Summary
Overview
Work History
Education
Skills
Accomplishments
Certification
Industry Experience
PERSONAL DETAILS
Timeline
Generic

Shwetha Raghuram

Cybersecurity Advisor
Sydney,NSW

Summary

A cybersecurity leader with over 17 years of experience across security advisory, consulting, third-party security, awareness programs, policy development, governance, risk and compliance, internal audits, and the implementation of enterprise security frameworks. I specialise in building scalable security and governance models aligned to organisational risk priorities and regulatory expectations, enabling informed decision-making and supporting secure business outcomes. Recognised as a trusted advisor with strong communication skills, I translate complex technical risks and audit findings into clear, actionable insights that influence strategy and strengthen organisational resilience. I embed secure-by-design practices across business, delivery, and engineering teams, integrating security into modern delivery, procurement, and governance processes. My expertise spans securing AI systems, on premise, cloud platforms, vendor management, data environments, applications, and broader technology ecosystems. This is supported strong hands-on capability in risk assessment, solution and vendor reviews, architecture evaluations, threat modelling, and enterprise security controls, ensuring both strategic alignment and technical depth. Underpinned by a Diploma in Leadership and Management, I bring a balanced blend of strategic leadership, stakeholder influence, and technical credibility enabling organisations to navigate emerging risks while achieving their business objectives.

Overview

17
17
years of professional experience
10
10
Certification

Work History

Senior Specialist, Cyber Security Advisor – Transport Senior Service Manager

Transport for NSW
02.2021 - Current
  • Led development of a centralised ISO 27001-aligned control library covering advisory services across on-premises, cloud, AI, and OT environments, and automated advisory reporting templates. This standardised the report generation while reusing established controls, enabled consultants to focus on security advice to business while reusing established controls, and significantly improved the quality and speed of advisory delivery across the organisation.
  • Strengthened the organisation’s AI security posture by developing an AI risk assessment approach aligned to the NSW AI Assessment Framework and analysing generative AI activity across the network, identifying high-risk unsanctioned tools and providing clear risk recommendations that influenced executive decisions to block unsafe AI applications and establish recurring Shadow AI governance forums, significantly improving oversight and reducing organisational exposure.
  • Received a Certificates of Recognition at the Transport Cyber Defence Townhall for exceptional mentoring of new team members and for representing Cyber Security at the STEMC/Technology Innovation Showcase, demonstrating strong leadership, communication and advocacy for the cyber function.
  • Supported delivery effectiveness and stakeholder confidence by supporting Agile adoption within Cybersecurity Advisory by taking on Product Owner and Scrum Master roles and stepping into the Senior Manager position during absences to lead teams, maintain momentum and uphold engagement. Delivered high-impact security advice across emerging and existing technologies by conducting assessments, readiness checks and architecture reviews, ensuring risks were identified early and enabling informed, risk-based decision-making aligned to team strategy and uplift initiatives.

Manager – Technology Compliance and Risk

Deloitte Services Pty Ltd
03.2018 - 02.2021
  • Strengthened governance and reduced technology risk by serving as the IT Risk Champion for the Australian rollout of the global GRC platform, acting as a trusted advisor while uplifting process maturity through the development and alignment of security processes to global standards, and driving targeted risk assessments and mitigation planning that improved compliance and reduced exposure across operations and projects.
  • Strengthened ISO 27001 compliance by serving as a key IT representative during external audits, coordinating with auditees and auditors, and driving timely closure of findings, resulting in improved audit readiness and reduced non-conformities.
  • Enhanced audit effectiveness and strengthened governance by conducting periodic internal audits, coordinating stakeholder follow-ups to ensure timely closure of actions, and transforming audit outcomes into clear, actionable security reports that improved executive visibility of the organisation’s security posture and enabled informed decision-making.
  • Improved security awareness within IT teams by authoring quarterly compliance and risk newsletters, providing clear updates on security initiatives, audit outcomes and emerging risks, improving visibility and engagement across internal teams.

Senior Engineer - ERC

SLK Software Pvt Limited
07.2014 - 10.2017
  • Led organisation-wide Information Security awareness initiatives, introducing gamified learning, infographics, an Infosec chatbot, and interactive role-based training for new joiners and business teams. Maintained Infosec intranet pages with updated content and monthly campaigns.
  • Automated key security and compliance processes, including access reconciliation reporting, vendor due-diligence workflows, and audit/compliance tracking tools, improving efficiency and accuracy.
  • Owned and executed core components of the ISMS program, including end-to-end management of compliance and audit activities, annual policy and procedure reviews, risk assessments with security control recommendations, stakeholder engagement and remediation tracking, and support for Business Continuity and Disaster Recovery testing to strengthen organisational resilience.

