Arun Prakash

• Led development and implementation of security policies in accordance with business goals and health standards.
• Prioritized and identified security risks across various business units and technology platforms.
• Conducted regular audits to ensure compliance with HIPAA, GDPR, ISO 27001 standards.
• Enhanced system integrity and performance through thorough security architecture reviews.
• Designed effective security controls to address identified vulnerabilities promptly.
• Secured vendor relationships by managing supplier risks effectively.
• Developed metrics for assessing effectiveness of organizational security initiatives.
• Delivered executive updates on cybersecurity controls, associated risks, and remediation efforts.
• Lead and manage cloud security compliance for AWS and other platforms, ensuring adherence to healthcare regulations, and safeguarding sensitive health data.
• Oversee risk assessments, security controls, and incident response in cloud environments, driving continual improvement and executive reporting.
• Educate and empower staff on cloud security policies and best practices to maintain a strong compliance posture.

• Conducted risk assessments to identify and prioritize information security risks based on data sensitivity and vulnerabilities.
• Developed and implemented security controls aligned with regulatory requirements and industry best practices.
• Reviewed vulnerability data from various sources to assess risk ratings for business assets.
• Evaluated third-party vendors' security postures to ensure adequate protection of shared data.
• Established security metrics and KPIs to measure effectiveness of information security controls.
• Created Cloud Security Policies and Frameworks to enhance compliance and risk management strategies.
• Collaborated with stakeholders on security monitoring and incident response initiatives.
• Designed controls to safeguard confidentiality, integrity, and availability of sensitive data.

Directed oversight of compliance and governance for vulnerability assessment and penetration testing programs.

• Executed IT audits to evaluate adherence to risk management practices and compliance standards.
• Managed information security risk functions while overseeing assessment and treatment plans.
• Conducted thorough third-party risk assessments to ensure vendor compliance with security measures.
• Led GRC portal implementation from planning through successful launch, facilitating smooth operations.
• Analyzed SOC reports and ISMS documentation for control alignment with SOC frameworks.
• Performed regular SIEM reviews and monitoring to enhance threat detection effectiveness.
• Reviewed RFP/RFI submissions, contributing to strategic business development efforts.

• Identified unapproved and high-risk cloud services, collaborating with proxy team for blocking.
• Conducted risk analysis of SaaS and IaaS cloud services using Skyhigh (McAfee) tool.
• Managed enterprise-wide identification and mitigation of operational and regulatory risks.
• Ensured compliance with HIPAA, PCI-DSS, SOC 2, ISO27001, and FedRAMP standards.
• Assisted cloud service owners with Cloud Service Acquisition Request process.
• Developed and maintained GRC framework, aligning policies with strategic objectives.
• Led coordination of governance structure to enhance accountability across departments.
• Reported on GRC initiatives and risk trends to executive leadership for informed decision-making.

• Ensure services are provided in accordance with ISO 27001: 2013 standards.
• Perform VAPT activities.
• IT Audit and Risk assessment.
• Design and review ISMS process and Policies.
• Security incident management (identify security events / incidents, conduct investigation, gather evidence, report to relevant authorities, suggest preventive measures and closures).
• Security Awareness Training.

• Conducting periodic security risk assessments: Work with Cross functional teams like Engineering, Infrastructure, IT, Legal and help minimize security risks.
• Perform control assessment and ensure mitigation of gaps by effective governance and stakeholder engagement.
• Vulnerability Assessment for Servers, desktops and Network devices.

• Internal Quality Audit.
• RCA/Corrective action.
• Implementation of TL9000 requirement & Measurement.