Available for hire ยท Remote worldwide

GRC & Third-Party
Risk Analyst

I validate vendor security postures for Fortune 500 enterprises, mapping controls against HITRUST, HIPAA, SOC 2, ISO 27001, and GDPR. Based in Kathmandu, Nepal. Working globally.

Book a Call Download CV
20+
Vendors Assessed
7+
Certifications
2.5yr
GRC Experience
AM
Aryan Maharjan
// grc_analyst.nepal
Security+CompTIA
Network+CompTIA
CCISC2
APIsecAPIsec University
CAPThe SecOps Group
CNSPThe SecOps Group
Open to opportunities
01 / About

The work I do.

Bridging vendor compliance claims with what the evidence actually shows.

I am a GRC and Third-Party Risk Management professional based in Kathmandu, Nepal. For the past year I have been working as a contractor supporting a Fortune 500 healthcare enterprise through SecurityPal, conducting end-to-end vendor risk assessments against HITRUST CSF, CRF, HIPAA, SOC 2, ISO 27001, and GDPR.

My job is essentially to stress-test what vendors say about themselves. I go through policies, map controls to regulatory requirements, identify gaps, and present findings to senior leadership for approval. I have done this across 20+ vendors including some of the most well-known names in enterprise technology.

Before GRC I worked in SOC operations, vulnerability assessment, and network security. I also spent a year in AI data annotation where I was promoted to Quality Auditor within 2 months of joining as a fresher.

HITRUST CSF
HIPAA/HITECH
SOC 2 Type II
ISO 27001
NIST CSF
GDPR
NIST 800-53
PCI DSS
MITRE ATT&CK
๐Ÿ”

Vendor Risk Assessment

Validating HITRUST CSF and CRF submissions, reviewing evidence packages, and identifying misrepresentations across 20+ vendors.

๐Ÿ“‹

Compliance Documentation

Producing audit-ready risk reports, risk scorecards, and compliance mapping documents aligned to HIPAA, SOC 2, ISO 27001, and GDPR.

๐Ÿ›ก๏ธ

PHI/PII Governance

Evaluating vendor data classification, retention policies, encryption standards, and HIPAA breach notification obligations.

๐Ÿ“ก

Security Operations

Background in SOC log analysis, threat detection using Splunk SIEM, and vulnerability assessment with CVSS-based prioritization.

02 / Experience

Where I've worked.

Apr 2025 โ€“ Present Current Fortune 500 Contractor
Security Research Analyst
SecurityPal ยท Supporting Humana (Fortune 500)
  • Conduct end-to-end TPRM assessments for a Fortune 500 healthcare enterprise, validating vendor-submitted HITRUST CSF and CRF assessments across a portfolio of 20+ technology vendors.
  • Validate vendor compliance posture against HIPAA/HITECH, SOC 2 Type II, ISO 27001, GDPR, and NIST CSF through evidence review and policy analysis.
  • Perform detailed security policy reviews, mapping vendor controls and identifying gaps in PHI/PII handling, access management, and incident response.
  • Prepare audit-ready risk reports and scorecards, presenting findings to senior GRC leadership for formal approval.
  • Reduced average remediation closure timelines by 25% through cross-functional collaboration with engineering and legal teams.
  • Maintain internal AI-powered compliance knowledge library, reducing downstream errors by 30%.
HITRUST CSFHIPAASOC 2ISO 27001GDPRTPRMRisk Reporting
Sep 2025 โ€“ Present Current
AI Data Specialist
RWS Group ยท Remote
  • Perform data collection, evaluation, and annotation tasks supporting AI/ML model development across audio, video, image, and text modalities.
  • Execute pairwise comparisons, object tagging, and content classification with strict adherence to project guidelines.
Data AnnotationAI/MLQA
Apr 2024 โ€“ Feb 2025
AI Data Specialist โ†’ Quality Auditor
CloudFactory ยท Remote
  • Annotated and validated 10,000+ data points for AI/ML model training across education and content intelligence projects.
  • Maintained 98%+ accuracy rate in data labeling through rigorous quality control.
  • Promoted to Quality Auditor within 2 months of joining as a fresher, reviewing and grading the work of experienced peers.
Data AnnotationQuality AuditAI Training
Dec 2023 โ€“ Apr 2024
Cybersecurity Intern โ€“ SOC & Vulnerability Management
TeamOne Technologies
  • Assisted in SOC operations including log analysis, vulnerability assessments, and threat detection using Linux CLI, Python automation, and Splunk SIEM.
  • Conducted vulnerability scans and supported triage aligned with CVSS scoring standards.
SplunkPythonSOCCVSS
May 2023 โ€“ Aug 2023
Network & Security Intern
Classic Tech (ISP) ยท Kathmandu
  • Supported network configuration, security monitoring, and troubleshooting in a live ISP environment.
  • Gained hands-on experience with routing protocols, firewall rule management, and network access controls.
NetworkingFirewallRouting
03 / Skills

