RIA KARMAKAR
Hyderabad
Summary
Experienced Vendor Risk Manager with 6+ years of hands-on experience in evaluating vendor security, ensuring compliance, and implementing risk assessment frameworks. Proficient in assessing SaaS and Professional services vendors data classification, communication, and automating vendor tracking. Adept at enhancing TPRM practices and driving efficiency through prioritization and automation.
Overview
6
6
years of professional experience
1
1
Certification
Work History
Senior Security Engineer-TPRM
New Relic
Hyderabad
07.2024 - Current
- Led the structuring and formalisation of TPRM processes, ensuring efficient, comprehensive assessments aligned with security and regulatory standards.
- Review vendor-provided security artifacts during procurement, ensuring adherence to robust security protocols and regulatory requirements, facilitating informed decision-making.
- Led the implementation of a risk assessment framework, enabling clear risk representation for employees and partners concerning vendor and tool requests.
- Established a data classification process that maps information sensitivity to risk levels and business use, strengthening risk assessment accuracy.
awareness and compliance with third-party security policies. - Automated tracking systems for monitoring approved and unapproved third-party vendors, enhancing visibility and control over vendor engagements.
- Developed a rigorous prioritization method to streamline the review of critical SaaS implementations, optimizing resource allocation and ensuring secure integrations.
- Review and assessed SOC 1, SOC 2, ISO compliance reports, PCI certifications, and penetration test reports, identifying and documenting associated risks to ensure compliance and mitigate potential vulnerabilities.
- Leverage UpGuard to update and track risks identified in compliance and audit reports, strengthening organisational awareness and response to third-party risks.
- Collaborated closely with the Security Incident Response Team (SIRT) to monitor and follow up on identified CVEs and vulnerabilities, ensuring timely communication with affected vendors and delivering impact resolutions.
- Led follow-ups with vendors to address and resolve security vulnerabilities, mitigating potential risks and reinforcing New Relic’s security posture.
- Direct internal and external communications to improve awareness and compliance with third-party security policies.
Senior Analyst-TPRM
Deloitte
Hyderabad
01.2020 - 07.2024
- Perform Inherent Risk Surveys (IRS) to identify potential risk areas associated with suppliers, followed by detailed analysis of supplier-specific Risk Profiles to get initial insights into the supplier's environment
- Lead the onboarding process for new vendors and initiating comprehensive information security assessments
- Facilitate communication with suppliers by triggering InfoSec questionnaires and conducting meetings to gain insights into their security environment, collaborating closely with supplier managers throughout the assessment process
- Evaluate supplier responses to InfoSec questionnaires, identifying security control deficiencies and opening risk cases for remediation, ensuring alignment with control objectives for data security
- Conduct ongoing information security assessments for critical suppliers to ensure the proper safeguarding of company data, utilizing a risk-based approach tailored to the criticality of data shared and scope of services provided
- Check and validate the supplier's audit and compliance certifications such as ISO 27001, PCI DSS AoC, SOC 2 reports, etc
- Coordinate with suppliers in the aftermath of cyber incidents, conducting post-incident meetings to understand impacts on our business, and facilitating remediation efforts, as necessary
- Review and approve data share requests from business teams, assessing the safety and security implications of sharing data with suppliers
- Provide strategic InfoSec insights to business stakeholders to aid in decision-making regarding supplier selection and data sharing, playing a pivotal role in mitigating risks and enhancing overall information security posture
- Utilize tools for continuous monitoring of supplier's security scores and collaborate with internal cyber operations teams to promptly address and mitigate potential security threats
- Issue critical surveys to suppliers affected by critical vulnerabilities, assessing the impact on their operations and collaborating with internal cyber operations teams to address potential risks
- Facilitate post-cyber incident coordination with suppliers, conducting impact assessments on our business and guiding remediation efforts as needed
Analyst
Synchrony
Hyderabad
01.2019 - 01.2020
- Assess vendor-provided security artifacts during the procurement process to ensure alignment with robust security practices and regulatory requirements
- Spearhead the implementation of a third-party risk assessment framework to communicate risks associated with vendor and tool requests to employees and partners
- Align data classification with risk levels and business needs for effective risk management
- Facilitate internal and external communication channels to streamline collaboration and information sharing
- Implement automated systems for tracking both approved and unapproved third-party vendors in operation
- Collaborating with different teams and working forward to raise the standard as well as maintaining positive work atmosphere
- Analyse incomplete items for exception by evaluating potential risks and customer service implementation
Education
Graduate Certificate -
NIFT
Hyderabad, India08.2018
Skills
- Vendor Risk Assessment
- Compliance Management
- SaaS Applications Security
- SOC1, SOC2 and ISO
- HIPPA, PCI, NIST, DORA, GDPR Regulations
- Strategic Thinking
- Mitigation Strategies
Certification
- Pursuing CISA
Awards
- Applause Awards - x3 (Second highest performance recognition - Deloitte)
- Sport Awards - x3 (Third highest performance recognition - Deloitte)
- DG2 USI Liaison - Deloitte Global Network
- Star performer of the month - March and June 2019 - Synchrony
- Awarded as Role Model in training tenure as well as consecutively thrice by the Vice President - Synchrony
- Awarded Synchrony Stars for Process Improvement by engaging and commingling with different Portfolios - Synchrony
Languages
- English
- Hindi
Timeline
Senior Security Engineer-TPRM
New Relic
07.2024 - Current
Senior Analyst-TPRM
Deloitte
01.2020 - 07.2024
Analyst
Synchrony
01.2019 - 01.2020
Graduate Certificate -
NIFT
Similar Profiles
Chessjuan MonkChessjuan Monk
Recruiter, University & Early Career at New RelicRecruiter, University & Early Career at New Relic
Mehdi KhellasMehdi Khellas
Strategic Account Executive at New RelicStrategic Account Executive at New Relic
Muhammad Immad UddinMuhammad Immad Uddin
Senior Software Engineer (Remote) at New RelicSenior Software Engineer (Remote) at New Relic
Prathyusha DasikaPrathyusha Dasika
Inside Sales Representative - EMEA at New RelicInside Sales Representative - EMEA at New Relic
V V V SATYA NAVEENV V V SATYA NAVEEN
SAP Basis Consultant at Tata Consultancy ServicesSAP Basis Consultant at Tata Consultancy Services