Summary
Overview
Work History
Education
Skills
Certification
Languages
Timeline
Generic
Krishna Chaitanya Karri

Krishna Chaitanya Karri

Hyderabad

Summary

Results-driven Information Security Engineering Consultant with extensive experience at Optum, focusing on ISMS-GRC and HIPAA compliance. Expertise in Third-Party Risk Management and delivering effective security training has led to significant enhancements in security protocols for healthcare clients. Strong analytical capabilities and adept stakeholder management contribute to successful project outcomes. Committed to advancing security frameworks within the industry.

Overview

14
14
years of professional experience
1
1
Certification

Work History

Information Security Engineering Consultant

Optum
Hyderabad
02.2024 - Current
  • Managing the Security and Compliance posture for 6 healthcare customers of the North American region through ISMS - GRC, NIST, HIPAA, BCMS, and Data Privacy
  • Implementing NAVEX IRM - GRC platform for 3 healthcare customers
  • Performing Third-Party Risk Management for all vendors of 6 healthcare customers
  • Validating the compliance score and rating for all vendors through Black Kite
  • Providing Information Security and HIPAA trainings and conducting assessments
  • Tools: Censinet, NAVEX IRM, Black Kite, KnowBe4, and RSA Archer

Senior Consultant (Security Lead)

Capgemini
Hyderabad
05.2022 - 02.2024
  • Managed the Security and Compliance posture through ISMS - GRC, HIPAA, NIST CSF, BCMS, and Data Privacy activities for the healthcare platform, where 19 different customers of the North American region access their data analytics and reports
  • Designed and executed the Security Program Roadmap through different GRC activities
  • Documented and Reviewed the Policies, Process documents, SOPs, Guidelines, and Checklists annually and maintained internally, post-approved by CISO
  • Conducted process-based Risk Management activity at the account level
  • Provided Security Awareness trainings to employees & contract resources quarterly covering Information Security, HIPAA, BCMS, Cybersecurity, and Data Privacy
  • Managed and tracked the Incidents at the project level through Incident Management
  • Documented the Security Metrics and Improvements and shared them with top management and board members during the Management Review Meetings
  • Performed the MSA, SOW, and iContract reviews of projects and vendors annually
  • Performed the Third-Party Risk Management activities for all vendors annually
  • Involved in Client Due Diligence activities and shared the responses to the Customer Security Questionnaire, RFI, RFP, RFQ, and RFC
  • Performed AWS, Servers, and End User Computing device assessments quarterly
  • Executed the Internal Audits through ISO 27001, HIPAA, BCMS, and Data Privacy
  • Provided support during External Audits of ISMS, BCMS, SOC 2, and Data Privacy
  • Tools: RSA-Archer, Manage Engine - Service Desk, and MBSA

Associate Manager - Compliance

HCL Technologies
Bangalore
04.2021 - 12.2021
  • Validated internal security controls of the Global IT department
  • Provided support during Internal, External, and Client audits
  • Tools: BMC Remedy - ITSM and RSA Netwitness

Lead - Information Security and Compliance

AGSHealth
Hyderabad
10.2017 - 03.2021
  • Managed Security and Compliance posture through ISMS - GRC and HIPAA as an Individual Contributor and SPOC for the Hyderabad facilities
  • Conducted Information Security Internal Audits for HR, IT, Operations, Admin, Data Center, and Software departments
  • Conducted Training & Awareness and Assessments on Information Security and HIPAA
  • Conducted Risk Management activity at the organizational level for each department
  • Managed and tracked all Incidents through the Incident Management program
  • Managed the Exceptions & Privilege Approvals from internal stakeholders based on business needs, after reviewing the function head's approvals
  • Executed the reviews of user access and privilege accounts
  • Performed the Control Assessments and End User Computing device reviews
  • Involved in Multiple Security Operation Center activities through the below tools
  • Supported during external ISMS and SOC 2 Audits
  • Tools: SEPM, McAfee EPO, Kaspersky Endpoint Security, BigFix, PaloAlto, Tenable - Nessus, Active Directory, and Office365 Admin Tools

Security Engineer

Indmax IT Services
Hyderabad
06.2016 - 09.2017
  • Customer 1: Healthcare - ISMS - GRC and HIPAA
  • Conducted Information Security Internal Audits for Healthcare accounts
  • Provided Information Security and HIPAA trainings and conducted assessments
  • Customer 2: Supply Chain Management - Identity Access Management
  • Access Provisioning to new hires for the set of customer applications
  • Access De-Provisioning of customer applications from employees, once they exit
  • Access reviews and changing of privileges to employees based on role change
  • Tools: SailPoint - IAM Tool and Active Directory

