Goluguri Sruthilaya
Information Security Consultant
Bengaluru,KA
Summary
Result-driven Information Security & Compliance professional with 3 years of experience in ISO/IEC 27001 implementation, SOC 2 audits, and supporting ISMS operations. Skilled in developing and maintaining ISMS policies, SOPs, and security documentation while coordinating internal assessments, gap analysis, and audit walkthroughs with external assessors. Demonstrated expertise in control mapping against ISO 27001:2022 Annex A and SOC 2 Trust Service Criteria, along with supporting GDPR and CSA STAR (CAIQ) related evidence activities. Strong analytical, documentation, and communication skills with a proactive, ownership-driven approach toward continuous compliance improvement and security awareness within consulting and corporate environments.
Overview
3
3
years of professional experience
4
4
Certifications
Work History
Associate Consultant
Wings2i IT solutions Pvt. Ltd.
05.2024 - Current
- Supported ISO/IEC 27001 implementation and maintenance activities including documentation, control alignment, and evidence management.
- Coordinated and participated in SOC 2 audit preparation, audit walkthroughs, and control validation with internal teams and external assessors.
- Worked on ISMS operations, including policy and SOP drafting, periodic reviews, and ensuring adherence to organizational security processes.
- Performed internal assessments and gap analysis against ISO 27001:2022 Annex A and SOC 2 Trust Service Criteria.
- Assisted in risk identification, risk register updates, and audit remediation tracking to support continuous compliance improvements.
- Delivered and supported security awareness and best-practice communication sessions across business units.
- Contributed to GDPR compliance support activities including data mapping and documentation updates.
- Participated in CSA STAR CAIQ alignment and evidence collection activities for cloud service control verification.
IT Risk Advisory
RiskPro India Ventures Pvt Limited
02.2023 - 04.2024
- Supported ISO 27001 and SOC 2 audits and readiness assessments for multiple client environments.
- Conducted gap assessments against ISO 27001:2022, SOC 2, and GDPR frameworks.
- Assisted in closing audit findings and maintaining continuous improvement plans.
- Reviewed and updated ISMS policies, SOPs, and process documentation.
- Coordinated and conducted Information Security Awareness Trainings across business units.
- Supported external and internal audit walkthroughs; provided evidence for surveillance audits.
- Guided teams in effectively addressing SOC 2 audit findings and control maturity improvements.
- Supported risk assessment and remediation tracking with different functional teams.
- Helped standardize ISMS operational processes, including asset management, access control, and incident response.
- Provided project management support for risk and compliance-related activities.
Education
M.B.A -
Andhra University
Vishakhapatnam, Andhra Pradesh01.2023
B.Sc. - Computer Science
Andhra University
Vishakhapatnam, Andhra Pradesh01.2021
Skills
- Frameworks: ISO 27001:2022, SOC 2, GDPR, CSA STAR, ISO 22301, ISO 27701, ISO 42001
- Tools: TPRM, Excel Dashboards
- Compliance Skills: ISO 27001, SOC 2, ISMS Documentation, Gap Analysis, Internal Audits, External Audits, Risk Management, Risk Register, Control Mapping, Audit Remediation, Evidence Preparation, Awareness Training, SOP Development, Policy Review, Compliance Reporting
- Soft Skills: Stakeholder Coordination, Clear & Structured Communication, Documentation & Reporting Accuracy, Attention to Detail, Time & Task Prioritization, Analytical Thinking, Problem-Solving Approach, Ownership & Accountability, Team Collaboration
Certification
ISO/IEC 27001:2022 Lead Auditor by CPG
Projects/Contributions
- Played a key role in maintaining ISO 27001:2022 ISMS operations, ensuring alignment of documentation, controls, and ongoing operational compliance.
- Supported SOC 2 audit preparation and evidence readiness, enabling efficient control walkthrough and observation remediation.
- Coordinated and supported internal and external audit exercises, ensuring timely responses, documentation availability, and corrective action tracking.
- Delivered and facilitated Security Awareness Training programs to promote secure behavior and compliance culture across users.
- Supported risk assessment and risk remediation workflows with accurate updates to the risk register and mitigation follow-ups.
- Assisted in reviewing and updating ISMS documentation, including policies, SOPs, and records required for surveillance audit readiness.
- Contributed to GDPR documentation and privacy compliance support tasks.
- Assisted in CSA STAR CAIQ-based control alignment and evidence collection.
Timeline
Associate Consultant
Wings2i IT solutions Pvt. Ltd.
05.2024 - Current
IT Risk Advisory
RiskPro India Ventures Pvt Limited
02.2023 - 04.2024
M.B.A -
Andhra University
B.Sc. - Computer Science
Andhra University