Hemanath Ravi

Responsibilities

TGC and ISO 27001 Implementation:

• Actively engaged in the implementation of IT General Controls (ITGC) and adherence to ISO 27001 standards for both product and project teams.

Third-Party Risk Management:

• Conducted third-party risk assessments in accordance with company security policies and industry standards.
• Developed and managed a comprehensive third-party risk management monitoring and reporting process.

Controls Review and Compliance:

• Reviewed systems to ensure compliance with IT general controls, identified risks, and ensured adherence to policies and regulations.

Security Incident Management:

• Monitored and reported security incidents, conducted root cause analysis, and ensured follow-up actions until the closure of incidents, maintaining a robust incident management process.

Policy Implementation:

• Identified outdated process controls and implemented the organization’s policy or procedure documents, aligning them with industry best standards.

Risk Evaluation and Control Establishment:

• Evaluated the IT infrastructure, DevOps, and Development teams to identify potential risks to the organization.

PCI DSS Compliance:

• Ensured compliance with PCI DSS (Payment Card Industry Data Security Standard) by implementing and monitoring security controls for payment processing systems.
• Conducted regular PCI DSS assessments, identified gaps, and implemented corrective measures.
• Coordinated with external auditors for PCI DSS certification and recertification processes.

Quality Management System (QMS):

• Supported the development and maintenance of the Quality Management System (QMS) in accordance with ISO 9001 standards.
• Conducted internal quality audits and worked with teams to address non-conformities and enhance process efficiencies.
• Assisted in the preparation of QMS documentation and process improvement initiatives.

Incident Management:

• Developed and implemented incident management procedures to respond to security incidents.
• Conducted investigations and root cause analyses of security incidents.
• Coordinated response and recovery efforts to minimize the impact of security incidents on business operations.
• Maintained an incident log and produced post-incident reports with recommendations for future prevention.

Responsibilities

Assist in SOC 2 Audits:

• Support the preparation and execution of SOC 2 audits using Vanta.
• Gather and organize documentation required for audits within Vanta.
• Participate in audit meetings and discussions.

Documentation and Reporting:

• Help maintain and update SOC 2 documentation, including policies, procedures, and controls, using Vanta.
• Assist in preparing reports and presentations on SOC 2 compliance status generated by Vanta.

Control Testing:

• Conduct and document tests of internal controls within Vanta to ensure they are operating effectively.
• Identify and report any control deficiencies or weaknesses flagged by Vanta.

Risk Assessment:

• Participate in risk assessments and help identify potential security risks using Vanta’s risk assessment features.
• Assist in developing and implementing mitigation strategies.

Policy and Procedure Review:

• Review and suggest improvements to IT security policies and procedures.
• Ensure that all documentation aligns with SOC 2 requirements.

Training and Awareness:

• Assist in developing and delivering SOC 2 training and awareness programs for employees.
• Help create training materials and conduct training sessions.

Collaboration:

• Work closely with various departments, including IT, Legal, and Operations, to ensure compliance with SOC 2 standards.
• Collaborate with external auditors and consultants as needed.

Responsibilities

• Actively implemented the ISO 27001:2013 (Information Security Management Systems) and SOC 2 Type 2 were certified with good flags.
• Performed all stages of the audit including, planning preparing the audit program, fieldwork executing, reporting and follow up.
• Performing internal audit for security compliance and taking the lead in external security audits, with a focus on supporting various security aspects, include ISO 27001 and SOC 2 Type 2
• Policy, Procedure, Guidelines, SOP creation and Review.
• Ongoing vendor monitoring, including coordination with the first line Business Unit for completion of required TPRM program documentation
• Develop and maintain supplier risk and control monitoring plans, performing monitor activities and analysis of evidence to determine controls are operating effectively
• Responding to client security concerns, answering security queries via call, and preparing documents
• Responsible for handling RFP an