Information Security Consultant

CyberQ Consulting
New Delhi
10.2014 - 08.2015
  • Provided Security & Compliance services to Public Sector Unit customers by managing the Security posture through ISO 27001 ISMS - GRC activities
  • Supported in transition from ISO 27001: 2005 to ISO 27001: 2013
  • Conducted Information Security Audits Internal Audits at an organizational level
  • Performed Risk Assessment and Vulnerability Scans for all assets
  • Provided Information Security and Phishing trainings and conducted assessments
  • Shared the Metrics to management monthly
  • Supported during ISMS External audit
  • Tools: Tenable - Nessus, MBSA, and VirusTotal

IT Process Analyst - Freelancer

Netzion Tech Solutions
Hyderabad
12.2010 - 12.2011
  • Managed System & Network Administration activities for a start-up company
  • Tools: BigFix and Internal ticketing tool

Education

Master of Technology - Computer Networks and Information Security

MVGR College of Engineering
Vizianagaram
02.2014

Bachelor of Technology - Computer Science and Engineering

Sri Sai Aditya Institute of Science And Technology
Kakinada
04.2010

HSC - MPC

Sri Chaitanya Junior College
Visakhapatnam
03.2006

SSC - Mathematics

Nalanda Talent School
Visakhapatnam
04.2004

Skills

  • ISMS - GRC
  • ISO 27001: 2013
  • ISO 27001: 2022
  • ISO 27701/PIMS
  • ISO 22301/BCMS
  • NIST CSF v 20
  • NIST 800-53 Rev 5
  • HIPAA/HITECH
  • Cloud Assessments
  • CSA Star CCM v40
  • SOC 1 and SOC 2
  • ITGC and ITAC
  • Governance
  • Risk Management
  • Compliance
  • Security audits
  • IT Audits
  • Control Assessments
  • Security Reviews
  • Security Awareness
  • Training and Assessments
  • Third-Party Risk Management
  • Vendor Assessments
  • Incident Management
  • Stakeholder management
  • Security Metrics
  • Management Review Meetings
  • Client due diligence - RFI, RFP, RFQ, RFC
  • Documentation - Policies, Process Documents, SOPs, Checklists, and Reports

Certification

  • ISO/ IEC 27001:2013 ISMS Lead Auditor: BSI
  • Certified Ethical Hacker Version 7: EC-Council
  • CCNA - Routing and Switching: NIIT - Cisco
  • Attended the latest ISO/IEC 27001:2022 ISMS Standard Transition Training: Future Calls
  • ISO/ IEC 42001 AIMS Lead Implementer: Secura CyberTech Pvt Ltd
  • Archer GRC Admin training: Secura CyberTech Pvt Ltd
  • CISM and AWS Security Specialist: Udemy

Languages

Telugu
First Language
Hindi
Intermediate (B1)
B1
English
Advanced (C1)
C1

Timeline

Information Security Engineering Consultant

Optum
02.2024 - Current

Senior Consultant (Security Lead)

Capgemini
05.2022 - 02.2024

Associate Manager - Compliance

HCL Technologies
04.2021 - 12.2021

Lead - Information Security and Compliance

AGSHealth
10.2017 - 03.2021

Security Engineer

Indmax IT Services
06.2016 - 09.2017

Information Security Consultant

CyberQ Consulting
10.2014 - 08.2015

IT Process Analyst - Freelancer

Netzion Tech Solutions
12.2010 - 12.2011

Master of Technology - Computer Networks and Information Security

MVGR College of Engineering

Bachelor of Technology - Computer Science and Engineering

Sri Sai Aditya Institute of Science And Technology

HSC - MPC

Sri Chaitanya Junior College

SSC - Mathematics

Nalanda Talent School

Similar Profiles

  • Tracey McAllister

    Tracey McAllisterTracey McAllister

    Sr UX UI Engineer - Product Manager at OptumSr UX UI Engineer - Product Manager at Optum

    View Profile
  • MANJUNATH HUNACHIKATTI

    MANJUNATH HUNACHIKATTIMANJUNATH HUNACHIKATTI

    Associate Medical Coder at OptumAssociate Medical Coder at Optum

    View Profile
  • MRIDHULA KALLIVALAPPIL

    MRIDHULA KALLIVALAPPILMRIDHULA KALLIVALAPPIL

    Medical Coding Analyst at OptumMedical Coding Analyst at Optum

    View Profile
Krishna Chaitanya Karri