Summary
Overview
Work History
Education
Skills
Certification
Languages
Hobbies and Interests
Awards
Duties Performed
Timeline
Generic
Sai Ravi Kuchimanchi

Sai Ravi Kuchimanchi

Hyderabad,Telangana

Summary

Overall 9+ years of implementation of Information security and auditing experience in ISO 27001 (Information Security Management Systems) – 2013 & 2022 NIST SP 800-82 (Operational Technology Security) BS 10012 (GDPR) Implementation SSAE 16 (SOC II Type 2 Assessment) ISO 31000:2009 (Risk Management) HIPAA Experience in Handling security related client Questionnaire's Conducting Third party risk assessment through OneTrust Data Privacy Impact assessment Preparation of Procedure, Policies and Guidelines for IT Data Inventory and Data Flow Diagrams Access Management Incident Management Patch Management Analysis Certified ISO 27k Lead Auditor with more than five-hundred-person hours of conducting Information security audits. Process Consulting for 20+ projects, Administration, HR - Tag and IT department.

Overview

12
12
years of professional experience
1
1
Certification

Work History

Principal Specialist - GRC

Solenis
09.2021 - Current
  • Sept 2021 – Till date with Solenis GSS Hyderabad as Principal Specialist – Governance, Risk and Compliance
  • Key Result Areas
  • Working as Digital Security Analyst: Primarily responsible for Information Security Assessments, Operation Technology Assessments, Security Audits, Security trainings, and IS Compliance requirements in Solenis.
  • Duties:
  • Gained valuable experience in handling major external assessments.
  • CyberVadis
  • EcoVadis
  • Swift Assessment
  • Aon Assessment
  • Platinum CTO Assessments
  • PWC Audits
  • Coordinator for ISO 27001 external audit and SOC 2 Type 1 assessments.
  • Conducted OT cybersecurity assessments in accordance with NIST SP 800-82r3 for over twenty sites.
  • Created an OT cybersecurity policy document with the assistance of the IT & OT security team.
  • Created a TPRM process (Templates, Risks, Assessment flow, and Conditions) in OneTrust.
  • Conducted third party risk management assessments with existing Vendors/On boarding vendors through OneTrust tool.
  • Manage cookie consent process in OneTrust.
  • Delivered risk management and privacy trainings across all the employees globally.
  • Worked and effectively finished the external security assessment questionnaire that clients/customers provided within the allotted time.
  • Performing Information security gaps assessment for support functions (IT, HR, Admin, Finance &Marketing).
  • Developing new IT-related documents and improving existing ones in compliance with ISO 27K standard.
  • Conducting Data privacy impact assessment (DPIA) through OneTrust for all PII applicable projects and vendors.
  • Managing GRC tool for risk tracking and closure of audit findings.
  • Prepare and provide the CISO with analytical reports on the tasks completed on a weekly and monthly basis.
  • Create security awareness trainings to all employees and contractors.
  • Initiated cloud security assessment activity in OneTrust tool.
  • Managed Claroty - threat detection tool for OT.

Sr. Executive – PMG

ValueLabs
02.2019 - 05.2021
    • Feb 2019 – May 2021 with ValueLabs. Hyderabad as Sr. Executive – PMG
    • Key Result Areas
    • Worked as Sr. Executive – PMG: Primarily responsible for making Support functions (IT & Admin) and projects compliant to Industry standards which is integration of Information Security & Compliance requirements and Quality standards in ValueLab.
    • Duties:
    • Information Security - ISO 27001:2013, ISO 27001:2022, GDPR (BS 10012), SSAE 16, HIPAA and ISO 31000:2009
    • Quality – ISO 9001:2018, CMMI SVC v1.3 and Dev v2.0
    • Duties Performed:
    • Deliver Information security and GDPR awareness trainings.
    • Handling client questionnaire for new business prospects.
    • Internal Security Audits and Gap Assessment.
    • Enterprise Security related Risk Management.
    • Personal Information Management System (PIMS) Implementation.
    • Carry Privacy impact assessment for applicable projects.
    • Update and maintain the security objective policies and Procedures.
    • Support for IT and Admin to face external Audits.
    • Spot-checks for any security gaps in the Projects.
    • IT Asset Management verification
    • Logical and Physical Access Reconciliation.
    • Patch Management Analysis.
    • Organize Management Review Meetings on the Risk Assessment.
    • Incident Management.
    • Org Wide BCP –DR Implementation.
    • Floors walk Inspections on the server and Hub rooms to check any vulnerability for any security breach.
    • Process Facilitation for 30+ projects.
    • Metrics implementation.
    • Gap analysis.
    • Organize the status review meeting and Action items tracking and closure.
    • Internal Audits.
    • Risk Management for Quality.
    • PCI tracking.

