SHREEYA BAKHALE
Senior Specialist
Singapore
Summary
8+ years of experience in IT Risk, Cybersecurity Governance, Internal Audit, and GRC advisory across retail, technology, and financial services sectors. Proven expertise in overseeing cybersecurity control environments aligned with ISO 27001, NIST CSF, PDPA, PCI DSS, and DPTM frameworks. Well-versed in second-line risk functions, including cybersecurity advisory, risk and control self-assessment (RCSA), enterprise risk management, regulatory compliance, incident response, and third-party/vendor risk assessments. Demonstrated ability to lead audits, communicate risks to senior management, and advise on secure-by-design practices and technology risk mitigation. Keen interest in leveraging AI-driven efficiencies and collaborating with external consultants to strengthen governance, policy, and IT strategic initiatives.
Overview
11
11
years of professional experience
6
6
years of post-secondary education
Work History
Senior Specialist (Internal Audit)
NTUC FairPrice
11.2023 - Current
- Led over cybersecurity and technology audits across key SaaS platforms evaluating controls around access management, change control, data protection, vendor risk management, and regulatory compliance.
Executed end-to-end IT infrastructure audits covering IT asset lifecycle management, Active Directory (AD) security, firewall configuration, and network segmentation across 10+ business units.
Conducted annual Cybersecurity Incident Response audits and IT/OT resilience assessments, aligned with the Enterprise Risk Management (ERM) Framework and NIST guidelines, with a focus on ASRS and distribution center operations.
Provided advisory support for achieving Data Protection Trustmark (DPTM) certification by assessing data governance, privacy controls, and PDPA compliance across multiple departments.
Partnered with Business Audit teams to investigate and assess digital fraud risks in e-commerce ecosystems, including a high-impact e-voucher fraud case; conducted root cause analysis and recommended preventive controls.
Delivered actionable, risk-based recommendations balancing cybersecurity requirements with operational needs; regularly presented key findings to the Audit Risk Committee and senior executives, influencing decision-making and control enhancements.
Senior Consultant
NCS Group
11.2020 - 11.2023
- Maintained and enhanced the corporate Information Security Management System (ISMS) aligned to ISO 27001:2013 standards.
- Led internal ISMS audits, facilitated external surveillance audits, and advised business units on audit readiness and corrective action planning.
- Conducted annual risk management exercises and Management Review Meetings to track control deviations, assess cybersecurity maturity, and drive continuous improvement.
- Performed vulnerability scanning, incident log reviews, and created Incident Response Playbooks for AWS cloud environment.
- Provided advisory support for cybersecurity risk exceptions, documented risk acceptances, and implemented compensating controls where required.
Cybersecurity Risk Advisor & GRC Consultant
CyRAACS
02.2019 - 10.2021
- Conducted readiness assessments and gap analyses against ISO 27001:2013, PCI DSS, GDPR, CSA STAR, and other global security frameworks.
- Designed GRC frameworks for clients, including policy creation, control mapping, risk identification, and remediation planning.
- Advised clients in financial services and wealth management sectors on ISO 27001 and cybersecurity governance.
- Responded to RFPs and drafted Statements of Work (SOW) for cybersecurity services, including VAPT, secure code review, and ISMS implementations.
- Partnered with pre-sales teams to tailor security solutions based on client infrastructure and risk landscape.
Software Developer
Attra Infotech
02.2014 - 03.2017
- Developed and maintained VisionPLUS credit card systems using COBOL and JCL, supporting projects like credit card data migration and EMV (PIN-to-Chip) upgrades.
Education
MBA - IT Business Management, Information Security
Symbiosis International University
India 06.2017 - 03.2019
Bachelor of Engineering - Information Technology
Padre Conceicao College of Engineering
India 07.2008 - 03.2013
Skills
- Information security consulting
- Risk assessment and compliance
- IT governance review expertise
- ISO 27001 compliance
NIST Cybersecurity Framework pertise
Accomplishments
- Received Spot Awards and client appreciation for 3 different projects for excellent contribution
- Mentored the team of 4 associates and conducted trainings during my tenure with previous organisation
Timeline
Senior Specialist (Internal Audit)
NTUC FairPrice
11.2023 - Current
Senior Consultant
NCS Group
11.2020 - 11.2023
Cybersecurity Risk Advisor & GRC Consultant
CyRAACS
02.2019 - 10.2021
MBA - IT Business Management, Information Security
Symbiosis International University
06.2017 - 03.2019
Software Developer
Attra Infotech
02.2014 - 03.2017
Bachelor of Engineering - Information Technology
Padre Conceicao College of Engineering
07.2008 - 03.2013
Similar Profiles
Darren Lim Hee ChunDarren Lim Hee Chun
Retail Assistant Cum Skill Cutter at NTUC FairpriceRetail Assistant Cum Skill Cutter at NTUC Fairprice
Jerial JamesJerial James
Retail Assistant at NTUC FairPriceRetail Assistant at NTUC FairPrice
Kho Le Anne RachelKho Le Anne Rachel
Human Resource Intern at NTUC Fairprice Co-operative LimitedHuman Resource Intern at NTUC Fairprice Co-operative Limited
Razali Abdul RahimRazali Abdul Rahim
Customer Success Relationship Manager at Industrial Scientific Corporation Pte LtdCustomer Success Relationship Manager at Industrial Scientific Corporation Pte Ltd
Santhosh Mankidiyil ThankachanSanthosh Mankidiyil Thankachan
Lead Engineer (Manager) at Cyber Security Office // SynapxeLead Engineer (Manager) at Cyber Security Office // Synapxe