Chitkala M Addanki
Vice president at CBA
Bengaluru
Summary
Recognized for a strong leadership acumen, fostering a culture of proactive risk management, regulatory excellence, and continuous improvement while mentoring teams and collaborating with cross-functional stakeholders. Extensive knowledge of supplier control frameworks, including privacy, resilience, AML, modern slavery, & cybersecurity, ensures compliance and operational integrity. Proven ability to identify compliance vulnerabilities, implement risk mitigation strategies, and reinforce security measures to uphold organizational resilience and governance standards.
Overview
21
21
years of professional experience
9
9
Certifications
Work History
Associate Vice President
Commonwealth Bank of Australia
2021.09 - Current
- Manage end-to-end third-party risk assessments, evaluating cybersecurity, privacy, AML, financial, & operational risks for Tier 0-2 suppliers.
- Conduct quality checks on Inherent Risk Questionnaires (IRQ) to ensure alignment with internal policies, regulatory standards, & supplier services.
- Oversee SOC 2 Type 1 & 2 reviews, perform supplier control testing, and identify compliance gaps for risk mitigation.
- Assess supplier control programs, including privacy, cyber resilience, AML, modern slavery, financial due diligence, & business continuity.
- Validate AI-driven inherent risk assessments, ensuring tiering outcomes align with process logic and governance frameworks.
- Create Supplier Risk Profiles and Risk Memos, documenting risks and recommending appropriate controls for governance improvement.
- Act as single point of contact between business units and suppliers, ensuring seamless onboarding, due diligence, & risk governance.
- Collaborate with procurement, compliance, cybersecurity, & operational risk teams to complete due diligence for onboarding & contract renewals.
- Lead the transition of all suppliers to the Supplier Risk & Governance (SRG) tool, optimizing third-party risk management.
- Confirm CAP scope, process, and timelines with key stakeholders, ensuring timely execution of control assurance activities.
- Perform internal reviews to identify discrepancies in AI model predictions & SRG tool outcomes, guiding businesses on risk assessment best practices.
- Provide SME support for Modern Slavery Risk Assessments, ensuring compliance with human rights policies & ethical sourcing standards.
- Deliver training sessions on Modern Slavery Risk Assessments & Inherent Risk Questionnaires, enhancing awareness across business units.
- Provide guidance on risk assessment frameworks, improving risk evaluation.
- Recognized by senior leadership for ensuring timely, compliant vendor onboarding & maintaining high due diligence standards.
- Led the transition of all suppliers to the SRG tool, streamlining third-party risk and governance processes.
- Identified discrepancies in AI-based risk assessments, improving tiering accuracy and supplier risk evaluation.
- Received commendation for Modern Slavery SME support, ensuring zero audit gaps and regulatory compliance.
Advisory Consultant
IBM India Pvt. Ltd.
2015.06 - Current
- Assess projects to identify security & compliance requirements, ensuring client's security alignment with IBM's Security & Privacy Framework.
- Implement technical and logical security controls, ensuring effective documentation, compliance, and operational resilience.
- Partner with project managers & technical leads to implement regulatory requirements & tailor security controls to client needs.
- Conduct internal security audits, identify compliance gaps, and drive risk mitigation strategies for continuous improvement.
- Develop and standardize security procedures, ensuring consistent application across projects and adherence to best practices.
- Deliver training on data security, privacy frameworks, and GDPR, enhancing team awareness and implementation capabilities.
- Configure and manage security policies, ensuring compliance with enterprise risk management and evolving industry standards.
- Facilitate internal & external audits, track findings, and drive remediation by implementing corrective actions & monitoring compliance responses.
- Generate compliance reports, assess organizational risk, & initiate security enhancements to strengthen governance frameworks.
- Mentor new team members on IBM's security framework, guiding SOP development & granular security measure implementation.
- Awarded Above and Beyond for outstanding contributions to project deliverables and program-level training initiatives.
- Recognized by senior leadership for ensuring continuous compliance and maintaining enterprise-wide security resilience.
- Mentored team members, enabling them to achieve high performance ratings in security and compliance projects.
Associate Consultant
Tata Consultancy Services
2011.02 - 2015.05
- Manage ISO 27001 control effectiveness, risk containment, and compliance assurance, conducting infrastructure, security, and administrative audits to strengthen security posture.
- Facilitate internal & external ISO 27001 audits, gathering artifacts, reviewing IT exceptions, & ensuring compliance with regulatory standards.
- Perform risk assessments, vulnerability analysis, & IT general controls testing, identifying security gaps & recommending mitigation strategies.
- Oversee vendor security reviews, ASP assessments, and compliance with ISO 27001:2013, aligning security controls with organizational policies.
- Analyze SOC alerts in ServiceNow, assess security exceptions, & implement corrective actions to enhance IT governance & risk management.
- Develop and execute audit programs, control testing, and CAPA strategies, ensuring compliance and improving security resilience.
- Conduct security awareness training and provide advisory support on risk management, compliance, and regulatory frameworks.
- Review & control SOC reports, summarizing key risks, control effectiveness, & compliance findings for leadership review.
- Support policy updates, segregation of duties (SOD) reviews, & access controls, strengthening governance & minimizing compliance risks.
- Led ISO 27001 compliance programs across GMR Infrastructure, NEST (UK), & Ameriprise Financial (US), ensuring regulatory adherence.
- Spearheaded policy & procedure updates for GMR Infrastructure, aligning governance frameworks with ISO 27001:2013 standards.
- Strengthened vendor security review processes by enhancing assessment methodologies & improving security control effectiveness.
- Optimized audit and compliance frameworks by implementing IT general controls testing and refining security exception management.
Associate IT Consultant
ITC Infotech
2008.02 - 2011.02
Programmer /Security Consultant
V-Empower Solutions
2005.04 - 2008.01
Education
Master of Computer Applications - Computers
Indira Gandhi National Open University
Delhi, IndiaBachelor of Science - Computers
Nagarjuna University
Guntur, IndiaSkills
Information Security & Compliance
Regulatory Frameworks (ISO 27001, GDPR, PCI DSS)
Incident & Vulnerability Management (OWASP Framework)
Internal Control & Risk Assessments
Vendor Due Diligence & Governance
Assurance Testing
Governance, Risk, and Compliance (GRC) Frameworks
Remediation Strategies
Team Leadership
Stakeholder Engagement
Cybersecurity Risk Management
Cross-functional Coordination
Certification
Mentor Badge, IBM, 2020-01-01
Timeline
Associate Vice President
Commonwealth Bank of Australia
2021.09 - Current
Advisory Consultant
IBM India Pvt. Ltd.
2015.06 - Current
Associate Consultant
Tata Consultancy Services
2011.02 - 2015.05
Associate IT Consultant
ITC Infotech
2008.02 - 2011.02
Programmer /Security Consultant
V-Empower Solutions
2005.04 - 2008.01
Master of Computer Applications - Computers
Indira Gandhi National Open University
Bachelor of Science - Computers
Nagarjuna University