Kondapalli Raakesh
Hyderabad
Summary
Experienced information security internal auditor with over a decade of experience, known for maintaining strict standards and achieving meaningful results. Demonstrated success in establishing and executing security protocols to protect company data. Collaborative and adaptable team member skilled at navigating fast-paced environments and delivering reliable solutions. Proficient in internal audits, risk management, and ensuring compliance with regulations. Highly regarded for integrity and exceptional problem-solving abilities.
Overview
10
10
years of professional experience
6
6
years of post-secondary education
Work History
Information Security Specialist
UST
09.2023 - Current
- Information Security Audit & Compliance to support and enhance our organization's security governance, risk, and compliance initiatives. This role is responsible for performing security audits, ensuring compliance with regulatory requirements and internal policies, and assisting in the development of risk mitigation strategies.
- Manage external audits conducted by third party/statutory partners, and certification body (Like Intertek) for ISO 27001, ISO 27701, NIST cyber-Security framework, PCI-DSS and HiTRUST (for customer accounts) and SOC2 Type 2 audits.
- Perform the internal audits and physical walkthrough on regular frequency with adhere to ISO27K1 standards.
- Presenting the audit / assessment report and statuses of observations to client and discuss on improvement and maturity on security culture into the system in frequent meetings.
- Reporting the observations and opportunities of improvements (OFI), which is extremely helpful in raising customer confidence in security landscape and compliance maturity.
- Conducting Vendor risk assessments to assess security posture of vendors against organizational security requirements.
- Review client contracts and MSA, client questionnaires and RFPs as part of the Customer Compliance Assurance (CCA).
- Promoting security culture (security awareness) in the Organization.
- Developed comprehensive information security policies, ensuring compliance with industry standards and regulations.
Information Security Internal Auditor
Birla Soft
06.2022 - 08.2023
- In my current role, one of the prime responsibilities is management of the projects related to information security compliances of client specific environment and perform regular reviews with client managers. Birlasoft information security team manages the security of information assets being used in client engagement, as per the contractual agreement.
- Experienced information security auditor, imparted more than 150 customer account audits. Performing security reviews as per the ISO27K1 standards, IT general controls assessment, Regulatory & Contractual Compliance.
- Review of Customer contracts (MSA and other security contractual document), coordination with technology and business groups/ delivery teams for assessment, implementation, and monitoring security risks/hazards in accounts and manage the agreed level of security compliance as per the ISO 27001 standards.
- Working with security managers to monitor and review the progress and present the status quo to client in monthly or quarterly business review meetings.
- Managing the Business Impact Analysis (BIA) of all the accounts and enabling functions. Reviewing BCP (business continuity plan) with function SPOCs/head annual basis or as and when there is any change.
- Worked on org level certifications, actively participated in CMMI level 5 certification/re-certification, ISO 27001 security audit and recertification.
- Developing audit programs and testing procedures in accordance with ISO framework and per the client requirement agreed in contractual obligation documents like MSA or SOW. Conducting assessment, presenting to customer and discussing and guiding the improvements in regular connects.
- Tracked the non-conformities / OFIs till closure and consistently increasing maturity level of several low compliant areas like vulnerability remediation, Antivirus and EDR compliance, encryption, training and awareness compliance etc. , through regular monitoring.
Information Security Manager
TCS
03.2015 - 05.2022
- The ISM is responsible for establishing and maintaining a corporate wide information security management program to ensure that information assets are adequately protected. This position is responsible for identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise.
- Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization.
- Develop, maintain and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and practices.
- Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users.
- Work directly with the Business IOUs to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk.
- Ensure that security controls comply with regulations and policies to minimize or eliminate risk.
- Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation.
- Performing Information Security risk assessments and foreseen identified risks has to be captured in Risk Registers.
- Manage, track end to end Security Incidents with Incident Response team (IRT). Track design & implementation of security controls required to mitigate weakness. Work with SOC team and IT team for corrective and preventive action. Impart Information security trainings.
- Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered.
- Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.
- Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.
- Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and comply with policies and audit requirements.
- Performing periodic internal security audits and follow-up with the cross functional business units for closure of gaps which are identified in the audits.
Education
MASTER OF TECHNOLOGY - Computer Science & Engineering
ADAMS ENGINEERING COLLEGE
06.2012 - 06.2014
BACHELOR OF TECHNOLOGY - Information Technology
ADAMS ENGINEERING COLLEGE
06.2006 - 06.2010
Skills
ISO 27001 & NIST
Information Security Auditing & Consulting
Report Writing and Documentation
Internal Audit Reporting & Incident Management
Security Awareness Training
Compliance management
Business Continuity and Crisis Management
Vendor Compliance
GDPR
M&A Compliance
Languages
6,5,6
Languages
Telugu
Hindi
English
Personal Information
Timeline
Information Security Specialist
UST
09.2023 - Current
Information Security Internal Auditor
Birla Soft
06.2022 - 08.2023
Information Security Manager
TCS
03.2015 - 05.2022
MASTER OF TECHNOLOGY - Computer Science & Engineering
ADAMS ENGINEERING COLLEGE
06.2012 - 06.2014
BACHELOR OF TECHNOLOGY - Information Technology
ADAMS ENGINEERING COLLEGE
06.2006 - 06.2010