Summary
Overview
Work History
Education
Skills
Certification
Timeline
background-images

MUNTHA SIVA KUMAR

Summary

Experienced Information Security Analyst with a strong foundation in ISO 27001:2022 auditing, third-party risk management, and GRC frameworks. Passionate about enabling secure business operations through proactive risk identification, process improvement, and collaborative security governance. Seeking to leverage my technical expertise and audit proficiency to support an organization's mission of achieving compliance, reducing risk, and fostering a strong security culture.

Over 3 Years of experience as an Information Security Analyst, well experienced in implementing the information security controls and audit policies at Enterprise level. Experienced in supporting internal and external audits within Information Security. Experienced in facilitating audit interviews, collecting evidences and labeling them according to the audit requirements. Hands on experience in ISO 27001 audits and other IT audits. Have a strong knowledge on Third Party risk Assessment process. Experienced in maintains the Statement of Applicability (SOA), ISMS controls mapping to risk register, and develop continuous monitoring procedures. Helping Team in Preparing the Standard operating procedure (SOP). Information security professional well-versed in protecting organizational data and ensuring compliance with industry standards. Known for proactive risk assessment and efficient security solutions. Strong focus on team collaboration and adapting to evolving security threats. Proficient in threat analysis and network security. Information security professional with solid expertise in safeguarding data and mitigating risks. Skilled in threat analysis, vulnerability assessment, and incident response. Strong focus on team collaboration and results, adapting seamlessly to changing needs. Known for reliability and strategic approach to maintaining robust security measures.

Overview

3
3
years of professional experience
1
1
Certification

Work History

Information Security Analyst

SIGMA SOFTWARE SOLUTION
01.2022 - Current
  • Company Overview: ISO 27001:2022 Lead Auditor. Certificate No - IGC24S05162P1KEY.
  • Conducted security risk assessments for multiple vendors to evaluate compliance with organizational standards.
  • Performed due diligence checks during vendor onboarding and maintained periodic assessments throughout the vendor lifecycle to monitor ongoing risk.
  • Evaluated vendors for security, compliance, and operational reliability aligned with ISO 27001, SOC 2 and other regulatory bodies.
  • Issued customized security questionnaires based on vendor criticality and risk profile, focusing on key risk domains such as data protection, access controls, and incident response.
  • Analysed inherent and residual risks related to vendor engagements, ensuring risk-based decision making in procurement and partnership processes.
  • Identified security gaps and coordinated with vendors to implement corrective actions and risk mitigation plans within defined timelines.
  • Conducted annual reassessments for critical and high-risk vendors, validating adherence to evolving security and compliance expectations.
  • Maintained comprehensive documentation of assessments, findings, and remediation efforts to support audit readiness and regulatory reviews.
  • Conducted internal audits in alignment with ISO 27001:2013 standards across multiple business functions.
  • Supported and facilitated external audits, ensuring audit readiness and coordination with stakeholders.
  • Audited key IT processes including Change Management, SDLC, Patch Management, and Incident Management.
  • Conducted regular User Access Reviews and audited logical and physical access controls to ensure proper access management.
  • Identified and documented audit findings, and led efforts to close non-conformities and remediate control gaps.
  • Performed system audits covering user access, privileged accounts, installed software, OS versions, and antivirus status.
  • Ensured strict adherence to ISO 27001 standards and maintained continuous compliance across departments.
  • Delivered high-quality audit outputs under strict timelines and service-level requirements.
  • Managed annual internal compliance audits, tracked status, and delivered comprehensive reports to senior management.
  • Guided governance and audit processes, collaborating with application and business stakeholders to ensure timely remediation and accountability.
  • Reviewed and validated corrective action plans implemented by application owners to address audit findings.
  • Conducted third-party assessments and streamlined vendor onboarding to align with information security policies and minimize business impact.
  • ISO 27001:2022 Lead Auditor. Certificate No - IGC24S05162P1KEY.

Education

Bachelor of Technology - Mechanical

Godavari Institute of Engineering And Technology
Rajahmundry, India
05-2022

Skills

  • ISO 27001:2022 auditing
  • Third-party risk management
  • GRC frameworks
  • User Access Review
  • Change Management
  • Patch Management
  • Incident Management
  • Asset Management
  • BCP&DR
  • Application Review
  • Internal Audits
  • SDLC Audit
  • IT Audit

Certification

ISO 27001:2022 Lead Auditor, IGC24S05162P1

Timeline

Information Security Analyst

SIGMA SOFTWARE SOLUTION
01.2022 - Current

Bachelor of Technology - Mechanical

Godavari Institute of Engineering And Technology
MUNTHA SIVA KUMAR