Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Harikrishna Reddy

Brampton

Summary

Information Security and GRC Consultant with 5+ years of experience across banking, telecommunications, and insurance domains, specializing in IT General Controls (ITGC) testing, information risk management, IT audit, and controls assessment. Proven ability to execute controls testing across cloud environments, change management, patch management, data governance, and platform security using structured methodologies aligned with COBIT, NIST, ISO 27001, COSO, and SOX frameworks. Hands-on experience with ServiceNow IRM/GRC, risk register management, corrective action tracking, and audit evidence preparation across hybrid environments (On-Prem, Azure IaaS/PaaS, SaaS). Active pursuit of CRISC certification, holds CompTIA CySA+ and Microsoft Security Fundamentals.

Overview

7
7
years of professional experience
1
1
Certification

Work History

Senior Information Risk Analyst

Rogers Communications
Toronto
06.2025 - Current
  • Working as a key liaison between business units, technology teams, and security leadership to ensure cybersecurity practices are effectively integrated into enterprise Roger’s systems and digital transformation initiatives.
  • Partnered with application owners, cloud engineering teams, and product stakeholders to embed security and risk controls early within the SDLC, ensuring compliance with internal policies and regulatory expectations without impacting delivery timelines.
  • Led end-to-end information risk assessments for critical platforms across hybrid environments (On-Prem, Azure IaaS/PaaS, SaaS), identifying vulnerabilities and recommending actionable mitigation strategies that reduced residual risk exposure by over 30%.
  • Conducted IT General Controls (ITGC) testing across technology platforms, validating patch management processes including timely identification, prioritization.
  • Played a critical role in evaluating risks associated with emerging technologies, including Generative AI use cases, ensuring alignment with evolving governance standards and global data protection requirements.
  • Managed and maintained risk registers, actively tracking identified issues and corrective action plans (CAPs), working closely with engineering teams to ensure timely remediation and audit readiness.
  • Supported regulatory audits and internal control assessments (SOX, NIST-aligned reviews), preparing documentation, evidence, and walkthroughs that resulted in successful audit outcomes with minimal findings.
  • Collaborated with security operations teams on vulnerability management, firewall reviews, and incident response activities, ensuring alignment between operational security practices and enterprise risk.
  • Performed comprehensive IT audit and controls assessments for telecom systems, ensuring adherence to ISO 27001 and NIST frameworks.
  • Supported technology asset management reviews by validating CMDB accuracy, reconciling hardware and software inventories, and identifying untracked or unauthorized assets within the control environment.
  • Led vendor risk management assessments, evaluating third-party risks and ensuring compliance with enterprise security policies and regulatory requirements.
  • Applied structured assessment methodologies to identify control gaps and implemented mitigation strategies that improved overall security posture.
  • Provided security consulting services during major transformation projects, ensuring that cybersecurity requirements were embedded early in project planning and execution.
  • Facilitated Risk and Control Self-Assessments (RCSA) and supported audit processes by preparing documentation, evidence, and walkthroughs.
  • Partnered with DevOps teams to integrate security controls into CI/CD pipelines, aligning with secure software development practices.
  • Track audit findings, risks, and remediation plans, following up with stakeholders and escalating delays or control gaps.
  • Provide visibility into compliance posture, systemic risks, and control weaknesses through executive-level reporting.

