0%
Establishing encrypted tunnel...
Identity Verified · Clearance Level: Top-Tier

PRANAY SINGH SURI

3.5+ Years in InfoSec
150+ Vendor Assessments
5 Certifications
3.87 MS GPA · Penn State
Initiate Contact View CV ↗
Scroll to Access
01

About

I'm a Cybersecurity GRC professional bridging technical rigor with governance and risk intelligence. My work sits at the intersection of compliance frameworks, third-party risk, and AI-driven security automation.

At Coalfire, I conduct FedRAMP Moderate assessments validating NIST 800-53 controls across cloud environments. Before that, I led 60+ vendor risk assessments at Grant Thornton and executed ITGC/SOC engagements at Deloitte across Fortune 500 clients in healthcare, insurance, and financial services.

I built CoalHex — an AWS Bedrock AI chatbot that gives clients instant access to Coalfire's operational knowledge base. It's live in production.

CISA certified. MS Cybersecurity Analytics, Penn State. Based in Atlanta, GA.

Location Atlanta, GA
Status Open to Opportunities
Focus Areas GRC · TPRM · AI Security
Education MS Cybersecurity — PSU
LinkedIn Email Resume PDF
pranay@cyberops:~
$ whoami --verbose
name Pranay Singh Suri
role InfoSec Advisor / GRC Engineer
clearance CISA · ISO 27001 LA · CCSK · Sec+
$ cat expertise.json
{
  "primary" : "TPRM · FedRAMP · SOC 1/2",
  "frameworks" : "NIST 800-53 · HIPAA · ISO 27001",
  "tools" : "BitSight · SecurityScorecard",
  "bonus" : "AWS Bedrock · Python · AI tools"
}
$ ping atlanta.ga
Reply from 33.749°N, 84.388°W — time=0ms
$ status --open-to-work
✓ Available for new opportunities
# Let's connect and build something secure
02

Experience

01
Coalfire Systems
Associate Security Engineer
Jan 2025 – Present · Remote
EXPAND ↓
  • Executed FedRAMP Moderate third-party cybersecurity risk assessments validating NIST 800-53 controls (RA-5, CM-6, AC-2); reviewed 50+ vulnerability scan results; reduced repeat findings by 20% across assessment cycles.
  • Authored FedRAMP security control narratives and SSP documentation for cloud service providers; coordinated assurance evidence submissions and remediation timelines ahead of 3PAO review.
  • Conducted penetration testing across web application and network layers, uncovering 5+ vulnerabilities; delivered prioritized risk mitigation guidance to client stakeholders.
  • Tracked 80+ security operations requests via Jira workflows; provisioned VMs and physical ISOs using automation scripts for pen testing operations.
  • Built CoalHex — AWS Bedrock AI chatbot ingesting Coalfire SOP documentation for Remote Access Device support; approved for production client deployment.
02
Coalfire Systems INTERNSHIP
Cybersecurity Services Intern
Jun 2024 – Aug 2024 · Remote
EXPAND ↓
  • Created 3+ SOPs for red teaming operations and evidence collection, improving documentation consistency by 30% across the security services team.
  • Contributed to a phishing simulation program that increased employee email threat reporting rate from 42% to 55% — a 13-point improvement in security awareness.
03
Grant Thornton
Senior Consultant
Aug 2022 – Jul 2023 · Gurgaon, India
EXPAND ↓
  • Led 20+ SOC 1/2 and vendor risk audits across healthcare, insurance, financial services, and regulated industry clients using SIG, CSA CAIQ, CSA CCM, and CIS Controls.
  • Performed 60+ vendor assessments evaluating access management, encryption, vulnerability management, incident response, cloud security, and data protection.
  • Identified 40+ control gaps; developed risk scoring methodology, assessment templates, dashboards, and reporting; coordinated risk acceptance decisions.
  • Supported SOC 2, HITRUST, HIPAA, and NIST audit activities; reviewed penetration test summaries, security questionnaires, and assurance evidence; designed compensating controls.
04
Deloitte
Senior Analyst
Jul 2021 – Jul 2022 · Gurgaon, India
EXPAND ↓
  • Executed 15+ ITGC, SOC 1/2/3, and regulatory compliance engagements for Fortune 500 clients in healthcare, insurance, and financial services aligned to COSO, COBIT, NIST, and ISO 27001.
  • Performed 75+ control tests with vendor monitoring via BitSight and SecurityScorecard; led investigation and reporting of data security events.
  • Standardized assessment templates, evidence request workflows, and procedures for security questionnaires, policies, and vendor documentation review; drove TPRM standards improvement.
  • Mentored junior analysts on assessment quality, assurance evidence review, control interpretation, and risk documentation across 100+ controls.
05
Deloitte INTERNSHIP
Analyst Intern
Jan 2021 – Jul 2021 · Gurgaon, India
EXPAND ↓
  • Supported ITGC and SOC 1/2/3 audit engagements for Fortune 500 clients across healthcare, insurance, and financial services — same scope as full-time role, converted to Senior Analyst upon completion.
  • Executed control tests across access management, change management, and operations domains; documented findings with audit-grade evidence and workpaper standards.
  • Developed risk assessment frameworks and contributed to standardizing evidence request templates across the audit team.
03

