Sai Kiran Battula

Roles and Responsibilities:

• Internal ISMS Checks: Act as an internal auditor to perform monthly Information Security Management System (ISMS) checks in coordination with various internal teams such as the Server Team, Service Delivery, Network, Physical & Environmental Security, and Human Resources.
• Act as the auditee during internal and external audits.
• Responsibilities include scheduling and attending audit meetings, responding to auditor queries on behalf of internal teams, collecting and submitting artifacts, and updating due diligence questionnaires.
• Track and manage vulnerability assessments, penetration testing, and maturity assessments with internal teams and external vendors.
• Collect and share required data to enable vendors or service providers to perform these assessments.
• Regularly review and update organizational policies.
• Ensure version control, review and approval details, and conduct annual policy reviews.
• Draft new policies or update existing ones in line with new processes or tool integrations.
• Review vendor risk questionnaires and assess responses.
• Allocate risk scores and provide recommendations on behalf of the organization during vendor onboarding.
• Escort auditors during audits and provide timely responses to their queries.
• Take notes and document any observations.
• Work with internal teams to close audit findings and submit final reports and evidence to auditors.
• Conduct security awareness sessions for new joiners.
• Organize annual training sessions for all employees.
• Provide L1 support for dark web scanning by coordinating with the user and admin team to reset passwords for compromised accounts.
• Manage and close security incidents raised via the SIEM tool (Sentinel) within the defined timeline.
• Well-versed with industry standards and frameworks such as ISO 27001:2013 & 2022, ITGC controls, SOC 2 Type I & II, Third-Party Risk Management, and Vendor Risk Management.

Roles and Responsibilities:

Third Party Risk Assessment:

Responsible for maintaining supplier life cycle details, sharing supplier request form to gather responses from vendors, validating the evidences, identifying gaps and Issues, Maintaining Metrics, Follow-up till closure of Issues

ISO 27001 Audits:

• Implementing and maintaining the information security standard ISO 27001.
• Performing Internal Audit.
• Review of Policies, Procedures and Standards.
• Conducting Information Security Awareness drive.
• Facilitating Internal and External Audit (ISO 27001).
• Follow up on remediation status of audit issues to ensure timely closure.
• Reviewing of Business Continuity.
• Ensure compliance with ISO 27001standards.
• Performing monthly Access Management on logical access and physical access.
• Review of Physical logs on Weekly basis.
• Verifying 3rd party service provider controls such as
• A) Employees Back ground verification compliance.
• B) Service agreements of Fire Extinguisher service provider.
• C) Physical Security compliance control.
• Identify security events/Incidents by conducting investigation and we report those to relevant authorities.
• Suggesting preventive measures and closures.
• System audit on all controls including client information access data, privileges users, installed software’s, anti-virus updates and version of operating system.
• Accountable for implementation of corrective and preventive action arising out of audits and Security incidents.