Information Risk Analyst

Citi Group
Toronto
05.2024 - 05.2025
  • Worked closely with banking product teams and infrastructure groups to strengthen cybersecurity governance across large-scale digital and payment systems.
  • Acted as a trusted advisor to cross-functional teams, ensuring security and compliance requirements were embedded into Citi Bank’s product launches, infrastructure upgrades, and cloud migrations.
  • Conducted comprehensive risk assessments across payment systems, SaaS platforms, and cloud-hosted applications, identifying control gaps, SOX compliance reviews and implementing remediation strategies aligned with ISO 27001 and NIST frameworks.
  • Executed IT General Controls (ITGC) testing for SOX compliance across banking applications, assessing logical access, change management, computer operations, and data backup controls; prepared test plans, work papers, and issue writeups with clear root cause analysis and risk ratings.
  • Involved as a key player as vendor risk assessments (TPRM), evaluating third-party service providers handling sensitive customer and operational data, ensuring adherence to security and privacy standards.
  • Facilitated Risk and Control Self-Assessments (RCSA), working with business teams to identify key risks, define controls, and improve overall governance maturity.
  • Led information risk assessments and project risk evaluations for enterprise banking applications across On-Prem, IaaS, PaaS, and SaaS platforms, using structured risk assessment methodologies aligned with NIST and internal frameworks.
  • Worked closely with software engineering teams to integrate security controls into the software development lifecycle (SDLC), ensuring secure design, development, and deployment practices.
  • Conducted detailed controls assessments and IT audit support activities, including SOX compliance reviews, helping reduce audit findings and strengthen control effectiveness.
  • Delivered security consulting services to business units by translating complex security requirements into practical solutions that aligned with delivery timelines.
  • Managed risk registers tracked corrective action plans (CAPs) and ensured timely remediation through strong coordination and negotiation with stakeholders.
  • Collaborated with segment-specific security teams on incident response, vulnerability management, and firewall reviews, ensuring alignment with enterprise security standards.
  • Played a key role in evaluating risks associated with Generative AI initiatives, ensuring governance and compliance requirements were addressed early.
  • Demonstrated strong organizational and time management skills by handling multiple high-priority risk assessments simultaneously while meeting strict deadlines.
  • Influenced senior stakeholders by presenting risk insights and mitigation strategies, enabling informed decision-making across business units.
  • Supported SOC 2 and ISO 27001 audit readiness, coordinating evidence across multiple technical teams.
  • Conducted risk and control assessments across infrastructure and cloud environments, identifying gaps and recommending remediation.
  • Tracked issues, findings, and remediation activities, ensuring timely closure and compliance with SLAs.
  • Collaborated with technical stakeholders to ensure controls are effectively implemented and aligned with governance standards.

Associate Consultant – IT Controls & Compliance Analyst

ATOS
02.2019 - 12.2021
  • Conducted information security risk assessments for healthcare systems, ensuring compliance with regulatory standards including GDPR and internal policies.
  • Assisted in implementing and maintaining IT control frameworks and assessment methodologies, improving consistency in risk evaluation processes.
  • Supported SOX control assessments and IT audit activities, ensuring accurate documentation and evidence collection.
  • Collaborated with data and engineering teams to assess risks related to sensitive healthcare data and implemented appropriate controls.
  • Participated in incident response and vulnerability management processes, tracking issues and ensuring timely remediation.
  • Maintained risk logs and tracked corrective action plans, ensuring accountability and closure of identified issues.
  • Demonstrated strong adaptability and ownership of responsibilities, managing shifting priorities and evolving compliance requirements.

Education

MS - Cybersecurity

New York Institute of Technology
Vancouver

Bachelors - computer science and engineering

MVSR College of Engineering
India

Skills

  • ServiceNow IRM (GRC)
  • Information Risk Management & Governance
  • Vendor Risk Management (TPRM)
  • IT Controls & Risk Assessments
  • Cloud Security (IaaS, PaaS, SaaS)
  • Cybersecurity Frameworks: NIST, ISO 27001, SOX, GDPR
  • IT General Controls (ITGC) Testing
  • Incident Response & Vulnerability Management
  • Regulatory Audits & Compliance
  • Patch Management & Vulnerability Lifecycle Controls
  • Stakeholder Management & Executive Reporting
  • ServiceNow GRC
  • One Trust
  • Archer
  • Excel
  • Power BI

Certification

  • COMPTIA CYSA+
  • Microsoft Certified: Security, Compliance, and Identity Fundamentals
  • CRISC (Certified in Risk and Information Systems Control) – In Progress

Timeline

Senior Information Risk Analyst

Rogers Communications
06.2025 - Current

Information Risk Analyst

Citi Group
05.2024 - 05.2025

Associate Consultant – IT Controls & Compliance Analyst

ATOS
02.2019 - 12.2021

MS - Cybersecurity

New York Institute of Technology

Bachelors - computer science and engineering

MVSR College of Engineering

Similar Profiles

CREATE PROFILE
Harikrishna Reddy