RAMA KRISHNA YANDRAPU

Information Security Audits & Third-Party Risk Management:

• Expert in conducting ISO 27001 internal audits, external audit facilitation and third-party risk assessment
• Experienced in facilitating audit interviews, collecting evidences and labeling them according to the audit requirements, identifying gaps and logging issues
• Expert in determining applicable policies that need to be pushed on to the supplier
• Experienced in managing internal audit support, external audit and regulatory audit support
• Playing vital role in the audit execution and managing and helping the high-level management in understanding the audit reports the management process (preparation, distribution of audit report)
• Post audit I am the responsible person to help the control owners in full filling the audit non-conformities
• Prepare and execute ISO/IEC 27001:2013 internal audits for Certiview business units create internal audit reports in accordance with ISO/IEC 27001 requirements and reviewing metrics to identify outliers, inefficiencies, and non-standard actions
• Prepare and conduct Security Risk Assessments for Certiview business units with occasional support to vendor assessment team with the vendor selection process; ensuring compliance to vendor contracts.
• Responsible for creating Risk Assessment Reports for the findings; identifying improvement opportunities and providing feedback to senior team members and management; held review meetings for any initiatives or tasks that would alter current processes.
• Built relationships and partnerships with key stakeholders; aligning business needs with processes and practices while monitoring progress and results.
• Recognized and capitalized on improvement opportunities while adapting to competing demands, organizational changes, and new responsibilities.
• Maintain the Statement of Applicability (SOA), ISMS controls mapping to risk register, and develop continuous monitoring procedures.
• Screening Vendor assessment results associated with High Target Assets on defined criteria like contract language and ISO standards and reporting identified gaps and working towards the closure of the issue.
• Responsible for maintaining supplier life cycle details, sharing supplier request form to gather responses from vendors, validating the evidences, identifying gaps and issues, maintaining metrics, follow-up till closure of issues.

Information Security Exception Management:

• Our organization newly adopted exception management process and we have streamlined the entire process by developing the process workflow requirements and leading Service Now team to develop the catalog.
• Preparing standard operating procedures and determining approval matrix.
• Monitoring daily exception queue and mapping security violations with respect to policy and standards also gathering approvals based on the risk rating and maintaining exception tracker.
• Also recording past due action items from Audit or Risk assessment as exceptions for better monitoring.

User Access Certification:

• Responsible for providing logical access control assurance for applications; determining the scope (list of applications) for each quarter based on the application classification, triggering the applications for certification process.
• Collecting the manager decisions and pushing the access management team to remediate.
• Expert in preparing scorecard based on the application criticality, expert in reviewing remediation evidences for each application and preparing everything set for the external and internal audit review.