Summary
Overview
Work History
Education
Skills
Certification
Awards
Timeline
Generic

SWETA SINGH

Swansea

Summary

Strategic and results-driven Governance, Risk, and Compliance (GRC) Leader with 10+ years of experience designing, implementing, and managing enterprise-wide risk, compliance, and data protection programs for global organizations. Expertise in SOX, SOC 1/2, ISO 27001, NIST CSF, GDPR, HIPAA, and PCI-DSS frameworks, with a proven record of driving automation, continuous control monitoring, insider risk mitigation, and third-party risk governance. Trusted advisor to CISO leadership and Big 4 auditors, recognized for delivering measurable improvements in audit efficiency, control maturity, and enterprise risk reduction. Adept at fostering a culture of security and compliance, aligning governance strategies with organizational objectives to strengthen operational resilience and enable business growth.

Overview

10
10
years of professional experience
1
1
Certification

Work History

Governance Risk and Compliance Manager

Hasbro Inc.
01.2025 - Current
  • Lead enterprise Governance, Risk, and Compliance (GRC) programs aligned with evolving regulatory requirements and business objectives, strengthening the organization’s overall risk posture.
  • Implemented three agentic automation solutions that automated 40% of SOX control testing, significantly improving audit evidence collection efficiency and reducing manual compliance effort.
  • Oversee IT General Controls (ITGC) across access management, change management, system operations, and cloud environments to ensure strong control design and operating effectiveness.
  • Implement Continuous Control Monitoring (CCM) and automated evidence collection through GRC platforms such as AuditBoard, enabling proactive compliance monitoring and improving audit readiness.
  • Manage the Third-Party Risk Management (TPRM) program, performing vendor risk assessments, SOC report reviews, and continuous monitoring of high-risk vendors to mitigate supply-chain security risks.
  • Govern enterprise Data Protection and Data Loss Prevention (DLP) initiatives to safeguard sensitive data and intellectual property while mitigating insider threat and unauthorized data exfiltration risks.
  • Develop executive risk dashboards and Key Risk Indicators (KRIs) to provide CISO leadership with real-time visibility into enterprise risk posture, compliance status, and remediation progress.
  • Lead enterprise risk and compliance assessments to identify control gaps, recommend remediation strategies, and ensure alignment with industry frameworks and regulatory requirements.
  • Serve as a primary liaison during internal and external compliance audits, coordinating cross-functional evidence collection and supporting successful audit outcomes.
  • Establish compliance metrics, reporting frameworks, and continuous improvement initiatives to enhance governance maturity, strengthen monitoring capabilities, and improve regulatory adherence.

Senior IT Security Compliance Analyst

Hasbro Inc.
04.2022 - 12.2024
  • Led testing and remediation activities for Hasbro’s annual IT SOX compliance program, ensuring effective design and operating effectiveness of ITGCs and application controls across critical business systems.
  • Partnered with Internal Audit and KPMG to coordinate annual SOX audits, streamlining audit workflows, facilitating walkthroughs, and ensuring timely delivery of audit evidence.
  • Collaborated with CISO leadership, IT control owners, and audit teams to manage control deficiencies and drive remediation plans, strengthening overall control maturity and compliance posture.
  • Executed Third-Party Risk Management (TPRM) activities including vendor due diligence, ongoing monitoring, and SOC 1/SOC 2 report reviews to ensure vendor compliance with security and regulatory requirements.
  • Developed and maintained enterprise security policies, standards, and governance documentation, promoting consistent compliance with regulatory and organizational security frameworks.
  • Led the Data Protection Program, implementing controls to prevent unauthorized data exfiltration and protect Hasbro’s intellectual property and sensitive strategic data.
  • Partnered with Legal, HR, Employee Relations, and business stakeholders to investigate data loss incidents, support insider risk investigations, and implement secure data retention and destruction processes.
  • Designed and delivered enterprise security awareness and compliance training programs, increasing employee understanding of cybersecurity risks, regulatory obligations, and secure data handling practices.

Senior IT Security & Compliance Analyst

Engie Impact Services Inc.
04.2021 - 04.2022
  • Led preparation and execution of SOC 1, SOC 2, and ISO 27001 audits, coordinating cross-functional evidence collection and ensuring successful audit completion and regulatory compliance.
  • Conducted enterprise compliance and control assessments, identifying control gaps and partnering with security, IT, and business stakeholders to develop and implement remediation plans.
  • Managed audit documentation and evidence repositories, ensuring alignment with information security governance requirements and risk management objectives.
  • Oversaw audit remediation tracking, monitoring issue resolution, remediation timelines, and control effectiveness to strengthen the organization’s compliance posture.
  • Governed IT change management processes, facilitating CAB meetings within ServiceNow and ensuring proper oversight of production changes and compliance with control standards.

