Skip to main content
IT Auditor & GRC Professional

HIMANSHUPOKHARKAR

CISA CertifiedMSc Information SecurityEx-Deloitte & PwC
View My WorkLinkedIn

Currently

Sr. Associate, IT Audit

Company

Berenberg

Location

London, UK

FeaturedUniversity of Surrey·Selected for the NCSC Innovators Challenge — MSc Information Security cohortRead ArticleFeaturedUniversity of Surrey·Selected for the NCSC Innovators Challenge — MSc Information Security cohortRead Article

0+

Years of Experience in IT Audit, GRC & Cybersecurity

Big 4

Deloitte · PwC

CISA

About Me

Risk isn't always where the checklist says it is.

Seven years of IT audits have taught me one thing: the most dangerous risks aren't the ones that fail a control test. They're the ones hiding behind a passed one. I don't just tick boxes. I look for what the boxes miss.

My career has taken me across Big 4 advisory at Deloitte and PwC to in-house at Berenberg, a private bank where audit findings land on desks of people who act on them. Moving from external to internal changed how I think about risk, stakeholder communication, and what good audit work really looks like.

CISA certified. NCSC-accredited MSc from the University of Surrey. Selected for the NCSC Innovator's Challenge. But credentials aside, I'm here to make IT Audit less intimidating and a lot more useful, whether you're three months in or thirteen years deep.

Skills

Areas of expertise

Audit

IT AuditITGCIT GRCExternal AuditsIT ComplianceTPRM

Security

Information SecurityCybersecurityCyber RiskVulnerability Management

Frameworks

ISO 27001DORANISTSOXGDPRITILCOBIT

Leadership

Strategic PlanningProject ManagementPublic Speaking

Key Projects

Research & Projects

MSc ThesisUniversity of Surrey

Evaluating Risk Rating Tools for Vendor Risk Management (TPRM)

Led a research project to enhance Third-Party Risk Management within a live university environment, addressing increasing supply chain risks highlighted by events such as the SolarWinds attack.

Outcome

Improved risk visibility, control assurance, and vendor risk decision-making across the university.

TPRMNIST CSFISO 27005CAIQRisk FrameworkVendor Risk

Tools Evaluated

1
OneTrustGRC and vendor due diligence platform
2
BitSightExternal risk scoring and continuous monitoring
3
Microsoft Defender for Cloud AppsCloud risk visibility

Methodology & Findings

1
Framework alignmentMapped assessment against NIST CSF, ISO 27005, and CAIQ
2
Gap analysisIdentified manual assessments, limited evidence collection, no reassessment cycle
3
Hybrid frameworkCombined qualitative and quantitative risk approaches
4
Weighted scoring modelImproved consistency and reduced subjectivity in vendor risk decisions
5
Continuous monitoringIntroduced time-series analysis for ongoing vendor risk tracking

Career History

Professional experience

Berenberg

Current

London, UK

PresentJan 2026

Senior Associate, Internal Audit (IT)

Dec 2025Dec 2023

Associate, Internal Audit (IT)

Deloitte

London, UK

Nov 2023Sep 2022

Senior Consultant, Cyber Data & Digital

Crossword Cybersecurity

London, UK

Aug 2022Jun 2022

Cyber Security Consultant (Internship)

PricewaterhouseCoopers (PwC)

Mumbai, India

Aug 2021Apr 2021

Experienced Associate

Mar 2021Oct 2019

Associate

Deloitte

Mumbai, India

Aug 2019Dec 2018

Senior Risk Analyst

Nov 2018Apr 2018

Risk Analyst

Academic Background

Education

MSc
MSc
2021 – 2022NCSC-Accredited

MSc Information Security

University of Surrey

  • 1Thesis: Evaluating Risk Rating Tools for Vendor Risk Management (TPRM)
  • 2Evaluated OneTrust, BitSight, and Microsoft Defender for Cloud Apps against NIST CSF, ISO 27005, and CAIQ
  • 3Designed a hybrid risk framework with a weighted scoring model to reduce subjectivity
  • 4Selected for the NCSC Innovator's Challenge
BE
BE
2013 – 2017Engineering