Quality Assurance Engineer

Cigniti Technologies LTD
02.2014 - 01.2019
  • Feb 2014 – Jan' 2019 with Cigniti Technologies LTD. Hyderabad as Quality Assurance Engineer
  • Key Result Areas
  • Worked as Quality Assurance Engineer (Process Management Group) responsible for the complete maintenance of the organization Integrated management system, which is an integration of Quality, Information Security & Compliance requirements in Cigniti.
  • Duties:
  • Working together with delivery managers, project teams, leads (POC), and support functions (HR, IT, etc.) to promote quality enhancements and security control initiatives.
  • In my capacity as an internal auditor, I checked the project's overall health by auditing.
  • Part of ISO 27k (ISMS Audits), SOC Type 1 and 2 & CMMI Appraisal svc 1.5
  • Process compliance ownership for more than 20 projects, including ISMS audits and high revenue generating projects.
  • As a process consultant in charge of ensuring that process activities are followed, such as reviewing all status reports on a daily, weekly, and monthly basis, Create the Levels 1 and 2 SDR (Service Delivery Report) and PCI (Process Compliance Index) scores.
  • Perform the client satisfaction surveys for each project team, keep track of the open action actions from the comments that we receive from clients, and assist the process team in creating an organizational level analysis report.
  • To raise the new project teams' and resources' knowledge of quality by providing a training session on QMS and ISMS, ISO 31000 Risk Management, Agile, etc.
  • Identify the issues and risks, record them, and follow up with the project teams frequently to ensure mitigation measures are taken.
  • Responsible for assisting project teams in achieving their goals and streamlining the process in recently launched projects.
  • Ensure that all projects meeting my requirements adhere to QMS and ISO standards, such as 9001 and 27001.
  • Create a RACI (Responsible, Accountable, consulted, and Accountable) matrix to clarify roles and responsibilities for each project.

Market Research and Social Media Analyst

Hydus Technologies
04.2013 - 01.2014
    • Apr '13- Jan' 14 with Hydus Technologies, Hyderabad as Market Research and Social Media Analyst
    • Key Result Areas
    • Worked as Market research and Social Media Analyst in Hydus Technologies – An Enterprise Information Management Company
    • Duties:
    • Utilizing research platforms such as Jigsaw, InsideView, ZoomInfo, LinkedIn, and Hoovers to provide leads to the company.
    • Help the Inside Sales Team in their endeavors by offering the data and information needed for lead creation and contributing to team-selling processes.
    • Provide the inside sales team with essential information by conducting research on specific contacts or prospects within each account, including phone numbers and email addresses.
    • Research and provide information in Salesforce regarding the technology that a prospective employer employ.
    • Generating leads via webinars and social media campaigns

Education

MBA - Marketing & HR

Institute of Public Enterprise
Hyderabad
06.2012

Bachelor of Technology - IT

ANITS (Anil Neerukonda Institute of Science And Technology)
Visakhapatnam
06.2009

