Summary
Overview
Work History
Education
Skills
Certification
Activities
Languages
Timeline
Receptionist
Madhan Mohan P

Madhan Mohan P

Hyderabad,Telangana

Summary

Experienced Information Security and Compliance Professional with over 12+ years of expertise in information security, audit, risk, compliance, and privacy. Skilled in managing security and datacenter operations, conducting third-party risk assessments, and leading internal corporate audits. Proficient in validating frameworks like ISO 27001 and COBIT5, as well as overseeing SSAE18-SOC1 and SOC2 Type 1 and Type 2 reporting in combination with CSA STAR level 2. Currently serving as a Manager, Security Compliance Customer Trust at Salesforce, managing a team responsible for responding to request for proposals, request for information, and security questionnaires at scale in support of new sales and renewal opportunities annually. In addition to SOC 2 Type 2 Audit management, facilitates customer success by addressing security, privacy, and technology compliance concerns related to the organization's cloud infrastructure and products. Collaborates with the legal team to negotiate MSSA agreements with customers, focusing on information security and privacy clauses.

Overview

12
12
years of professional experience
5
5
Certification

Work History

Manager, Security & Compliance

Salesforce India
04.2019 - Current
  • Manage team responsible for responding to Request for Proposals, Request for Information, and Security Questionnaires at scale in support of new sales and renewal opportunities annually.
  • Maintain deep working knowledge of Salesforce products, underlying infrastructure, and respective security domains.
  • Review security clauses and exhibits as needed to assist legal resources throughout contract negotiations.
  • Manage customer security audits across all industries. Deliver a deep understanding of security policies and procedures while acting as the gateway to present customer facing evidence to corroborate the discussion and drive customer satisfaction around our security posture.
  • Preserve customer trust through CISO and Executive Level engagement on security and compliance thought leadership and posturing related to current events in security, compliance, and threat landscape.
  • Partner with product teams to evangelize security and compliance voice of the customer in support of roadmap prioritization to address security and compliance customer trust gaps.
  • Support executive outreach in response to zero-day vulnerabilities (e.g. Spectre/Meltdown,log4j, Spring4Shell) and security incidents impacting customer facing applications.
  • Implement internal and external tooling to scale customer security assurance programs by creating security artifact playbooks and audit enablement, customer self-service portal to automate distribution of security artifacts, and secure portal to share security policies and documentation.
  • Partner with Security GRC to drive continuous improvement for programs such as issues and exception management, security policy maturity, reporting narrative and control language approval, and management responses for security and compliance certifications and reports (SOC1,SOC2, HiTRUST, PCI-DSS, FedRAMP).
  • Provide feedback internally to Security GRC on Universal Security Control language to ensure changes enhance customer trust
  • Support pre and post sales security calls for enterprise customers to preserve customer trust
  • Encourage cross-selling of additional security and compliance products and services through trust relationship-building and understanding of customer security risk appetite and business needs.
  • Deep understanding of industry-standard security and privacy compliance frameworks | SOX, SOC 2, ISO 27001, PCI-DSS, NIST 800-53, HIPAA, GDPR, CCPA.
  • Write and refresh white papers in support of privacy regulation, SaaS shared responsibility models, disaster recovery, and security overview assurance.
    Scale customer vulnerability assessment programs enabling customers to execute vulnerability assessments against production applications.
  • Validate customer vulnerability findings and curate customer facing responses outlining impact, mitigations, and fix timelines.
  • Drive third party vulnerability assessment scope, review and approve customer facing executive summaries and lead deep dive security calls to review findings with customers.
  • Maintained professional, organized, and safe environment for employees and patrons.
  • Maximised performance by monitoring daily activities and mentoring team members.

