I'm Aayush Tiwari

A ISO 27001:2022 Lead Auditor Third-Party Risk Specialist Information Security Professional Cybersecurity Enthusiast

My Resume My Work
  • My Skills
  • Why Me
  • My Vision

About Me

Hello! I'm Aayush Tiwari, an ISO/IEC 27001:2022 Lead Auditor and Third-Party Risk Management professional with experience at KPMG Global Services and EY Global Delivery Services. I specialize in conducting vendor security assessments, financial due diligence, and compliance reviews for enterprise and Fortune 500 clients.

Over the past few years, I have completed 100+ vendor risk assessments, reviewed security certifications (SOC 2, ISO 27001, PCI-DSS), and helped organizations strengthen their security posture across frameworks such as ISO 27001, PCI-DSS, GDPR, and NIST RMF. I enjoy translating complex security and compliance requirements into practical, business-focused recommendations.

I am particularly interested in GRC, TPRM, and cybersecurity — building scalable vendor risk programs, improving security questionnaires and processes, and collaborating with cross-functional teams to reduce risk. Outside of work, I focus on continuous learning in cloud security, security automation, and modern risk management practices.

If you're looking to build or improve your third-party risk program, need help with vendor assessments, or want to discuss GRC and cybersecurity careers, feel free to reach out. I'm always open to meaningful conversations and collaborations.

My Skills

Third-Party Risk Management (TPRM)

75%

ISO 27001 & Security Audits

70%

Vendor Security Questionnaires & Due Diligence

75%

Compliance Frameworks (PCI-DSS, SOC 2, GDPR, NIST RMF)

60%

Risk Assessment & Reporting

80%

SQL, JavaScript & Node.js (Foundational)

50%

Why Me?

I combine hands-on third-party risk and information security experience with a structured Big 4 consulting background. At EY and KPMG, I have delivered vendor risk assessments, quality reviews, and compliance engagements for global clients, often under tight deadlines and high expectations.

My strengths include identifying high-risk vendors, reviewing security certifications (SOC 2, ISO 27001, PCI-DSS), and translating technical and regulatory requirements into clear, actionable remediation plans. I focus on both the control environment and the business impact.

I enjoy collaborating with cross-functional teams, mentoring peers, and continuously improving assessment methodologies and documentation quality. I take ownership of my work, communicate clearly with stakeholders, and always aim to deliver concise, decision-ready risk insights rather than just long reports.

If you need someone who understands both security frameworks and real-world vendor risk challenges, and who can communicate effectively with technical and business stakeholders, I can add value to your team and your security program.

My Vision

My personal vision is to have a life of meaning for myself and others. It is important to me to live my life in a way that shows kindness, care, and concern for family and friends and even strangers. Earn respect for myself based on a recognition of my accomplishments and abilities maintains a sense of appreciation of the beauty of nature, and a sense of humour.I want to remain true to myself while experiencing all life has to offer. I am comfortable in my quietness and content being in my own company. Though I recognize my introversion is not a flaw to be changed, it does represent an interpersonal challenge. I will work on being more present and attentive when engaging with others. This will allow me to foster trust, connection, and intimacy which are essential for meaningful long-term relationships.

I want to have a career/life that includes constant learning and improvement for myself, but that also creates an atmosphere of pleasurable learning and improvement for others. I want to work with and around people, and it is important to me that they like me; but it is even more important to me that they feel that I have helped them in some way – not necessarily that I do a specific good deed, but more that some kindness or thoughtfulness or wisdom of mine has touched them.

My Services

I help organizations understand and manage risk from their third parties, align with security and compliance frameworks, and communicate risk clearly to stakeholders. My work focuses on vendor security assessments, ISO 27001 audits, and building practical, scalable GRC practices.

Vendor Risk Assessments

End-to-end review of vendor security posture through structured questionnaires, evidence checks, and risk scoring to support informed onboarding and renewals.