BE Electronics & Telecommunication

University of Mumbai

  • 1Foundation in systems engineering, hardware, and telecommunications
  • 2Technical grounding that directly supports IT infrastructure and application auditing

Credentials

Certifications

Primary

Certified Information Systems Auditor (CISA)

ISACAAug 2021

Enterprise Cyber Security: Architectural Thinking for Security

IBMDec 2021

Cyber Security

CourseraJun 2020

What Leaders Say

Recommendations

I worked with Himanshu where he consistently demonstrated proficiency in IT Audit and GRC. His understanding of compliance frameworks aided our deliverables effectively. Himanshu is skilled in time management and has strong interpersonal skills, making him a reliable team member.

JF

Janet F Freeman

IT Audit Director, UK/Europe & APAC

December 2023

Himanshu had worked with me on few clients with complex IT structure during his stint with PwC. He was one of the most dynamic team members and demonstrated good technical skillset, great communication skills and is adept at managing clients.

JJ

Jithin James

Senior Manager

August 2022

Himanshu is knowledgeable in his auditing domain including GRC (Governance, Risk & Compliance), which is highly supported by time management and people skill which is much needed. He is a very good resource.

DM

Durgesh Mankar

CISO at Pluxee India

January 2022

He is very focused, quick learner and technically sound. Himanshu has great exposure in IT Security audits and ITGCs. He is confident while communicating to clients and team members across hierarchy.

EJ

Emiliana Jockey Crass

Audit Project Leader at PSEG Long Island

July 2021

The two most important qualities about Himanshu are perseverance and calmness, even at times when deliverables are on the edge. He possesses an excellent understanding of IT Audits and Compliance.

TP

Trushna Palo Patjoshi

Governance Risk Compliance Consultant

January 2020

He is a worthy asset to any organization. He is an extremely hard working individual and has accumulated niche skill sets like Risk Management, ITGC, Business Automated Controls and has worked on multiple Cyber Security projects.

GG

Gaurav Gwalia

Associate Director

September 2019

I worked with Himanshu where he consistently demonstrated proficiency in IT Audit and GRC. His understanding of compliance frameworks aided our deliverables effectively. Himanshu is skilled in time management and has strong interpersonal skills, making him a reliable team member.

JF

Janet F Freeman

IT Audit Director, UK/Europe & APAC

December 2023

Himanshu had worked with me on few clients with complex IT structure during his stint with PwC. He was one of the most dynamic team members and demonstrated good technical skillset, great communication skills and is adept at managing clients.

JJ

Jithin James

Senior Manager

August 2022

Himanshu is knowledgeable in his auditing domain including GRC (Governance, Risk & Compliance), which is highly supported by time management and people skill which is much needed. He is a very good resource.

DM

Durgesh Mankar

CISO at Pluxee India

January 2022

He is very focused, quick learner and technically sound. Himanshu has great exposure in IT Security audits and ITGCs. He is confident while communicating to clients and team members across hierarchy.

EJ

Emiliana Jockey Crass

Audit Project Leader at PSEG Long Island

July 2021

The two most important qualities about Himanshu are perseverance and calmness, even at times when deliverables are on the edge. He possesses an excellent understanding of IT Audits and Compliance.

TP

Trushna Palo Patjoshi

Governance Risk Compliance Consultant

January 2020

He is a worthy asset to any organization. He is an extremely hard working individual and has accumulated niche skill sets like Risk Management, ITGC, Business Automated Controls and has worked on multiple Cyber Security projects.

GG

Gaurav Gwalia

Associate Director

September 2019

Let's Connect

Whether you're a student, a fellow auditor, or exploring opportunities, I'm happy to chat about IT Audit, GRC, cybersecurity careers, or anything in between.

Connect on LinkedInSend an Email