IT Security & Cybersecurity Analyst II

Guardian Life Insurance Company of America
02.2017 - 10.2019
  • Led a team of security and compliance analysts supporting enterprise SOC 1 and SOC 2 compliance programs, strengthening governance across key business and IT processes.
  • Developed and maintained SOC documentation, including process narratives, flowcharts, and risk-control matrices, improving transparency and control maturity across critical systems.
  • Coordinated SSAE 16, SOC 1, and SOC 2 audit activities, organizing audit evidence and responding to requests from external auditors including PwC, EY, and Deloitte.
  • Performed third-party assurance reviews, evaluating SOC 1/SOC 2 reports for key vendors such as AWS, Ensono, and QTS to ensure vendor security and regulatory compliance.
  • Governed IT access controls, change management, and segregation of duties, while leveraging automated queries and log analysis to monitor cloud infrastructure and security controls within AWS environments.

SAP MDM Analyst

SAP Software Services LLC
01.2016 - 12.2016
  • Managed and maintained SAP Master Data (Material, Vendor, BOM, Routing), ensuring data accuracy and alignment with business requirements.
  • Executed master data loads and updates using LSMW and BDC, resolving data quality and integration issues in coordination with SMEs.
  • Supported SAP requirement gathering, blueprint development, and solution demos for business stakeholders.
  • Developed and executed test plans, test cases, and defect documentation to validate SAP configurations and system functionality.

Education

Master of Science - Information Systems

University of Maryland, Baltimore County
Baltimore, MD
12-2016

Bachelor of Technology - Electronics & Instrumentation

Uttar Pradesh Technical University
07-2013

Skills

  • Enterprise GRC Program Management
  • Enterprise & IT Risk Assessments
  • Risk Register Management
  • Control Design & Operating Effectiveness
  • Regulatory & Audit Readiness
  • SOX IT General Controls (ITGC)
  • SOC 1 / SOC 2 Compliance
  • ISO 27001 & NIST Cybersecurity Framework
  • Third-Party Risk Management (TPRM)
  • Vendor Due Diligence & SOC Report Reviews
  • Data Protection Governance
  • Data Loss Prevention (DLP)
  • Insider Risk Mitigation
  • Security Awareness & Phishing Programs
  • Executive Risk Reporting & KRIs

Certification

Certified Information Systems Auditor (CISA) – In Progress

Awards

  • Certified in SAP BW 7.3 and SAP BI 4.0.
  • Gold Medalist for achieving the top rank in Bachelor of Technology.
  • Published research paper on semantic representation of genetic testing data in National Library of Medicine, contributing to academic and industry knowledge in healthcare IT.

Timeline

Governance Risk and Compliance Manager

Hasbro Inc.
01.2025 - Current

Senior IT Security Compliance Analyst

Hasbro Inc.
04.2022 - 12.2024

Senior IT Security & Compliance Analyst

Engie Impact Services Inc.
04.2021 - 04.2022

IT Security & Cybersecurity Analyst II

Guardian Life Insurance Company of America
02.2017 - 10.2019

SAP MDM Analyst

SAP Software Services LLC
01.2016 - 12.2016

Master of Science - Information Systems

University of Maryland, Baltimore County

Bachelor of Technology - Electronics & Instrumentation

Uttar Pradesh Technical University

Similar Profiles

  • Balraju GuggilamBalraju Guggilam

    Associate Vice President – Governance, Risk & Compliance at Standard Chartered Global Business Services Pvt. Ltd.Associate Vice President – Governance, Risk & Compliance at Standard Chartered Global Business Services Pvt. Ltd.

  • Danielle DolphinDanielle Dolphin

    Enterprise Risk Manager, Enterprise Risk Management (ERM) Framework Governance at Comerica bankEnterprise Risk Manager, Enterprise Risk Management (ERM) Framework Governance at Comerica bank

  • Bradley Bailey-MurrayBradley Bailey-Murray

    Governance Risk Compliance Manager at OpenTech AllianceGovernance Risk Compliance Manager at OpenTech Alliance

  • Christopher BanesChristopher Banes

    Governance, Risk and Compliance (GRC) Analyst at Miami Children's InitiativeGovernance, Risk and Compliance (GRC) Analyst at Miami Children's Initiative

CREATE PROFILE
SWETA SINGH