MadhuLatha Vemula

Project: Global Cyber Security Function

Description:

• Responsible for firm-wide objectives focused on enhancing data protection, standardizing and securing critical infrastructure, and improving cyber visibility through Security Operations Centers (SOCs)
• Conducted third-party risk assessments, managed Vendor Risk Assessment (VRA) framework, and drove its enhancement to meet evolving cyber security needs
• Led efforts to ensure compliance with cyber security standards and best practices across the firm and its partners.

Roles and Responsibilities:

• Conducted and oversaw thorough vendor risk assessments, collaborating with internal stakeholders to effectively manage and mitigate risks.
• Prepared and completed risk assessments to ensure compliance and readiness during policy, regulatory, and accreditation audit preparations.
• Managed the maintenance and administration of the Vendor Risk Assessment (VRA) platform, ensuring its seamless operation and utility
• Collaborated with business units, procurement, and other stakeholders to ensure a holistic approach in understanding and implementing Vendor Risk Management (VRM) requirements.
• Ensured thorough follow-up reporting and monitoring for effective resolution of risks.
• Accelerated continuous improvements in vendor risk management by updating and refining procedures.
• Stay current with the latest developments in vendor risk management for industry awareness and to incorporate best practices and emerging trends.
• Enhanced operational risk management by raising awareness of potential risks associated with vendor failures or poor performance, and collaborating with Strategic Sourcing, Legal, and Business units to mitigate losses through effective contract management and vendor compensation.

Project: Third Party Operational Risk Management

Description:

• Collaborated with US States team to ensure seamless Life Cycle Management of Third Party Risk Assessments utilizing the GRC tool
• Managed end-to-end Third Party Risk Assessment process including - Engagement profile, IRQ(Inherent Risk Questionnaire), Due diligence, Contract execution, Monitoring oversight & Closure.

Roles and Responsibilities:

• Initiated relevant risk assessments, including Information Security, Business Continuity, Third Party provider, Vulnerability assessments, Background Check, and Exit Strategy, coordinating with respective Enterprise teams for completion.
• Performed Quality Assurance (QA) reviews on GRC Tool records and ensured compliance with Third Party Service Provider (TPSP) policy requirements.
• Tracked and notified TPSPs on identified vulnerabilities, ensuring timely remediation.
• Provided process improvement suggestions to enhance the efficiency of the Third Party Risk program.
• Monitored vendor alerts from Google Alerts for moderate and high-risk TPSPs.
• Liaised with Compliance Consultants, Information Security Officers, Anti-Bribery & Corruption (AB&C), and other relevant teams for assistance and approvals as required.

Project: Vendor Risk Management.

Description:

• Evaluating the risk of third-party suppliers processing, storing, transmitting, or accessing client information was a key responsibility in managing the Vendor Risk Assessment process.

Roles and Responsibilities:

• Classified vendors based on scorecard reviews using client tier system.
• Conducted supplier assessments in alignment with ISO 27001 standards.
• Performed initial reviews of vendor-submitted reports, including PCI, ISO, SOC, ISAE 3402, and Information Security policies and procedures.
• Contributed to the creation of a Vulnerability, Risk & Impact (VRI) database to aid in assessments.
• Assisted in developing customized self-assessment questionnaires tailored to specific services provided.
• Risk-rated and finalized identified gaps using the risk management framework.
• Delivered final assessment briefings to business stakeholders.
• Conducted quality checks on Risk Assessments
• Maintained end-to-end status tracking and report generation using the GRC (Governance Risk and Compliance) tool.