PCI-DSS but also aligns with the unique business needs of the organization.

My approach integrates detailed risk assessments, continuous vulnerability scanning, and compliance auditing to identify potential security gaps. By leveraging the latest technologies and best practices, I help organizations build resilient infrastructures that protect both data and reputation.

I am continually refining my skills by staying updated with emerging trends and certifications in the cybersecurity field. This commitment to lifelong learning empowers me to develop forward-thinking strategies that drive business success while maintaining a strong security posture.

What I can Do

GRC Implementation

Led the implementation of a comprehensive GRC framework, aligning IT processes with business objectives and regulatory requirements.

Information Security Audit

Conducted thorough IS audits for various clients, ensuring compliance with NRB, ISO 27001, and NIST standards.

Risk Assessment Program

Developed and implemented an enterprise-wide risk assessment program, identifying and mitigating potential security threats.

Vulnerability Assessment

Conducted thorough VA for various clients using tools like Nessus, Burp Suite, Nmap, so on.

Experience, Education & Certifications

Experience

IS Auditor at Cryptogen Nepal

January 2022 - September 2025

  • Lead and execute Information Security (IS) audits across various organizations using recognized frameworks such as ISO/IEC 27001:2022, Nepal Rastra Bank (NRB) IT Guidelines, and Cyber Resilience ensuring comprehensive risk-based assessment and compliance validation.
  • Conduct ISO/IEC 27001:2022 readiness assessments and internal audits, identifying gaps in existing Information Security Management Systems (ISMS) and providing actionable recommendations for achieving and maintaining certification.
  • Stay UpToDate on regulation and compliance changes and create awareness.
  • Support and coordinate external audits, compliance reviews, and risk assessments, including those related to NRB regulatory compliance, ISO, NIST standards, while preparing audit artifacts and aligning with control objectives
  • Act as a liaison and engage with auditees and control owners regularly to track progress against audit actions and controls in remediation.
  • Maintain professional and technical knowledge by attending educational workshops, reviewing professional publications, establishing personal networks, participating in professional societies.
  • Actively promote continuous improvement across the company
  • Develop and deliver detailed audit reports, including risk evaluations, control deficiencies, and mitigation strategies aligned with industry best practices and client-specific regulatory requirements.
  • Conduct vulnerability assessments and analysis of the client's environment using both automated and manual techniques.
  • Analyze vulnerability test reports and suggest remediation / mitigation plan
  • Continuously enhance professional and technical expertise through certification trainings, professional development workshops, and active participation in security and audit communities.

Education

BSc. (Hons) Networking and IT Security

2018 - 2021

Graduated with First Class Honours, specializing in network security and GRC practices.

MSc. IT in Applied Security

2023 - 2025

Master's degree in IT with a focus on applied security and compliance.

Certifications

ISO 27001:2022 Lead Auditor Certification

2024

Obtained certification to lead ISO 27001 Information Security Management System audits.

eLearnSecurity Junior Penetration Tester (eJPT)

February 6, 2026

Obtained certification from INE Security. Certification ID: 173748510

Contact Me