Sampath Kumar Garimella
Melbourne,VIC
Summary
Experienced Cybersecurity & GRC Professional | 13+ Years Across Diverse Sectors
Seasoned Australian professional with over 13 years of experience driving Governance, Risk, and Compliance (GRC) initiatives across banking, telecommunications, insurance, retail, and transport industries. Adept at implementing leading frameworks such as ISO 27001, NIST CSF, PCI DSS, CPS 234, GS007, ASAE 3150, and ITGC. Demonstrated success in managing audits, delivering control assurance, and strengthening risk governance.
Specializes in IT/OT security, data privacy programs, policy development, and strategic security consulting. Proficient in IAM tools including SailPoint and CyberArk, as well as GRC platforms. Brings deep expertise in security assessments, audit remediation, and fostering strong stakeholder engagement at all levels.
Overview
13
13
years of professional experience
1
1
Certification
Work History
GRC Consultant – Cybersecurity & Risk
Transurban
03.2023 - Current
- Delivered and led enterprise risk assessments focused on information security, compliance, and operational risk.
- Uplifted the full risk management lifecycle including identification, prioritization, analysis, treatment, fallback planning, and residual risk validation.
- Scoped and defined appropriate control types (preventive, detective, corrective) for each identified risk, and authored detailed control objectives.
- Actively participated in security design discussions and architecture decision-making forums with Enterprise Architects and Solutions teams.
- Reviewed and provided governance oversight for enterprise architecture, solution designs, and security control approvals.
- Performed risk assessments across strategic, operational, and project-level domains, including Tier 1 and Tier 2 initiatives.
- Supported and successfully drove external audit engagements, including evidence coordination, walkthroughs, stakeholder briefings, and closure.
- Reviewed cyber insurance requirements and third-party risk data to ensure alignment with contractual and regulatory obligations.
- Conducted compliance assessments across Core Obligations Framework, PCI DSS, CPS 234, and ITGC requirements.
- Reviewed and prioritized vulnerabilities from Qualys, Prisma, Checkmarx, and GitHub and drove remediation plans with technical leads.
- Collaborated on VIC IPA uplift project: enhanced internal controls, risk reviews, audit preparations.
- Created and presented cyber risk dashboards and metrics packs to GRC leadership and assurance forums.
- Assessed cyber incident response capability and participated in assurance reviews of business continuity and disaster recovery readiness.
- Provided consultation on compliance with CPS 234, PCI DSS, ITGC, and internal governance standards.
Senior Analyst – Identity Oversight
National Australia Bank (NAB)
03.2021 - 03.2023
- Delivered end-to-end governance and assurance activities across enterprise Identity & Access Management (IAM) and Privileged Access Management (PAM) environments using SailPoint IIQ, SailPoint IdentityNow, CyberArk, Splunk, and Active Directory.
- Led and supported internal and regulatory audit engagements (ITGC, GS007, ASAE 3150, MAS TRM), including walkthroughs, evidence gathering, gap analysis, and remediation tracking for control assurance reviews.
- Conducted control testing, sample investigations, and stakeholder workshops to assess control design and operational effectiveness.
- Played a key role in access governance uplift initiatives, including Privileged User Access Review (PUAR) and Event-Driven User Access Reviews (UARs), and produced reporting dashboards in Tableau for risk committees.
- Onboarded business applications into SailPoint and collaborated with asset and service owners to establish access roles, perform manual UARs, and validate entitlements.
- Provided strategic input on IAM policy governance, including alignment with ISO 27001, NIST CSF, and PCI DSS standards.
- Coordinated with internal assurance teams to validate control linkages, manage compliance obligations, and ensure evidence readiness for audits.
- Flagged and escalated SailPoint defects, collaborating with the development team to drive resolution and enhance governance automation.
- Key Tools & Frameworks: SailPoint IIQ & IdentityNow, CyberArk, Active Directory, Splunk, Tableau, ISO 27001, NIST CSF, PCI DSS, GS007, ASAE 3150, MAS TRM
Technical Specialist – IAM & Risk Advisory
NBN Co Limited
05.2018 - 03.2021
- Delivered UARs and privileged access reviews across a complex enterprise IAM environment.
- Supported ISO 27001, PCI DSS, and COBIT audit lifecycle with evidence coordination and issue remediation.
- Drove IAM modernization including SailPoint and CyberArk integrations and access lifecycle enhancements.
