Collaborate

Technology risk governance and audit leadership, built for regulated financial services.

Who

25 years across banking, insurance, and asset management, in technology risk, audit, and controls.

The operating focus has not changed: controls that actually work, and evidence that proves it under scrutiny.

CISSP • CISSP-ISSAP CISA MBA (IIM Indore) CA (ICAI)

What

Four areas this work and these field notes keep coming back to.

Audit leadership & remediation validation

Defensible closure protocols, quality criteria, evidence expectations, and repeatable testing frameworks. Designed to hold up when examiners or internal audit functions look hard.

Issue closureEvidence qualityThematic risk

AI governance & GenAI controls

Audit programmes for Copilot, ChatGPT Enterprise, and LLM deployments in regulated environments. Control design, risk assessment, and evidence strategy for AI systems under DORA, EU AI Act, and FCA expectations.

AI governanceCopilot auditDORA

Cloud, infrastructure & identity risk

Risk-based oversight across Microsoft 365, cloud controls, IAM/PAM, and production platform resilience. Assurance that maps to ISO 27001 and NIST CSF without the generic checklist approach.

M365IAM/PAMResilience

Third-party & vendor assurance

SOC report analysis, pen-test deep dives, obligation mapping, and remediation tracking designed to survive audit time pressure. From intake to ongoing monitoring.

TPRMSOC reportsVendor CCMM

Start a conversation

Email is the right channel. Tell me what you are working on or thinking through. No intake forms, no sales process, no pitch.

[email protected]LinkedIn

Birmingham now, Mumbai from late 2026. Always glad to compare notes with practitioners across the UK, India, Singapore, the Gulf, and APAC.

Contribute or challenge

Field notes and control content improve when practitioners push back. Here is how.

Corrections and counterexamples

If something is factually wrong, missing a control, or breaks in real environments, email is the right channel. Include the URL and what should change.

Email

Content requests

Suggest a field notes topic, request a Python Encounter, or flag a gap in a Dhārā. Requests are reviewed on clarity, relevance, and quality. Replies where possible.

Email

Please do not include confidential or client-identifying material in any correspondence.

What ऋतPulse means

rtapulse.com (ऋतPulse) combines ऋत (ṛta / ṛtá), order, rule, truth, rightness, with Pulse (a living signal of health). It reflects how I think GRC should work: not a quarterly scramble, but a steady rhythm, detect drift early, keep evidence ready, and translate risk into decisions leaders can act on.