Cindy Ruan

Cindy Ruan is the lead Governance Risk and Compliance (GRC) specialist at UpGuard, where she guides the enterprise risk function and oversees GRC development. Her background includes specialized roles in cybersecurity consulting and technology risk, equipping her with a deep understanding of IT audits and risks associated with complex security environments.

Expertise

Cindy’s expertise is concentrated in Governance, Risk, and Compliance (GRC), alongside developing and leading enterprise risk functions. She has practical experience in conducting cyber maturity assessments, IT audit and assurance, and ICT system certifications, specifically against the ISM. Her core competencies also include Management Consulting and Data Analysis, which she has applied in both technology risk and cyber-focused consulting roles.

Experience

Cindy currently leads the GRC function at UpGuard, where she manages the enterprise risk function and is responsible for the development and strategy of activities, including but not limited to:

• Third-party risk management;
• Internal audit and compliance;
• Security awareness training;
• External audit coordination and management;
• Customer assurance; and
• Policy and process improvements. 

Cindy has shared her insights into GRC best practices at the prestigious Australian Cyber Conference.

Prior to UpGuard, she worked at a cybersecurity consulting firm, focusing on Governance, Risk, and Compliance. Her foundation in the field was established at a large professional services and consulting firm, where she held roles in Management Consulting within the Technology Risk and Cyber practices. 

Education

Cindy holds two bachelor's degrees from the University of Adelaide: 

• Bachelor of Computer Science
• Bachelor of Laws (LLB). 

Favorite cyber quote:

"You can't just be compliant; you must be defensibly compliant."