- Contributed to the Essential 8 mitigation strategy implementation and cloud control assessments.
- Led the Active Directory project as product owner, centralizing disconnected applications under RBAC policies.
- Generated risk metrics and dashboards to report on compliance gaps, control effectiveness, and audit readiness.
Technical Lead – Identity & Access Management
Cognizant Technology Solutions
01.2014 - 06.2017
- Managed IAM provisioning and deprovisioning across RACF, UNIX, Oracle, and SQL platforms.
- Conducted entitlement mapping and user reconciliation exercises for client organizations.
- Developed operational security procedures and mentored junior analysts in IAM best practices.
- Supported global IAM transformation and onboarding programs across critical systems.
- Led a team of 9 IAM analysts over a 3-year period, overseeing task distribution, mentoring, SLA compliance, and performance reporting across client engagements.
Operations Professional – Mainframe Systems
IBM India Pvt Ltd
12.2011 - 05.2013
- Managed job scheduling, incident response, and batch operations in a mainframe environment.
- Performed audit-compliant termination reviews and log analysis to ensure security standards.
- Created documentation and executed operational controls for access monitoring and compliance.
- Led a 10-member mainframe operations team, coordinating shift schedules, incident triage, and compliance documentation for batch processing workflows.
Education
Master of Information Systems -
Central Queensland University
01.2009
Bachelor of Technology - CSIT
SCIENT College of Engineering
01.2007
Skills
- ISO 27001
- NIST CSF
- PCI DSS
- GS007
- ASAE 3150
- CPS 234 compliance
- MAS TRM
- ITGC
- Enterprise risk assessments
- Control testing
- Risk treatment planning
- Internal/external audits
- Audit readiness
- Policies and procedures lifecycle
- Control objectives
- Obligations mapping
- IT/OT security uplift
- SailPoint IIQ/IdentityNow
- CyberArk
- Active Directory
- Splunk
- ServiceNow
- JIRA
- Confluence
- Tableau
- Risk reporting
- Audit dashboards
- Metrics presentations
Certification
- CISSP (Trained)
- ITIL V3 Certified
- CyberArk Certified Trustee
- Azure Fundamentals (AZ-900)
- Splunk 7.X Fundamentals
Languages
English
Core Skills
ISO 27001, NIST CSF, PCI DSS, GS007, ASAE 3150, CPS 234, MAS TRM, ITGC, Enterprise risk assessments, risk registers, control testing, fallback planning, risk treatment planning, Internal/external audits, walkthroughs, audit readiness, remediation tracking, Policy lifecycle, control objectives, obligations mapping, IT/OT security uplift, SailPoint IIQ & IdentityNow, CyberArk, Active Directory, Splunk, ServiceNow, JIRA, Confluence, Tableau, Prisma Cloud, Qualys, Checkmarx, GitHub, Risk reporting, audit dashboards, metrics presentations
Interests
Interests: Playing cricket, watching movies, Volunteering & Community Engagement, Mentoring or Coaching
Timeline
GRC Consultant – Cybersecurity & Risk
Transurban
03.2023 - Current
Senior Analyst – Identity Oversight
National Australia Bank (NAB)
03.2021 - 03.2023
Technical Specialist – IAM & Risk Advisory
NBN Co Limited
05.2018 - 03.2021
Technical Lead – Identity & Access Management
Cognizant Technology Solutions
01.2014 - 06.2017
Operations Professional – Mainframe Systems
IBM India Pvt Ltd
12.2011 - 05.2013
Bachelor of Technology - CSIT
SCIENT College of Engineering
Master of Information Systems -
Central Queensland University
Similar Profiles
Jeli DredgeJeli Dredge
Credit Officer at TransurbanCredit Officer at Transurban
Nicola SykesNicola Sykes
Social Media Specialist at TransurbanSocial Media Specialist at Transurban
WENDY COLLINSWENDY COLLINS
Credit Officer at TransurbanCredit Officer at Transurban
Sandini NirashaSandini Nirasha
Senior Sandwich Artist at SUBWAY®RestaurantsSenior Sandwich Artist at SUBWAY®Restaurants
David William BrownDavid William Brown
National Compliance Manager at Endeavour Group (Australian Leisure & Hospitality Group)National Compliance Manager at Endeavour Group (Australian Leisure & Hospitality Group)