Skills & Arsenal

Third-Party Risk Management
TPRM Vendor Risk Assessments Control Gap Analysis Assurance Evidence Risk Acceptance SIG Questionnaires BitSight SecurityScorecard RiskRecon Vendor Lifecycle Mgmt
Frameworks & Standards
NIST 800-53 FedRAMP SOC 1/2/3 HIPAA HITRUST ISO 27001 PCI DSS NIST CSF CIS Controls CSA CCM / CAIQ COBIT COSO
GRC & Cloud Platforms
ServiceNow GRC/IRM OneTrust Archer ProcessUnity AWS IAM AWS Bedrock Azure AD Tenable Splunk QRadar
Technical & Automation
Python PowerShell Bash AI/LLM Integration Penetration Testing Vulnerability Mgmt SSP Documentation Evidence Collection Jira
04

Projects

⚡ Production Project
CoalHex
An AI-powered chatbot built on AWS Bedrock that ingests Coalfire's internal SOP documentation and enables clients to self-serve Remote Access Device (RAD) queries. Built to reduce support overhead and give clients instant, accurate access to operational knowledge. Approved for client deployment — staged rollout underway pending Bedrock infrastructure provisioning.
AWS Bedrock Python RAG Architecture LLM Orchestration SOP Ingestion Coalfire Internal
☁️ Cloud Security
cloudguardaws
A production-quality AWS security misconfiguration scanner. Run it from the CLI or let GitHub Actions run it on a weekly schedule to catch drift before it becomes an incident.
Python AWS SDK GitHub Actions S3 · IAM · SG
github.com/pranaysuri26-lgtm ↗
🔍 SAST / AppSec
secretscan
A lightweight SAST tool that scans a directory recursively for hardcoded secrets, credentials, and common vulnerability patterns — without any heavy external dependencies.
Python SAST CI/CD Integration MIT License
github.com/pranaysuri26-lgtm ↗
🧠 Social Engineering
socialiq
A Social Engineering Psychology Analyzer — React app that maps psychological manipulation techniques and attack vectors, useful for security awareness training and phishing simulation design.
React Vite JavaScript Security Awareness
github.com/pranaysuri26-lgtm ↗
05

Certifications

CISA
Certified Information Systems Auditor
ISACA
ISO LA
ISO 27001:2013 Lead Auditor
BSI / PECB
CCSK
Certificate of Cloud Security Knowledge v5
Cloud Security Alliance
Sec+
CompTIA Security+
CompTIA
eJPT
Junior Penetration Tester
eLearnSecurity
06

Education

MS Cybersecurity Analytics & Operations
Pennsylvania State University · University Park
August 2023 — December 2024
3.87 GPA
B.Tech Computer Science Engineering
Specialization: Cybersecurity & Forensics
University of Petroleum and Energy Studies (UPES) · Dehradun, India
August 2017 — May 2021
B.Tech CSE · CyberSec
07