ISO 27001 & Compliance

Support with ISO 27001-aligned controls, gap identification, and remediation insights, along with alignment to SOC 2, PCI-DSS, GDPR and NIST RMF requirements.

Security Questionnaires

Design, review, and optimize security questionnaires and responses to reduce friction, increase clarity, and better reflect the true risk posture.

Risk Reporting & Insights

Creation of concise, visual risk summaries, dashboards and KRIs that help stakeholders quickly understand exposure and prioritize actions.

My Projects

A full-stack developer aims to attentively listen, keenly observe, deeply understand, empathize, synthesize information, and extract insights to illuminate the invisible through technology. To me, development embodies the essence of enriching user experiences and elevating the quality of life. Authentic mastery in development transcends transient trends and superficial endeavours. Rather, a developer should strive to craft purposeful, influential solutions that surpasses mere compartmentalization and transient fashion.

  • 10All Works
  • 07FullStack Development
  • 03FrontEnd Development
  • 02HTML5 & CSS3
  • 04Bootstrap

Front-End DevelopmentAPI Recipe App

A Web Application to find the recipe from your given Ingredient with additional functionalities

Front-End DevelopmentiBugg

A Static Fully Responsive Blog Website. The website was made using HTML, CSS and Javascript.

Full-Stack DevelopmentGrowMore - A Dynamic Business Website

A Dynamic Professional Business Website focused on career growth and business enhancement with contact database form.

Full-Stack DevelopmentJob Search App - API Job Search Application

A API Based Web Application to Find the Job matching your given working field and location.

Front-End DevelopmentAPI Weather Application

A Weather Based Web Application for real-time weather information for your given location with additional functionalities.

Full-Stack DevelopmentCRUD APP - A Database Employee Portal

A end-to-end database multi-page. Users can create, read, update and delete employee data respectively.

Full-Stack DevelopmentWeatherIfy

A Weather Based Web Application for real-time weather information for any given location with additional functionalities.

Full-Stack DevelopmentJobTracker

Developed a JobTracker Web App with optimized back-end, Restful APIs, MongoDB Atlas for storage, and secure user authentication.

Full-Stack DevelopmentFileShare

Developed a high-performance file-sharing web app with real-time link copying and email sharing features. Proficiently integrated multer for file uploads and nodemailer for seamless cross-browser email communication.

Full-Stack DevelopmentShopEasy

Created and engineered an online e-commerce platform tailored for the exclusive sale of distinctive sneaker footwear.

More Projects

Work & Education

Contrary to popular belief, my journey is more than just a timeline. It's a story of growth, passion, and continuous learning. Please review the milestones that have shaped my path below.

May 2019

High School Degree

Completed my High School in ST. Thomas' Church School, Howrah in the year 2019 as a Computer Science Student.

July 2019

Join University

Techno International Newtown

Bachelor's Degree enrolled in Electronics and Communication Engineering

Sept 2020

Start Coding

Started Coding in C/C++ language. Learned problem-solving skills and got introduced to Data Structures & Algorithms

Aug 2021

Start Web Developments

Started learning Web Developments and Converted Photoshop layouts to web pages using HTML, CSS, and JavaScript.

January 2024

Joined EY Global Delivery Services

Joined EY Global Delivery Services as Analyst 1 in Third-Party Risk Management, conducting vendor security and risk assessments for global clients.

April 2025

Promoted to Analyst 2

Progressed to Analyst 2 at EY GDS and got the ISO 27001 Lead Auditor Certification.

August 2025

Joined KPMG Global Services

Joined KPMG Global Services as an Associate Consultant, focusing on vendor assessments, quality reviews, and ISO 27001-aligned engagements.

Contact Me

If you want to contact me, the necessary data is given below, containing my Number, Email, and the address of my workplace.

My Phone

+917595820411,
+918420758576

Email Address

tiwariaayush682@gmail.com,
tiwariaayush682@outlook.com

My Location

28, Mallick Para Kona, Howrah
Code - 711 114