S. Parthasarathy
Chennai
Summary
To work in a professional organization, take up responsibility; try for collective growth and development, always keeping the goal as the priority and to further my interest in the field of risk management and compliance audit, in Information security and in Security administrator.
Overview
18
18
years of professional experience
Work History
Senior Vendor Cyber Risk Analyst
Thomson Reuters
01.2023 - Current
- Conducting vendor cyber risk assessments for technology suppliers, which also includes machine learning and artificial intelligence.
- Managing cyber security vendor contracts.
- In charge of utilizing PowerBI to create and publish monthly dashboards.
- Charged with finding zero-day vulnerabilities and working with vendors to calculate the impact on the company's operations.
- Added a procedure for issue management to our GRC tool.
- Worked with external auditors to obtain SOC 2 type 2 report for SaaS model applications.
- Involved in Security Architecture reviews for vendors.
Assistant Manager
BNP Paribas ISPL
11.2019 - 01.2023
- Leading Chennai team and training the new hires on third party risk management process.
- Performing third party risk assessments for the suppliers of the bank.
- Handled end to end third party risk management process.
- Performing third party risk assessments based on ISO 27001:2013 standards.
- Information Security Survey questionnaire are sent to the vendors based on their scope and co-ordinate with the vendors for successful completion of the assessment process.
- Report the management team on assessment outcomes and action plans are explained to the vendor and recommend the vendor for gap remediation.
- Conducted third party risk assessments for all new suppliers as well as ongoing due diligence for existing suppliers.
- Involved in Vendor Acceptance committee meetings for Risk Acceptance.
- Responsible to create and present management reports on project outcome.
Assistant Consultant
TCS
04.2016 - 10.2019
- Performed Vendor Risk Assessment for the Suppliers of leading Canadian Banking customer.
- Conducted third party security assessment for all the new suppliers as well as ongoing due diligence for existing suppliers.
- Conducted Vendor Risk Assessment based on SIG and ISO 27001:2013 standards.
- Performed Vendor Risk Assessment based on the different scope of services.
- Engaged Application Security assessment team, Cloud Assessment team, ISOs and business for timely completion of Third Party Security assessments.
- Report on assessment outcomes, risk levels and related corrective actions or recommendations.
- Worked with Vendors and Vendor Relationship Managers to ensure Ongoing Risk Assessments are conducted for all the suppliers.
- Completed more than 250 assessments in short time span and awarded as a best performer by the management.
- Perform the risk assessment using the industry recognized GRC tool, Archer.
Senior Software Engineer
WIPRO Technology Services
01.2009 - 03.2016
- Handled 6 members team, and the major activities are to create the RAG reports based on the defined KRI values, for various business units, and to have a call with all BU heads to remediate the findings for their business units.
- Ensuring onsite teams are complying by tracking the teams using the RAG report otherwise called as Scorecard, and able to lead the customer (Senior System Administrative (SA) Manager) calls for discussing the scorecard and will ask for the remediation plan and advise them to overcome these situations.
- Conducting RCSA (Risk control self assessments) on quarterly basis for internal onsite teams to ensure the compliance levels.
- Regarding the outstanding findings for those cannot be remediated; I used to work with business unit heads, BISO (Business Information Security Officer) and TISO (Technical Information Security Officer) to file a CAP (Corrective action plan) or RA (Risk Acceptance) or RE (Risk Exception).
- Conducting vendor risk assessment for HP as vendor support for HP servers on data centers, hence all the HR related controls will be audited for HP vendor to ensure the compliance.
Analyst
Citi Technology Services
05.2007 - 01.2009
- Project Details Overview (WIPRO) Security log review (May 2007 to July 2010)
Education
BCA -
Tamilnadu Open University
01.2011
DECE - Electronics & Communication Engineering
Panimalar polytechnic College
01.2007
SSLC -
Silver jubliee HSS
01.2004
Skills
- Vendor risk assessment
- Cybersecurity management
- PowerBI dashboards
- Third party risk management
- Issue management
- Cybersecurity compliance
- PowerBI reporting
- ISO 27001
Disclaimer
I hereby declare that all the above given information are correct and true to the best of my knowledge.
Personal Information
- Gender: Male
- Nationality: INDIAN
- Marital Status: Married
Languages
English
Proficient
C2
Tamil
Proficient
C2
Timeline
Senior Vendor Cyber Risk Analyst
Thomson Reuters
01.2023 - Current
Assistant Manager
BNP Paribas ISPL
11.2019 - 01.2023
Assistant Consultant
TCS
04.2016 - 10.2019
Senior Software Engineer
WIPRO Technology Services
01.2009 - 03.2016
Analyst
Citi Technology Services
05.2007 - 01.2009
BCA -
Tamilnadu Open University
DECE - Electronics & Communication Engineering
Panimalar polytechnic College
SSLC -
Silver jubliee HSS