---
name: "Garima Kakkar"
github: "garimakakkar"
specializations:
- "Audit & Assurance"
- "Compliance Automation"
- "Privacy"
- "Risk Management"
- "Security Governance"
- "Third-Party Risk"
- "AI Governance"
- "Cloud Governance"
title: "GRC Security & Privacy Manager"
company: "SirionLabs"
location: "India"
linkedin: "https://www.linkedin.com/in/garima-kakkar-54456b60/"
blog: "https://www.garimakakkar.in/"
frameworks:
- "CCPA"
- "EU AI Act"
- "GDPR"
- "ISO 27001"
- "ISO 42001"
- "NIST 800-53"
- "NIST AI RMF"
- "SOC 2"
languages:
- "Python"
available_for:
- "consulting"
- "hiring"
- "freelance"
- "collaboration"
---
## About Me
I started as a software engineer at PayU. 👩💻 Now I help engineering teams build products that are secure, private, and compliant by design. 🔐
That early experience writing code taught me how engineers think about trade-offs, deadlines, and technical constraints. Today, as a Security & Privacy GRC Manager at SirionLabs, I use that foundation to translate security frameworks and compliance requirements into language that makes sense to the people actually building the product. 🌉
What my day looks like:
🛡️ Partnering with engineering teams to design security controls for cloud environments (AWS/Azure/GCP)—from access management to encryption implementations
📋 Managing multi-framework compliance programs: ISO 27001/27018/27701, SOC 2 Type II, HIPAA, PCI-DSS, GDPR, and India's DPDPA
🔍 Conducting security risk assessments, third-party vendor evaluations, and helping teams understand what "secure by design" means in practice
🏗️ Reviewing system architectures to identify both security and privacy implications before they become production issues
🌍 Working with teams across 12+ jurisdictions to implement technical safeguards that protect data without breaking functionality
The work I'm proud of: ⭐
✅ Leading enterprise-wide security and compliance initiatives that reduced audit prep time while strengthening our actual security posture
🤝 Achieving certifications across multiple frameworks by working with engineering teams, not against them
📊 Managing DPDPA readiness that addressed both legal requirements and underlying security controls
What I'm building toward: 🚀
🤖 Automating security evidence collection and building continuous compliance monitoring tools
📈 Creating systems that make both security and privacy controls visible in real-time—not just during audit season
What sets me apart: 💡
👨💻 I remember what it's like to be on the engineering side when someone from "security and compliance" shows up
🤝 I try to be the GRC person I would have wanted to work with as a developer
✨ Someone who understands technical constraints, helps solve problems, and offers practical security solutions instead of just pointing out risks
## Experience Highlights
- Leading enterprise-wide security and compliance initiatives that reduced audit prep time while strengthening our actual security posture
- Achieving certifications across multiple frameworks by working with engineering teams, not against them
- Managing DPDPA readiness that addressed both legal requirements and underlying security controls
