ANUSHA SUVARNA

• Lead ISO27001 recertification program for Flipkart by conducting internal audit of SCM locations, updating policies and standards, closing out gaps, keeping track of KPI.
• Perform TPRM/VRM assessments on all vendors getting onboarded to Flipkart and Flipkart group entities
• Perform contract reviews and suggest security clauses to be included in the contract
• Conduct information security awareness training to all new onboarded employees.
• Conduct phishing awareness simulation campaigns using mimecast for all Flipkart and group companies
• Perform VAPT assessments on all the Flipkart developed tools.
• Conducted onsite audit in data centres, Warehouses against ISO27001 and NIST CSF standards.
• Prepare a roadmap for the overall maturity of the group entities.

• Maintained company-wide compliance with industry standards and ISO27001 Directed in-house cyber security auditing program to detect flaws and weaknesses in Client Security Architecture.

• Identify gaps in policies and standards of clients using GDPR, NIST CSF, COBIT and recommend improvements in security systems and procedures

• Conducted Cyber security maturity assessments using ISO27001, NIST Cyber Security Framework

• Perform CMMC Control Testing of client enterprise on AWS cloud and application by verifying evidences

• Conducted PCIDSS assessment on a payment gateway client to identify the gaps and provide recommendations
• Reduced cyber threats by implementing robust security frameworks and incident response plans.
• Creating weekly status reports to present to clients.

• Perform System Criticality Assessment on business needs and decide Cost, RTO, RPO and dependencies of the application
• Co-ordinate with Application team and perform Risk Assessment on the application based on ISO27001 controls.
• Work on Access Control Policies for the application.
• List out all roles and check for SOD access violation.
• Perform Access Validation for the application
• If the application is used for Defense then based on the data types used by the application perform NIST 800-171 assessment on the application
• Design Disaster Recovery plan for the application by taking note of the Servers and Databases of the application and Business Requirements.

• Check compliance of all infrastructure devices like Servers, Client and Developer machines by applying Centre for Internet Security Controls (CIS)
• Identify reason for non-compliance by checking if there are any phantom accounts, guest accounts, vulnerabilities that require patching, OS version, Firewall and Antivirus in the end machine is out of date
• Send the list of non-compliant assets to respective teams and guide them remediation process
• Achieved 90% compliance