Ragipani Pavan
Summary
Dynamic Information Security Analyst with proven expertise at Nano Tech E Services PVT LTD in third-party risk management and ISO 27001:2013 compliance. Successfully led risk assessments and internal audits, enhancing organizational security posture. Adept at collaborating with cross-functional teams, driving impactful ISMS initiatives, and fostering a culture of compliance and awareness.
Overview
2
2
years of professional experience
Work History
Information Security Analyst
Nano Tech E Services PVT LTD
06.2023 - Current
- Coordinated with vendors during security assessments to explain control requirements and clearly articulate associated risks and business impact.
- Conducted risk rating and aggregation to classify vendors as low, medium, or high risk.
- Led the non-remediation process for scenarios lacking effective controls, ensuring business risk acceptance, and obtaining required stakeholder approvals.
- Managed and documented exception processes for delayed control implementations, including tracking timelines and maintaining evidence of formal approvals.
- Assessed and validated compensatory or mitigating controls when exact control requirements could not be met, enabling risk downgrading when applicable.
- Conduct risk assessment in compliance with TPRM policy.
- Ownership of identifying risks, driving, and monitoring the risk mitigating actions.
- Maintained comprehensive records of remediation, exception, and non-remediation activities to support audit read lines and enhance risk tracking and reporting.
- Establishing, implementing, and operating of ISMS and systems compliance programs.
- Monitoring, reviewing, maintaining and continual improvement of ISMS and Compliance requirements and reporting to management.
- Act as a subject matter expert for ISMS, Compliance standards.
- Involving on the organization-wide ISMS initiatives and security awareness programs.
- To plan and conduct Risk& Compliance awareness test to employees at 6-month interval.
- To plan and ensure ISMS/Compliance internal audits are carried out at 6-month interval.
- Coordinate with Vendors/consultants for audits and certifications based on requirements.
- To interact with cross functional teams (Sr. Managers/Head of Debts.) around audit observations.
- Co-ordinate with HR and Ops on the ISMS, HIPAA, and compliance related awareness training requirement.
- BCP/DR (ensure BCP/DR is in place; perform drill tests, reporting etc.)
- To work in close coordination with entire IT, HR, and Admin team for DR requirements.
- Performing ISO 27001:2013 audits (ISMS).
- Performing Third-party risk management.
- Performing internal audits in the organization for all the departments (Admin, IT, HR, Operations and Training teams) as per ISMS standard and implementation.
- Preparing dashboard report on internal audit findings and representing to the management.
- Ensuring the entire NC is closed as per TAT with corrective actions.
- Interacting with external auditors during the audit process and front -ending the audit.
- Participate in SOC1, SOC2, and HIPAA audits.
- Suggested new policies in DLP.
Education
Bachelor's -
Bharat Institute of engineering and technology
Class XII - state board
Narayana Junior College
Class X - SSC
Vivekananda High school
Skills
- Third-party risk management
- Risk management
- ISO 27001 : 2013
- Internal auditing
- Risk assessment
- ISMS implementation
- PCIDSS
- HIPPA
Professional Summary
- Having two years of experience in managing information security management systems and third-party risk management (TPRM)
- Having sound knowledge of security certifications and standards such as ISO 27001, PCI DSS, and SOC
- Having strong verbal, written communication, and analytical skills
- Performing third-party risk management
- Performed comprehensive vendor profile evaluations covering service type, sensitive data handled (e.g., account activity, address, DOB), data volume processed, cloud usage, IT application involvement, and subcontractor dependencies
- Engaged with vendors to clearly communicate control requirements, associated risks, and regulatory impacts
- Provided guidance and support to vendors in implementing required security controls by explaining expectations and addressing queries
- Assessed and validated compensating or mitigating controls where standard controls could not be implemented, supporting risk downgrading decisions
- Collaborated with business stakeholders to handle non-remediation scenarios, ensuring proper documentation and formal risk acceptance when controls were not workable
- Managed the exception handling process by documenting justification for delayed remediation's, tracking deadlines, and obtaining formal business approvals
- Responsible for triggering risk assessments such as IRA (Inherent Risk Assessment) and RRA (Residual Risk Assessment), which are pre-contracting and post-contracting assessments
- Performing risk assessments by sending questionnaires to the vendors
- Coordinating with vendors and vendor managers, helping them understand risk assessments and platforms
- Regular follow-ups with suppliers and vendor managers for onshore to get the information needed, and to complete the assessment
- Ability to manage compliance audits such as ISO 27001 and SOC
- Can manage and enhance the entire supporting documentation
- Monitoring and ensuring organization-wide compliance with the ISO 27001 standard and other best practices
- Performing regular internal audits to identify potential gaps and work toward closure
- Conducting training sessions for internal employees, raising awareness around information security best practices and risks associated
- Preparing the audit plan and conducting periodic internal audits, as defined, and client-specific assessments as needed
- Conduct internal audits and external audits for the organization
- Coordinating and following up with internal stakeholders to close all audit findings within the period, preparing root cause analysis for audit findings
- Analyzing the incident and ensuring that it is resolved according to the timelines
- knowledge of PCI DSS and HIPAA
Declaration
- I hereby declare that the above-mentioned information is correct to my knowledge, and I bear the responsibility for the correctness of the abovementioned particulars
Timeline
Information Security Analyst
Nano Tech E Services PVT LTD
06.2023 - Current
Bachelor's -
Bharat Institute of engineering and technology
Class XII - state board
Narayana Junior College
Class X - SSC
Vivekananda High school
Similar Profiles
HIMANSHU SHUKLAHIMANSHU SHUKLA
R&D Executive at Nano Tech Chemical BrothersR&D Executive at Nano Tech Chemical Brothers
ALISHBA FATMIALISHBA FATMI
Student Researcher at Motorla Nano Tech Lab, FIUStudent Researcher at Motorla Nano Tech Lab, FIU
Shweta SinghShweta Singh
Support Engineer-IT at I-Telemetry Technologies Pvt. Ltd. (Subsidiary of Aaxis Nano Technologies Pvt. Ltd.)Support Engineer-IT at I-Telemetry Technologies Pvt. Ltd. (Subsidiary of Aaxis Nano Technologies Pvt. Ltd.)
TARIQ IQBAL SIDDIQUITARIQ IQBAL SIDDIQUI
Information Systems Analyst /Information Security Analyst at Ministry of Interior (MOI)Information Systems Analyst /Information Security Analyst at Ministry of Interior (MOI)
Sugen VinayagamurthySugen Vinayagamurthy
Information Security Analyst/ Governance, Risk and Compliance (GRC) Analyst at THE SALVATION ARMY CANADA (THQ)Information Security Analyst/ Governance, Risk and Compliance (GRC) Analyst at THE SALVATION ARMY CANADA (THQ)