Security Delivery Specialist

IBM India Private Ltd
12.2015 - 04.2019
  • Primary responsibility is to establish Security Delivery metrics at Global Delivery Centers
  • Senior lead in performing the initial account transition, transformation and implementing the IBM Security process and procedures
  • Senior auditor in conducting and handling External audits for the projects and organization
  • Defining Policies and Ensuring relevant process/procedures are adopted by the teams
  • Driving the IT Governance in order to address the Gaps and Improvements relevant to organization growth
  • Conducting Internal ISO 27001 Audits and Handling External Audits for the Organizations and projects
  • Addressing Legal and Compliance requirements like vulnerability scans
  • Handling Review's being done for Vulnerability Assessment and Penetrating test
  • Handling RISK Assessment
  • Conducting periodic reviews for Access Management and Asset Management
  • Creating information security content (System of Applicability), Tech Specs and conducting Information Security Training and Awareness Sessions
  • Handling transition and transformation of new clients for new business

Pod Lead

Randstad India
01.2012 - 04.2015
  • Defining Policies and Ensuring relevant process/procedures are adopted by the teams
  • Ensuring corporate & program risk registers up to date with accurate information
  • Identifying Potential Risks: Threats, vulnerabilities and risks that the system might encounter
  • Natural occurrences such as calamities or power outages should be taken into consideration in addition to malware attacks
  • Driving the IT Governance in order to address the Gaps and Improvements relevant to organization growth
  • Conducting Internal ISO 27001 Audits and Handling External Audits for the Organizations and projects
  • Addressing Legal and Compliance requirements like vulnerability scans
  • Handling Review's being done for Vulnerability Assessment
  • Conducting periodic reviews for Access Management and Asset Management
  • Handling RISK Assessment
  • Monitoring of CPU / Memory / Disk (Extend/reduce disk space) threshold / Networking Services

GIS Representative

Kelly Services
11.2010 - 12.2011
  • Planned, directed, and participated in the acquisition, installation, administration, and operation of the City's geographic information system (GIS) and permit system; oversee software release installs and updates for both systems
  • Participated in providing graphic services including preparation, layout, and design of a variety of reports, displays, literature, maps and computer graphics; ensure the accuracy and completeness of digital GIS maps and data files
  • Verified the work of assigned employees for accuracy, proper work methods, techniques and compliance with applicable standards and specifications
  • Coordinated the design and development of user-specific GIS databases and permit types; configure system operational functions; prepare reports as necessary

Education

Bachelor of Technology - Electronics & Communications Technology

Jawaharlal Nehru Technological University
Hyderabad

Bachelor of Law - LAW

Osmania University
Hyderabad

Skills

  • SSAE 18, SOC 1, SOC 2
  • PCI DSS v321
  • Risk management
  • Audit Lifecycle Management
  • General Data Protection Regulation(GDPR)
  • ISO27001/02
  • NIST [CSF, 800-53]
  • Cyber Security Controls Validation (SIG and CAIQ reviews)
  • Business Continuity Planning
  • Vendor Risk Assessments
  • Vulnerability Management
  • SIEM Management
  • Qualys Guard
  • Tenable
  • One Trust

Certification

  • ISO 27001:2013 Lead Auditor IRCA
  • Certified Ethical Hacker V9
  • Qualys Guard (Policy & Compliance, Vulnerability Management)
  • Certified Information Systems Auditor (CISA)
  • Advanced Diploma in Cyber Laws
  • Preparing for CISSP.

Activities

  • Passionate of trekking, enjoy traveling and long drives.
  • Play Badminton, Cricket and Cooking.

Languages

English
Bilingual or Proficient (C2)
Hindi
Bilingual or Proficient (C2)
Telugu
Bilingual or Proficient (C2)

Timeline

Manager, Security & Compliance

Salesforce India
04.2019 - Current

Security Delivery Specialist

IBM India Private Ltd
12.2015 - 04.2019

Pod Lead

Randstad India
01.2012 - 04.2015

GIS Representative

Kelly Services
11.2010 - 12.2011

Bachelor of Technology - Electronics & Communications Technology

Jawaharlal Nehru Technological University

Bachelor of Law - LAW

Osmania University

Similar Profiles

  • Nishanth Gopal

    Nishanth GopalNishanth Gopal

    Senior Manager - Sales Development at Salesforce IndiaSenior Manager - Sales Development at Salesforce India

    View Profile
  • K.Hariharan

    K.Hariharan K.Hariharan null

    Operations Manager at Salesforce IndiaOperations Manager at Salesforce India

    View Profile
  • Uttam Shukla

    Uttam ShuklaUttam Shukla

    Technical Support Engineer at Salesforce IndiaTechnical Support Engineer at Salesforce India

    View Profile
Madhan Mohan P