Summary
Overview
Certification
Work History
Education
Skills
Timeline
Hi, I’m

Gandham Phani Srinivasan

Information Security GRCP And Product Management
Hyderabad

Summary

  • 13 Plus Years of experience with Information Security- Governance, Risk, Compliance and Privacy, with 6 years into Product Security SAAS solutions, including product roadmap development to deployment.
  • Demonstrated expertise in establishing ,implementing and managing large information security programs : NIST800-53, NIST CSF, NIST Privacy Framework, HIPAA ,GDPR ,ISO27001 ISMS,SOC 1/2).
  • Drove measurable changes in organizations,systems and processes.

Overview

13
years of professional experience
12
Certifications

Certification

Azure :Microsoft Certified: Security, Compliance, and Identity Fundamentals

Work History

NTT DATA
Hyderabad

Systems Integration Specialist Advisor
07.2021 - Current

Job overview

Associate Director - Security and compliance officer

Security and Compliance responsibilities

  • Lead information security governance functions including strategic planning and roadmap for evolution information security program, whilst governing DevOps teams ( SIEM, VA/VM Teams, Infra and application monitoring, Incident monitoring ) and Software Development teams.
  • Maintaining a registry of regulatory requirements across the organization business units that need to be complied with in alignment to the organization's control framework.
  • Managing all audit functions ( internal , external &Customer)
  • Managing Privacy operations. ( DPIA, Data inventories, Product Privacy)
  • Conducting Cloud Migration and Audits.
  • Delivering security training and education to technical staff within findings and acts as internal security consultant to advise or influence business or technical partners

Product Security responsibilities:

  • Identifying all relevant regulations for product and translate them into features.
  • Influenced roadmaps for products, channels, programs and projects by assigning Security User Stories .
  • Working closely with engineering teams, support product roadmaps/solutions and provide security support for wider core products.
  • Define feature specs to clearly map out customer problems with feature requirement.
  • Monitor progress of product/feature throughout development lifecycle, identifying risks and opportunities, keeping key stakeholders informed

Achievements

Streamlined processes :

Audit Function

DevOps Activities (Vulnerability Management, Incident management)

Risk Management


Zenoti India Private Limited
Hyderabad

Manager Compliance and Information Security
01.2021 - 07.2021

Job overview


  • Worked to align advanced technologies and Privacy by Design principles from the first stages of development and ensure that the data use meets established regulatory compliance needs.
  • Collaborated with data product development teams creating new uses of data that employ privacy features.
  • Analyzed, design and program software enhancements for new data streams with a goal of developing technical solutions and systems to help mitigate privacy vulnerabilities and prevent potential future privacy risks.
  • Interfaced with usability team to ensure user-facing privacy controls are usable
  • Used data anonymization, pseudonimization and encryption to develop systems that preserve and improve privacy protections.
  • Guided the development of new privacy products and features.
  • Drafted DPIA , Data Inventories, PDAM's, DPA .SCC.


Salesforce
Hyderabad

Manager Security and Compliance
05.2019 - 12.2020

Job overview

Technical Lead and SME.

  • Support pre-sales and post-sales teams in responding to customer risk and security and privacy assessments.
  • Liaison with Salesforce customers addressing their security and compliance requirements and facilitating customer audits.
  • Serving as Adviser on Security customer success Team, part my day-to-day operations focused on participating and managing Cybersecurity, IT Risk Management, and Regulatory Compliance

Product Security Responsibilities

  • Interface with Product Management and Security teams to ensure all latest security features and capabilities are properly represented in customer responses
  • Gather customer security/compliance requests, and liaison with Salesforce product managers to maintain security product roadmap
  • Provide input and assist in developing compliance-related documentation: white papers, standard questionnaires, security best practices, etc.

Deloitte Risk And Financial Advisory
Hyderabad

Lead Solution Advisor/ Assistant Manager Privacy
07.2018 - 05.2019

Job overview

Handled two different roles with in Deloitte.

