Collaborate

Technology risk governance and audit leadership, built for regulated financial services.

Who

25 years across banking, insurance, and asset management. Currently Principal Audit Manager (Technology Validations) at a Tier-1 global bank, running enterprise-scale remediation validation programs across cloud, infrastructure, identity, and third-party risk.

The operating focus: controls that actually work and evidence that proves it under scrutiny.

CISSP • CISSP-ISSAP CISA MBA (IIM Indore) CA (ICAI)

What

Four areas where I'm consistently pulled in when the stakes are high.

Audit leadership & remediation validation

Defensible closure protocols, quality criteria, evidence expectations, and repeatable testing frameworks. Designed to hold up when examiners or internal audit functions look hard.

Issue closureEvidence qualityThematic risk

AI governance & GenAI controls

Audit programmes for Copilot, ChatGPT Enterprise, and LLM deployments in regulated environments. Control design, risk assessment, and evidence strategy for AI systems under DORA, EU AI Act, and FCA expectations.

AI governanceCopilot auditDORA

Cloud, infrastructure & identity risk

Risk-based oversight across Microsoft 365, cloud controls, IAM/PAM, and production platform resilience. Assurance that maps to ISO 27001 and NIST CSF without the generic checklist approach.

M365IAM/PAMResilience

Third-party & vendor assurance

SOC report analysis, pen-test deep dives, obligation mapping, and remediation tracking designed to survive audit time pressure. From intake to ongoing monitoring.

TPRMSOC reportsVendor CCMM

Start a conversation

Email is the right channel. Include what you are working on and what outcome you need. No intake forms. No sales process.

sachin@rtapulse.comLinkedIn

Based in Birmingham, UK. Relocating to Mumbai, August 2026. Available for advisory engagements across UK, India, UAE, and HK.

Contribute or challenge

Field notes and control content improve when practitioners push back. Here is how.

Corrections and counterexamples

If something is factually wrong, missing a control, or breaks in real environments, email is the right channel. Include the URL and what should change.

Email

Content requests

Suggest a field notes topic, request a Python Encounter, or flag a gap in a Dhārā. Requests are reviewed on clarity, relevance, and quality. Replies where possible.

Email

Please do not include confidential or client-identifying material in any correspondence.

What ऋतPulse means

rtapulse.com (ऋतPulse) combines ऋत (ṛta / ṛtá), order, rule, truth, rightness, with Pulse (a living signal of health). It reflects how I think GRC should work: not a quarterly scramble, but a steady rhythm, detect drift early, keep evidence ready, and translate risk into decisions leaders can act on.