Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Raja Harsha Chatradhi

Hyderabad

Summary

Information Security and Business Continuity Professional with over 5+ years of diverse, progressive experience in TPRM process optimization, vendor security reviews, and risk mitigation. Good knowledge of governance risk and controls implementation related to various industry standards/compliances. Self-motivated individual with a solid understanding of compliances, such as ISO 2700 and ISO22301. Full understanding of the Federal Risk and Authorization Management Program FEDRAMP, Federal Information Security Management Act (FISMA), Health Insurance Probability and Accountability ACT (HIPAA) and Payment Card Industry Data Security Standard (PCI-DSS). Possess knowledge on the Risk Management Framework (RMF) process and the System Development Life Cycle (SDLC). Personal objectives are to protect the information system by using acquired skills acquired to help achieve the Enterprise-wide goal to maintain Confidentiality, Integrity and Availability. TECHNICAL SKILLS & TOOLS Risk Management Framework (RMF) Fed RAMP, OMB, FISMA Vulnerability Scanning Vulnerability Management Regulatory requirements such as GDPR, CCPA, HIPAA, ISO 27001,PCI DSS. Security Assessment Plan (SAP) Security Assessment (SAR) Standard Operating Procedures (SOP) Regulatory requirements such as GDPR, CCPA, HIPAA, ISO 27001,PCI DSS. Knowledge of industry leading security frameworks such as NIST, ISO, and COBIT.

Overview

5
5
years of professional experience
1
1
Certification

Work History

Third Party Risk Associate

Price Waterhouse Cooper(PWC)
01.2022 - Current
  • Optimization of Third-Party Risk Management Process (TPRM) to meet Morgan Stanley goals and Industry standards
  • Review vendor intake forms and use cases to ensure appropriate Tier to drive security assessments.
  • Complete inherent risk/ categorization of all newly submitted third parties/vendors
  • Preparation of vendor assessment reports which will include an analysis of the business profiling questionnaire and due diligence questionnaire of the vendor, review supporting documentation, performing a research on the operations and other relevant information about the vendor/supplier.
  • Review vendor security questionnaires (SIG) and supporting evidences to evaluate vendor security posture.
  • Work with vendor relationship manager to resolve vendor related issues especially on non-responsive vendors and vendors’ refusal to provide evidence for assessment.
  • Review SOC 2 Type 2, scans results, Penetration tests results, policies in order to identify vulnerabilities and gaps in vendors' environments.
  • Identify and evaluate vendor’s risks findings, request mitigation summary of all Critical and High severity findings, track Risk treatment plans, and make recommendations
  • Good mastery in reviewing independent auditor reports like ISO 27001, ISO 22301 ,SOC1, SOC2, HITRUST and PCI DSS to ensure reports are in scope and valid
  • Communicate vendor security issues to stakeholders, ensuring good understanding of associated risks and actions needed to remediate those risks
  • Document and assign all identified risk to specified risk owners and update risk register on remediation status
  • Review and maintain policies and procedures to make sure it aligns with organization standards
  • Assist in reviewing internal security controls to ensure organizations meet and maintain compliances
  • Conduct internal security controls review, and drive corrective action plans related to Information security ,Business Continuity and Cloud auditing assessments


Senior Associate

Dtwelve Spaces Private Limited
02.2020 - 01.2022
  • Conducted categorization/scoping of new vendors/suppliers
  • Performed third party security risk assessments for all new vendors and reassessment for existing vendors
  • Assessed vendors VSQs/SIG responses and supporting documentation to validate vendor appropriate implementation of information security controls
  • Analyzed vendor evidences such as SOC, Vulnerability Scans and Penetration Test reports to identify gaps or exceptions
  • Planed and executed onsite/virtual risk assessments for third party vendors focusing on compliance with regulations, policies, and internal controls
  • Monitored, and tracked TPRM lifecycle activities (identify, due diligence, risk assessment
  • Reviewed all vendors' correctives plans as part of environment assessments.
  • Communicated with controls owners to mitigate risks identified during internal and external audits activities.
  • Escalated unresolved issues with suppliers to upper management, for problems resolutions.
  • Familiar with ISO 27000 controls mapping and adherence.

Security Associate

Oravel Stays Private Limited
03.2019 - 02.2020
  • Assisted in the implementation of end-to-end vendor risk management processes, including risk assessments, due diligence, and ongoing monitoring.
  • Contributed to the development and execution of risk assessment methodologies to evaluate the security, compliance, and operational risks associated with third-party relationships.
  • Supported cross-functional teams in establishing and enforcing third-party risk management policies and procedures in alignment with industry standards and regulatory requirements.
  • Assisted in the review of third-party contracts, ensuring compliance with organizational risk tolerance and security standards.
  • Participated in the development and maintenance of a comprehensive vendor risk scoring system, aiding in standardized risk measurement and communication.
  • Conducted periodic reviews of vendor risk profiles and reported on key performance indicators (KPIs) related to third-party risk mitigation.

Education

MBA -

IFIM Business School
Bangalore
06.2016

B.Tech -

KL University
Vijayawada
05.2014

Skills

  • Vendor Assessment of Information security and Business continuity
  • Risk Mitigation
  • IT Risk assessment
  • Problem Solving skills
  • Gap analysis
  • ISO 27000
  • ISO 22301
  • Microsoft Office 365
  • User access reviews
  • Change management
  • Cloud audit
  • Patch management

Certification

  • ISO 27001 lead auditor

Timeline

Third Party Risk Associate

Price Waterhouse Cooper(PWC)
01.2022 - Current

Senior Associate

Dtwelve Spaces Private Limited
02.2020 - 01.2022

Security Associate

Oravel Stays Private Limited
03.2019 - 02.2020

MBA -

IFIM Business School

B.Tech -

KL University

Similar Profiles

  • Priya Thevathas

    Priya ThevathasPriya Thevathas

    Associate Personal Assistant Cum Administrator at (PwC) Price Waterhouse CooperAssociate Personal Assistant Cum Administrator at (PwC) Price Waterhouse Cooper

    View Profile
  • Yashasvi Singh

    Yashasvi SinghYashasvi Singh

    Technical Associate at Price Waterhouse CooperTechnical Associate at Price Waterhouse Cooper

    View Profile
  • Kiasia "Ki" Mckoy

    Kiasia "Ki" MckoyKiasia "Ki" Mckoy

    Patient Account Analyst at Price Waterhouse CooperPatient Account Analyst at Price Waterhouse Cooper

    View Profile
Raja Harsha Chatradhi