Lead Solution Advisor TPRM ( Cyber risk and advisory, Multiple Projects)

TPRM Project :

  • Defining third party risk management onboarding and offboarding process for clients on various types of TPRM methodologies.
  • Creating and tailoring TPRM questionnaire based on clients requirements.( CSA CAIQ, SIG , ISO , NIST , GDPR , HIPAA)

Assistant Manager Privacy ( Global Talent office Deloitte)

  • Provide advisory and consultative support to Business Process Owners (BPO’s) and Privacy Coordinators (PC’s) for data privacy related questions, activities and projects across Business Unit and their supporting technologies.

Accenture
Hyderabad

Assistant Manager Operations
07.2017 - 07.2018

Job overview

Microsoft Client

Tool/Application Assessment: Security, Privacy and Compliance: -

  • Designed, implemented and conducted, tools and application assessments program for Microsoft CSS.

Controls Testing and Reviews

  • Governed end to end delivery of internal Controls Testing and audit preparedness for various frameworks. ( ISO 27001 , 27018, NIST 800 171)


Adecco Indian Pvt Ltd (Client IBM)
Hyderabad

Security Consultant (Contractor)
12.2015 - 06.2016

Job overview

Client: ABB(through IBM) - Risk & Remediation Program

  • Control monitoring and remediation
  • Vulnerability Management


International Institute Of Information Technology
Hyderabad

Assistant System Admin
01.2013 - 10.2015

Job overview

Assistant system admin February 2015 – October 2015

  • ISO 27001:2013 , implementation (end to end) for IIIT information systems.
  • Digitization of infrastructure with open source technologies.

Internship in Information security January 2013 - January 2015

Internship in information security under CISO.

  • Network Vulnerability assessment and penetration testing.
  • Open Source tools implementation.

Telenox Technologies Pvt Ltd
Hyderabad

Associate Information Security Analyst
06.2007 - 07.2009

Job overview

Responsibilities :

SIEM monitoring

Network monitoring and Scanning ,

Incident management .

Education

University of Hyderabad
Hyderabad

PG Diploma from Cyber And IPR Law
04.2017 - 04.2018

Blekinge Institute Of Technology
Sweden

Independent Course Work from Computer Networking And Telecommunications
09.2009 - 02.2012

JNTU
Hyderabad

B-Tech from Electrical And Electronics Engineering
09.2003 - 11.2008

Skills

    Information Security Governance Risk and Compliance

undefined

Timeline

Azure :Microsoft Certified: Security, Compliance, and Identity Fundamentals

01-2023

Fellow of Information Privacy (FIP) -IAPP

02-2022

Certified Information Privacy Manager (CIPM), IAPP

12-2021

Certified Information Privacy Professional (CIPP)/Europe , IAPP

12-2021

Systems Integration Specialist Advisor

NTT DATA
07.2021 - Current

Manager Compliance and Information Security

Zenoti India Private Limited
01.2021 - 07.2021

Certified SAFe® 5 Product Owner/Product Manager

10-2020

AWS Security Specialist / AWS Cloud Practitioner Specialist

05-2020

Certified Data Privacy Solutions Engineer

05-2020

SO/IEC 27701:2019 Certified Lead Implementer Professional

01-2020

Manager Security and Compliance

Salesforce
05.2019 - 12.2020

Lead Solution Advisor/ Assistant Manager Privacy

Deloitte Risk And Financial Advisory
07.2018 - 05.2019

Certified Information Security Manager (CISM)

02-2018

Assistant Manager Operations

Accenture
07.2017 - 07.2018

IASSC Certified Black Belt

05-2017

University of Hyderabad

PG Diploma from Cyber And IPR Law
04.2017 - 04.2018

TOGAF 9.1 Foundation

08-2016

Security Consultant (Contractor)

Adecco Indian Pvt Ltd (Client IBM)
12.2015 - 06.2016

ISO 27001 / 22301 LI

10-2015

Assistant System Admin

International Institute Of Information Technology
01.2013 - 10.2015

Blekinge Institute Of Technology

Independent Course Work from Computer Networking And Telecommunications
09.2009 - 02.2012

Associate Information Security Analyst

Telenox Technologies Pvt Ltd
06.2007 - 07.2009

JNTU

B-Tech from Electrical And Electronics Engineering
09.2003 - 11.2008
Gandham Phani SrinivasanInformation Security GRCP And Product Management