Conference Speaking

6 Talks Selected
4 Confirmed / Delivered
3 Topics Covered
5 Cities
BSides Atlanta2025 · Atlanta, GA
Bridging the Gap Between GRC and Cybersecurity: Strategies for Effective Collaboration
Delivered
Governance, Risk, and Compliance (GRC) teams often operate in silos, disconnected from the hands-on efforts of cybersecurity teams such as red and blue teams. This disconnect can lead to misaligned priorities, overlooked risks, and inefficiencies in responding to threats. In this presentation, we'll explore strategies to bridge the gap between GRC and cybersecurity teams, emphasizing the importance of collaboration in building a unified, risk-aware culture. Attendees will learn actionable techniques to align compliance frameworks with security operations, foster communication between teams, and leverage shared tools and data for better outcomes. This talk will empower both GRC and cybersecurity professionals to break down silos and work together effectively.
CypherCon 92026 · Milwaukee, WI
AI-Powered GRC: Leveraging Machine Learning for Risk Prediction and Compliance Automation
Delivered
Governance, Risk, and Compliance (GRC) is becoming increasingly complex in today's digital-first world. Traditional approaches often struggle to keep pace with the scale and speed of modern risks. Enter AI-powered GRC: a transformative approach that leverages machine learning to automate compliance, predict risks, and streamline governance processes. This presentation will explore how machine learning can revolutionize GRC by enabling real-time risk detection, automating control checks, and improving decision-making. We'll also address challenges like data quality and algorithmic transparency. Attendees will gain insights into cutting-edge tools, real-world use cases, and practical steps to integrate AI into their GRC strategies.
BSidesCTL2026 · Charlotte, NC
LLM Attacks Explained Simply: How AI Systems Get Manipulated in the Real World
Delivered
Large Language Models are becoming a core part of modern security tools, but they're also far easier to manipulate than many organizations realize. In this session, we break down the most common LLM attack techniques in simple, practical terms that anyone can follow. Together, we'll demonstrate how prompt injection, jailbreaks, indirect prompts, and function-call abuse actually happen, and why these attacks succeed even against models with strong guardrails. Our goal is not to teach exploitation, but to help defenders understand the real risks behind AI-powered systems. We'll walk through clear examples, explain the security gaps LLMs introduce, and share straightforward ways teams can reduce exposure without needing machine-learning expertise. This talk is fast-paced, beginner-friendly, and designed to give security engineers, GRC professionals, and analysts a realistic understanding of how attackers take advantage of AI systems today.
BSides Seattle2026 · Seattle, WA
Behind the Audit: What Security Engineers Should Know About SOC and ITGC Controls
Delivered
SOC and ITGC audits are often viewed as tedious compliance checklists, but they are actually critical to building trust and maintaining accountability within secure organizations. In this session, we will take you behind the scenes of real audit engagements to show how access, change, and operational controls are tested and why they matter far beyond passing an audit. Drawing from our combined experience in cybersecurity, governance, and risk, we will share lessons learned, common pitfalls, and practical ways to design audit-ready environments that strengthen overall security posture. Attendees will gain actionable insights to prevent recurring findings, improve evidence collection, and bridge the gap between security and compliance teams. Whether you are a security engineer or a GRC professional, this talk will help you transform the way you approach audits from a yearly requirement to a continuous improvement opportunity.
BSidesKC2026 · Kansas City, MO
AI-Powered GRC: Leveraging Machine Learning for Risk Prediction and Compliance Automation
Delivered
Governance, Risk, and Compliance (GRC) is becoming increasingly complex in today's digital-first world. Traditional approaches often struggle to keep pace with the scale and speed of modern risks. Enter AI-powered GRC: a transformative approach that leverages machine learning to automate compliance, predict risks, and streamline governance processes. This presentation will explore how machine learning can revolutionize GRC by enabling real-time risk detection, automating control checks, and improving decision-making. We'll also address challenges like data quality and algorithmic transparency. Attendees will gain insights into cutting-edge tools, real-world use cases, and practical steps to integrate AI into their GRC strategies.
BSidesSATX2026 · San Antonio, TX
The Role of Common Control Frameworks (CCFs) in Simplifying Compliance Across Multiple Standards
Selected
In today's regulatory landscape, organizations must comply with multiple standards like ISO 27001, NIST CSF, SOC 2, and others. However, managing compliance across these frameworks can be overwhelming, resource-intensive, and prone to errors. Common Control Frameworks (CCFs) offer a streamlined approach by unifying controls into a single, cohesive system, reducing redundancy and simplifying compliance efforts. This presentation will explore the importance of CCFs, their role in aligning diverse standards, and the challenges organizations face when implementing them. Attendees will walk away with actionable strategies for adopting CCFs effectively, optimizing compliance workflows, and enhancing overall governance. Whether you're a technologist, auditor, or executive, this talk will provide insights to make compliance both efficient and impactful.
08

Contact

Let's build something secure.

Open to GRC, TPRM, and AI security roles. Whether it's a full-time opportunity, a contract engagement, or just a conversation about the threat landscape — I'm here.

pranaysuri26@gmail.com Email → linkedin.com/in/pranay-singh-suri LinkedIn → +1 (214) 869-0093 Call →
secure_message.sh
# Direct channels — always monitored
$ curl -X POST /api/reach-pranay \
  -d '{ "channel": "email",
       "to": "pranaysuri26@gmail.com",
       "subject": "opportunity",
       "location": "Atlanta, GA" }'
→ 200 OK · Message delivered ✓
# Response time: typically < 24h
# Available for: Full-time · Contract
# H1-B sponsorship required
$ echo "Let's connect."
Let's connect.