About Experience Skills Certs Projects Hire Me
◐ Switch to Light
Available · Remote Worldwide · KTM / UTC+5:45

GRC &
THIRD-PARTY RISK

Governance · Risk · Compliance

Stress-testing what vendors claim against what the evidence actually shows for Fortune 500 healthcare enterprises. Based in Kathmandu. Working for the world.

Book a Call View CV
6000+
Vendors Assessed
7+
Certifications
2.5yr
GRC Experience
OPEN TO HIRE
Aryan Maharjan
// ANALYST_ID: AM-2001-KTM
Credentials
Security+Network+ CC · ISC2APIsec CAPCNSPCCEP
Framework Depth
HITRUST CSF
95%
HIPAA/HITECH
92%
SOC 2 Type II
88%
ISO 27001
85%
NIST CSF
80%
Open to Hire
01
About

The work
I do.

I am a GRC and Third-Party Risk Management professional based in Kathmandu, Nepal. For the past year I have been a contractor supporting a Fortune 500 healthcare enterprise through SecurityPal, conducting end-to-end vendor risk assessments against HITRUST CSF, CRF, HIPAA, SOC 2, ISO 27001, and GDPR.

My job is stress-testing what vendors say about themselves. I go through policies, map controls to regulatory requirements, identify gaps, and present findings to senior leadership for approval. I've done this across 6000+ vendors including some of the most well-known names in enterprise technology.

Before GRC I worked in SOC operations, vulnerability assessment, and network security. I also spent a year in AI data annotation where I was promoted to Quality Auditor within 2 months of joining as a fresher.

01 ·

Vendor Risk Assessment

Validating HITRUST CSF and CRF submissions, reviewing evidence packages, identifying misrepresentations across 6000+ enterprise vendors.

02 ·

Compliance Documentation

Producing audit-ready risk reports, scorecards, and mapping documents aligned to HIPAA, SOC 2, ISO 27001, and GDPR.

03 ·

PHI/PII Governance

Evaluating vendor data classification, retention policies, encryption standards, and HIPAA breach notification obligations.

04 ·

Security Operations

Background in SOC log analysis, threat detection using Splunk SIEM, and vulnerability assessment with CVSS-based prioritization.

02
Experience

Where I've
worked.

25
Apr 2025 – PresentLiveF500 Contractor
Security Research Analyst
SecurityPal · Contractor for a Fortune 500 Company
  • Conduct end-to-end TPRM assessments for a Fortune 500 healthcare enterprise, validating HITRUST CSF and CRF assessments across 6000+ technology vendors.
  • Validate vendor compliance posture against HIPAA/HITECH, SOC 2 Type II, ISO 27001, GDPR, and NIST CSF through evidence review and policy analysis.
  • Perform detailed security policy reviews, mapping vendor controls and identifying gaps in PHI/PII handling, access management, and incident response.
  • Prepare audit-ready risk reports and scorecards, presenting findings to senior GRC leadership.
  • Reduced average remediation closure timelines by 25% through cross-functional collaboration.
  • Maintain internal AI-powered compliance knowledge library, reducing downstream errors by 30%.
HITRUST CSFHIPAASOC 2ISO 27001GDPRTPRMRisk Reporting
Sep 2025 – PresentLive
AI Data Specialist
RWS Group · Remote
  • Perform data collection, evaluation, and annotation tasks supporting AI/ML model development across audio, video, image, and text modalities.
  • Execute pairwise comparisons, object tagging, and content classification with strict adherence to project guidelines.
Data AnnotationAI/MLQA
Apr 2024 – Feb 2025
AI Data Specialist → Quality Auditor
CloudFactory · Remote
  • Annotated and validated 10,000+ data points for AI/ML model training across education and content intelligence projects.
  • Maintained 98%+ accuracy rate in data labeling through rigorous quality control.
  • Promoted to Quality Auditor within 2 months, reviewing the work of experienced peers.
Data AnnotationQuality AuditAI Training
Dec 2023 – Apr 2024
Cybersecurity Intern — SOC & Vuln Mgmt
TeamOne Technologies
  • Assisted in SOC operations including log analysis, vulnerability assessments, and threat detection using Linux CLI, Python automation, and Splunk SIEM.
  • Conducted vulnerability scans and supported triage aligned with CVSS scoring standards.
SplunkPythonSOCCVSS
May 2023 – Aug 2023
Network & Security Intern
Classic Tech (ISP) · Kathmandu
  • Supported network configuration, security monitoring, and troubleshooting in a live ISP environment.
  • Gained hands-on experience with routing protocols, firewall rule management, and network access controls.
NetworkingFirewallRouting
03
Skills

Technical
toolkit.

01
GRC & Compliance
HITRUST CSFHIPAASOC 2ISO 27001GDPRNIST CSFPCI DSSFedRAMP
02
Third-Party Risk
TPRMVendor Due DiligenceRisk ScoringSIG/VSQControl MappingPHI/PII Governance
03
Security Operations
Splunk SIEMLog AnalysisVuln AssessmentCVSSMITRE ATT&CKOWASP
04
AI & Data
Data AnnotationQA & AuditingRLHFDataset CurationContent Moderation
05
Cloud & Infra
AWSDockerKubernetesTerraformLinuxVirtualization
06
Documentation
Risk ReportsSOPsAudit EvidenceJiraConfluenceTech Writing
04
Certifications

Credentials.

CERT-001
CompTIA
Security+ ce
CERT-002
CompTIA
Network+ ce
CERT-003
ISC2
Certified in Cybersecurity (CC)
CERT-004
APIsec University
APIsec Certified Practitioner
CERT-005
The SecOps Group
Certified AppSec Practitioner (CAP)
CERT-006
The SecOps Group
Certified Network Security Practitioner (CNSP)
CERT-007
Red Team Leaders
Cybersecurity Educator Professional (CCEP)
CERT-008
Anthropic
AI Fluency: Framework and Foundations
05
Projects

Work I'm
proud of.

01 — Featured
HITRUST / CRF Vendor Assessment Program

Reviewed and validated 6000+ vendor risk assessments against HITRUST CSF r2 and CRF frameworks as part of a Fortune 500 healthcare company's TPRM program. Developed standardized control mapping templates that improved assessment review efficiency by 40%.

6000++
Vendors
40%
Efficiency Gain
25%
Faster Remediation
HITRUSTCRFHIPAASOC 2TPRM
02
CK-12 Flexi: STEM Content QA

Structured and validated 1,500+ Science and Math questions for an adaptive AI learning platform. Tagged content by Bloom's Taxonomy level across 20+ learning modules.

1.5k
Questions
30%
Error Reduction
Content QAAI Training
03
CBSE Academic Content Validation

Reviewed and validated 2,000+ questions across Science, Math, and English for grades 6–12, formatted for integration into AI-based assessment systems used by 10+ ed-tech platforms.

2k
Questions
100%
Accuracy
ValidationEdTech
06
Contact

Let's work
together.

Open to GRC analyst roles, TPRM contracts, and compliance consulting. If you're hiring or want to discuss a contract, book a call directly or reach out below.

@ [email protected] in linkedin.com/in/aryan-maharjan gh github.com/iceyyspicyy +977 976 228 3897

Book a 30-Min Call

// Schedule directly — no back and forth

LIVE CALENDAR
Powered by Cal.com · All times in your local timezone
Accepting Bookings