Intermediate -

Narayana Junior College
Visakhapatnam
04.2005

Secondary School Leaving Certificate -

Jassver School
Visakhapatnam
04.2003

Skills

  • ITIL Basic Foundation
  • Tableau, MS power BI and MySQL
  • Excel, PowerPoint, and Word
  • Internal Security Trainer for
  • ISMS (ISO 27001:2013) & (ISO 27001:2022)
  • BS 10012(GDPR)
  • Data Privacy
  • HIPAA
  • Risk Management (ISO 31000)

Certification

  • Certified Information Systems Auditor (CISA) from ISACA
  • Certified ISO 27001:2022 Lead Auditor from Certification Partner Global (CPG)
  • Certified ISO 27001:2013 Lead Auditor from IRCA/CQI
  • Certified PCI DSS from BSI
  • Certified ISO 31000 Risk Manager from PECB
  • Certified ITIL V3 and ITSM Foundation from Exin
  • Certified Internal auditor for Cigniti through BIA program

Languages

English
Hindi
Telugu

Hobbies and Interests

Social works, reading books, and travelling

Awards

Best performer awards for five quarters of on-time completion of external assessments., Received recognition for continuously receiving a 4/4 feedback score on security trainings., Bagged Super star of the Quarter for SOC 2 Type 2 Assessment support in ValueLabs, Received appreciation certificates CMMI L5 SVC 1.3 & 2.0 SCAMPI 2018 & 2019 appraisals., Bagged 1st prize in Ad Making and Open and Explore Competition 2010 Samiti held at IPE, Active participant many school and college functions

Duties Performed

  • Sept 2021 – Till date with Solenis GSS Hyderabad as Principal Specialist – Governance, Risk and Compliance
  • Key Result Areas
  • Working as Digital Security Analyst: Primarily responsible for Information Security Assessments, Operation Technology Assessments, Security Audits, Security trainings, and IS Compliance requirements in Solenis.
  • Duties:
  • Gained valuable experience in handling major external assessments.
  • CyberVadis
  • EcoVadis
  • Swift Assessment
  • Aon Assessment
  • Platinum CTO Assessments
  • PWC Audits
  • Coordinator for ISO 27001 external audit and SOC 2 Type 1 assessments.
  • Conducted OT cybersecurity assessments in accordance with NIST SP 800-82r3 for over twenty sites.
  • Created an OT cybersecurity policy document with the assistance of the IT & OT security team.
  • Created a TPRM process (Templates, Risks, Assessment flow, and Conditions) in OneTrust.
  • Conducted third party risk management assessments with existing Vendors/On boarding vendors through OneTrust tool.
  • Manage cookie consent process in OneTrust.
  • Delivered risk management and privacy trainings across all the employees globally.
  • Worked and effectively finished the external security assessment questionnaire that clients/customers provided within the allotted time.
  • Performing Information security gaps assessment for support functions (IT, HR, Admin, Finance &Marketing).
  • Developing new IT-related documents and improving existing ones in compliance with ISO 27K standard.
  • Conducting Data privacy impact assessment (DPIA) through OneTrust for all PII applicable projects and vendors.
  • Managing GRC tool for risk tracking and closure of audit findings.
  • Prepare and provide the CISO with analytical reports on the tasks completed on a weekly and monthly basis.
  • Create security awareness trainings to all employees and contractors.
  • Initiated cloud security assessment activity in OneTrust tool.
  • Managed Claroty - threat detection tool for OT.

Timeline

Principal Specialist - GRC

Solenis
09.2021 - Current

Sr. Executive – PMG

ValueLabs
02.2019 - 05.2021

Quality Assurance Engineer

Cigniti Technologies LTD
02.2014 - 01.2019

Market Research and Social Media Analyst

Hydus Technologies
04.2013 - 01.2014

MBA - Marketing & HR

Institute of Public Enterprise

Bachelor of Technology - IT

ANITS (Anil Neerukonda Institute of Science And Technology)

Intermediate -

Narayana Junior College

Secondary School Leaving Certificate -

Jassver School

Similar Profiles

CREATE PROFILE
Sai Ravi Kuchimanchi