Dynamic GRC Senior Analyst with three years at Tanama Software, excelling in ISO 27001 and SOC 2 audits. Proven expertise in IT risk management and third-party risk assessments, coupled with strong analytical skills. Successfully enhanced security protocols and led initiatives for continuous quality improvement, ensuring compliance and robust information security practices.
3 years of experience in Third-Party Risk Management (TPRM), specializing in vendor due diligence, risk assessments, and compliance monitoring.
Proficient in identifying, analyzing, and mitigating third-party risks related to information security, data protection, and regulatory compliance.
Hands-on experience in conducting vendor risk classification, evidence review, gap analysis, and remediation tracking.
Strong understanding of risk frameworks (ISO 27001, NIST, GDPR, SOC2) and vendor governance processes.
Skilled in preparing risk reports, maintaining vendor risk registers, and collaborating with stakeholders for issue resolution.
Detail-oriented Information Security Senior Analyst with three years of experience in GRC.
Expertise in ISO 27001 audits, SOC 2 Type 2 audits, IT risk management, third-party risk management, information security policy and procedure creation, internal audits, cybersecurity maturity assessments, and information security awareness training.
Performing user access reviews for high privileged AD groups and different teams.
Performing application access reviews for the critical applications.
Providing the evidence for the external auditors during the audit.
Performing security risk assessments for the pre-production applications.
Verifying the due diligence of the Vendor during the SRA and providing suggestions related to security.
Identifying and handling conflict situations and making quick decisions for any issue within the team.
Ad-hoc tasks for the benefit of the program on time.
Ensuring that the incidents are properly escalated & assigned to appropriate individuals/groups.
Performing and communicating daily health checks to management.
Involved in auditing tickets and handling continuous quality process improvement.
Rolling out the idea box and introducing SIPs to improve the program.
Active participation in value-based service delivery initiatives and ensuring proper implementation and closure.
Education
Bachelor of Science - Computers
Computers
Hyderabad
06.2013
Skills
IT Governance
IT Risk Management
Third Party Risk Management
SOC 2 type 2 audits
ISMS
ISO 27001 Lead Auditor
Information Security
Risk Assessment
Internal Audit
Analytical & Troubleshooting an issue
Cyber Security GRC
Risk Management
TPRM
Working knowledge of ISO 27001
ISO 27001 audits
SOC 2 audits
Risk assessment
Compliance management
Operating system: Windows & Mac
Languages
TELUGU
KANNADA
ENGLISH
HINDI
Training
ITIL Trained
ISO 27001 Lead Auditor (Trained)
CEH (Trained)
IBM Customer Engagement Specialist
Disclaimer
I hereby declare that the information furnished above is true to the best of my knowledge.
Key Deliverables
ISO27001 Audits
KMDB&Risk Management
Maintaining SLA & Compliance
Rootcause analysis & CAPA
Providing a knowledge sharing session on Information Security to the team of the company every quarter.
Audit readiness and all the documents required for ISO 27 K.