Education

Diploma - Leadership and Management

Australian institute of Management

Masters - computer applications

St. Ann’s P.G. college for women

Skills

  • Data, AI & Technology Risk: AI/ML Security, AI Risk & Governance (ISO 42001, ISO 23894), Responsible AI, Data Risk Management, Emerging Technology Risk
  • Security Architecture & Engineering: Cloud Security (ISO 27017, AWS, Azure), ETL support, Application & Product Security, Threat Modelling, Secure SDLC, Architecture Reviews, Vulnerability Management, developing processes, policy and procedures development, Incident, problem and change management
  • Governance, Risk & Compliance (GRC): ISO 27001, ISO 22301, NIST CSF, NIST RMF, SOC 2, PCI DSS, Control Design, Regulatory Compliance, PSPF, ISM and Essential 8, OT 62443
  • Risk, Audit & Assurance: Risk and vendor Assessments, Solution and Gate Reviews, Internal Audits, Risk Reporting, Control Libraries, Assurance & Compliance Monitoring
  • Data & AI Governance: AI Risk Frameworks, AI Assessments, Policy & Control Development, Security Requirements Definition, Security Awareness Training
  • Leadership & Stakeholder Engagement: Executive Advisory, Cross-Functional Collaboration, Stakeholder Management, Mentoring, Security Uplift Programs, Agile Delivery
  • Tools: Process Automation, GRC Platforms (customise with actual tools if needed)

Accomplishments

  • Led enterprise AI risk management, assessing ~75% of AI-related advisory requests and influencing decisions to block high-risk applications, significantly strengthening security posture and reducing exposure to emerging threats.
  • Recognised for innovation and leadership, receiving organisational awards for mentoring, capability uplift, and representing Cyber Security at major technology and innovation forums.
  • Strengthened governance and risk maturity at Deloitte Australia, acting as IT Risk Champion and driving improved transparency, awareness, and adoption of security practices across teams.
  • Delivered high-impact security awareness initiatives, leading organisation-wide programs that achieved CSAT 4.8/5 and measurably improved security engagement and culture.
  • Delivered security and data risk outcomes across high-visibility, enterprise-wide initiatives and projects, influencing senior stakeholder decision-making and supporting strategic technology and data programs.
  • Contributed to industry capability uplift, mentoring emerging professionals and delivering thought leadership on security culture and training.

Certification

  • Certified for ISO 27001: 2013 Lead Auditor
  • Certified for Implementation of ISO 27001:2005
  • Certified ISO 22301: 2012 Business Continuity
  • Certified Payment Card Industry Security Implementer (CPISI) Version 3.2
  • Certified Internal Quality System Auditor
  • Certified as Internal information security auditor.
  • Certified Information Security Manager (CISM)
  • Certified in GIAC Cloud Security Essentials (GCLD)
  • Certified SAFe Practioner (5.1)
  • Trained in Security Architect: Level 2 by SafeStack Academy
  • Trained in Security Engineering on AWS by DDLS
  • Trained in BSI Information Security Controls for Cloud Services Course
  • Trained in CRISC from ALC
  • Attended the Emerging Leaders Program conducted by AGSM @ UNSW Business school
  • Undergone training in AI Security from Practical DevOps and preparing for Certified AI Security Professional (CAISP)
  • Trained in ISO 42001 - AIMS

Industry Experience

Government, Banking, Manufacturing, Internal services, IT Security, Energy Utilities (Oil and Gas) domains

PERSONAL DETAILS

Professional Profile & recommendations: http://in.linkedin.com/in/shwetharaghuram

Timeline

Senior Specialist, Cyber Security Advisor – Transport Senior Service Manager

Transport for NSW
02.2021 - Current

Manager – Technology Compliance and Risk

Deloitte Services Pty Ltd
03.2018 - 02.2021

Senior Engineer - ERC

SLK Software Pvt Limited
07.2014 - 10.2017

Masters - computer applications

St. Ann’s P.G. college for women

Diploma - Leadership and Management

Australian institute of Management
Shwetha RaghuramCybersecurity Advisor