Ramya E

• 8+ years of Industry experience in the area of Information Security Management Systems, Data Privacy, Business Continuity Management Systems, and IT Service Management
• My role involves in establishing a robust Information/Cyber Security Management framework, managing risks, and implementing effective security measures
• Develop a complete understanding of an organization’s security and privacy postures, and their current maturity level and enhance that level through establishing or re-engineering their ISMS and PIMS
• This is done based on the proven 7-step transformation methodology
• ( 7 steps) as per Global standards and frameworks,( ISO 27001:2022, iso 27701, 2019, NIST-csf, ISO 31000, SOC2 etc.)
• Expertise in GDPR, SSAE -18, Information Technology Risk Assessment, Risk Treatment Planning, Implementation of ITSM & ISMS controls (based on ISO 27001), Internal Auditing & ISO certification assistance
• Responsible for consulting clients in achieving business objectives through model-based solutions (based on ISO 22301, GDPR, ISO 20000, ISO 27000 etc.)
• I have consulted almost 25+ Organizations on ISO 27001, GDPR, COBIT & ITIL Well adapted to Tool capabilities such as Sprinto and ITGRC module of Servicenow Tool
• Have experience in end-to-end consulting solutions for Organizations in their Data privacy, ISMS, BCMS & ITSM setup, inclusive of the following activities such as Risk Assessment & Risk Treatment Planning, PII, DPIA GDPR, BCMS, andITSM & ISMS Awareness Training and Implementation Coordination
• Cyber Security Management system Transformation ( CSMS ) Establishment of CSMS & benchmarking it vis a vis global standards (ISO 27001:2022) in 7 step implementation approach (

i.Context Setting, ii. Risk Assessment , iii. GAp Assessment , iv. Documentation v. Implementation vi.Internal Audit Certification, and Closure )

Maintenance ( Control Testing)

Organization Layer( Hub)

• Development of Information Security & Data Privacy related statutory, regulatory, Legal and contractual compliance points repository
• Information Security & Data Privacy Context Setting & ISMS, PIMS objectives re-definition
• Organization-wide Risk Assessment & Risk Treatment Planning (RA-RTP).
• Organization-wide Risk treatment coordination.
• Coordination of org-wide central monthly information security compliance reporting & review.
• Review & improvement of Information security & data privacy processes.
• ISMS & PIMS Internal Audit + Annual ISO 27001, ISO 27701 & GDPR surveillance audits coordination.
• Non-conformance corrective actions coordination (external + internal)
• Security & privacy awareness training for new joiners & existing employees.

Client/Project Layer ( Spokes)

• Client engagements specific Information security & data privacy risk assessment & contract compliance review + Correction coordination.
• Project-specific ISMS & PIMS internal audits & non-conformances closure assistance.
• Update of existing documentation to Incorporate.
• Client expectations, as agreed Client-specific Information Security & Data privacy questionnaire response
• Representing your Organization in Client-specific Information security & data privacy compliance meetings

• Lead the function to ensure security and operational compliance
• Continuous assessment of current Information Governance and IT security practices
• Providing reports to the organization and relevant authorities
• Ensured risks were effectively captured and managed within the IT function
• Cyber Security: Managed and oversaw the implementation of the IT security strategy
• Oversee incident response planning and investigate/report security incidents
• Conduct regular information security audits and access control checks
• Identify changing threat models and vulnerabilities, and implement risk-based responses
• Manage GDPR compliance and ensure certification of ISO 27001
• Information Governance: Managed the daily operation of the Information Governance function
• Managed Information Requests and manage operational obligations under GDPR Ensure compliance with legislative requirements, including GDPR and other relevant laws
• Manage and maintain a 3rd party register for data-sharing agreements
• Minimize the risk of fines through adherence to legislative guidelines.

• Evaluating IT general and application controls and conducting regulatory audits
• Assessing company network and security and providing IT controls guidance
• Defining objectives, prioritization, schedule, timeliness, and scope for IT audit
• Resolving issues and risks about the audits and recommending necessary actions to the management
• Part of Test of Design (TOD) and individually handled Test of Effectiveness (TOE)
• Good experience on ITGC Domains like Access Management (AM), Change Management (CM), Incident Management (IM) & IT Operations
• Conducting in-process reviews, validation, and/or audits of project, task, or work products
• Continuously provides improvement recommendations to CM, Developer, tester, and Dispatcher
• Worked on controls like User Provisioning, Deprovisioning, Password Parameters, User Access Reviews (UAR), and High Privileged Access (HPA)
• Advising the project managers and configuration managers on the project/task CM requirements
• Coordinating and responding to External audit requests
• Having very good knowledge on ITIL practices like Incident Management, Change and problem management
• Assisted with the planning, conducted data analytics, and performed SOX IT general control testing
• Documented audit process and steps performed, including audit results, and recommendations
• Prepared audit reports and submitted audit findings to management
• Compiled and analyzed complex technical data, and draw logical conclusions
• Analyzed and drafted IT controls and policies
• Planned and executed internal audit procedures following clients' audit plans Marking the observations for the change management, user access reviews and escalating to managers based on the justifications provided
• Well versed in handling client calls and explaining them about the query tracker and take necessary evidences also provide justification where and when required
• Knowledge on SOC Report
• Closely monitoring the SLA
• Need to evaluate the mandatory requirements before releasing the packages
• Facilitates Weekly Meeting and update change status.

• Monitoring and analysis of events generated by various security appliances and network device like Firewalls, Proxy servers, AV, IPS/IDS, load balancer’s databases, System Applications, Cloud (Amazon, Azure, and Google) Windows and Linux servers, etc..
• Worked as Security Analyst for SOC 24
• 7 environments
• Security Incident Response: Responsible for monitoring security alerts
• Analysis of logs generated by appliances, investigation, and assessment on whether the incident is false positive or True positive
• Use SIEM tools (Q Radar and Splunk) to detect possible signs of security breaches and perform a detailed investigation to confirm a successful breach
• Perform root cause analysis (RCA) and appropriately handle the incident as per the defined Incident Management Framework
• Hands-on working experience with raw log in multiple ways like Static and dynamic analysis Working experience with Cyber kill chain process by using MITRE ATT&CK framework Make the documentation of RCA(root cause analysis) for MTTD, MTTR, and MTTI
• Knowledge sharing sessions with the team members whenever complex incident issues are raised and also lessons learned from other team members.