Technical toolkit.

๐Ÿ”

GRC & Compliance

HITRUST CSFHIPAASOC 2ISO 27001GDPRNIST CSFPCI DSSFedRAMP
๐Ÿ“Š

Third-Party Risk

TPRMVendor Due DiligenceRisk ScoringSIG/VSQControl MappingPHI/PII Governance
๐Ÿ›ก๏ธ

Security Operations

Splunk SIEMLog AnalysisVulnerability AssessmentCVSSMITRE ATT&CKOWASP
๐Ÿค–

AI & Data

Data AnnotationQA & AuditingRLHFDataset CurationContent ModerationPairwise Comparison
โ˜๏ธ

Cloud & Infra

AWSDockerKubernetesTerraformVirtualizationLinux
๐Ÿ“

Documentation

Risk ReportsSOPsAudit EvidenceJiraConfluenceTechnical Writing
04 / Certifications

Credentials.

CompTIA Security+ ce
CompTIA
CompTIA Network+ ce
CompTIA
Certified in Cybersecurity (CC)
ISC2
APIsec Certified Practitioner
APIsec University
Certified AppSec Practitioner (CAP)
The SecOps Group
Certified Network Security Practitioner (CNSP)
The SecOps Group
Certified Cybersecurity Educator Professional (CCEP)
Red Team Leaders
05 / Projects

Work I'm proud of.

01 โ€” Featured
HITRUST / CRF Vendor Assessment Program

Reviewed and validated 20+ vendor risk assessments against HITRUST CSF r2 and CRF frameworks as part of a Fortune 500 healthcare company's third-party risk program. Developed standardized control mapping templates that improved assessment review efficiency by 40%.

20+
Vendors
40%
Efficiency Gain
25%
Faster Remediation
HITRUSTCRFHIPAASOC 2TPRM
02
CK-12 Flexi: STEM Content QA

Structured and validated 1,500+ Science and Math questions for an adaptive AI learning platform. Tagged content by Bloom's Taxonomy level across 20+ learning modules.

1,500+
Questions
30%
Error Reduction
Content QAAI Training
03
CBSE Academic Content Validation

Reviewed and validated 2,000+ questions across Science, Math, and English for grades 6โ€“12, formatted for integration into AI-based assessment systems used by 10+ ed-tech platforms.

2,000+
Questions
100%
Accuracy
ValidationEdTech
06 / Contact

Let's work together.

Open to GRC analyst roles, TPRM contracts, and compliance consulting. Remote worldwide.

Get in touch

I am actively looking for GRC, compliance, and TPRM roles. If you are hiring or want to discuss a contract, book a call directly or reach out through any of the channels below.

โœ‰๏ธ
[email protected]
๐Ÿ’ผ
linkedin.com/in/aryan-maharjan
๐Ÿฑ
github.com/iceyyspicyy
๐Ÿ“ฑ
+977 976 228 3897

๐Ÿ“… Book a 30-min call

Schedule directly โ€” no back and forth needed.

Powered by Cal.com ยท Set up your free account at cal.com to activate this calendar