Samrat Sur

• Enterprise GRC Architecture & Framework Implementation: Orchestrated enterprise-level GRC architecture, designing and implementing comprehensive security solutions aligned with NIST CSF 2.0, ISO 27001, GDPR, and NIST SP 800-53. Led the development and enforcement of robust information security policies and control frameworks.
• Strategic Risk Management & Audit Optimization: Spearheaded the development of a structured risk management program, conducting quantitative risk assessments (NIST SP 800-30) and building actionable risk mitigation strategies that demonstrably improved security posture and compliance maturity. Identified audit opportunities and provided recommendations for internal control enhancements.
• Advanced Security Incident Management & Operations: Architected and optimized security incident management workflows, leveraging MS Defender (EDR), QRadar (SIEM), and Qualys (Vulnerability Management) for advanced threat detection, proactive vulnerability remediation, and orchestration of end-to-end incident response, including forensic investigations of sophisticated attacks.
• Technical Security Assessments & Hardening: Led in-depth compliance assessments (ISO 27001, GDPR, Data Privacy) and performed detailed internal security reviews of critical infrastructure, including servers, web servers, databases, and network devices. Developed and implemented technical hardening recommendations for operating systems and network perimeters to address identified vulnerabilities and reduce attack surface.
• Third-Party Risk Management (TPRM) & Cloud Infrastructure Security: Established and managed a comprehensive Third-Party Risk Management (TPRM) program, conducting in-depth security assessments of vendors and supply chain partners to ensure contractual compliance and mitigate external attack surface risks. Contributed significantly to strengthening cloud infrastructure security within Azure, focusing on secure framework deployment and robust access management.
• Policy Enforcement & Security Awareness Engineering: Enforced cybersecurity best practices and technical security controls across information systems, standards, and directives. Developed and delivered targeted security awareness training programs that measurably cultivated a vigilant organizational security culture and improved adherence to security policies, significantly mitigating human-factor risks.

• Led End-to-End IT and Information System Audits: Accountable for leading comprehensive IT and information system audits across Tech Mahindra's global delivery centers and diverse client systems. Conducted in-depth reviews of general controls, application controls, security policies, and procedures to ensure robust compliance and operational effectiveness.
• Conducted Comprehensive IT Risk Assessments & Mitigation: Performed detailed IT risk assessments across complex systems, identifying critical vulnerabilities, assessing potential impacts, and designing technical security features and controls to mitigate identified risks in alignment with organizational objectives.
• Drove Regulatory Compliance & Strategic Reporting: Supported annual internal and external compliance activities by meticulously monitoring audit statuses, preparing detailed metrics, and generating comprehensive reports for senior management. Provided actionable insights for continuous control improvement and regulatory adherence.
• Managed Security Incident Investigations & Stakeholder Collaboration: Conducted forensic investigations related to critical loss prevention and fraud incidents, ensuring meticulous evidence integrity. Fostered strategic relationships between the internal audit function and IT organization to streamline security initiatives and enhance interdepartmental synergy.

Facilitated secure access & user education: Managed user access and permissions, troubleshooting login and system access problems; communicated technical solutions clearly to non-technical users, enhancing system stability and promoting basic security awareness.

Executed critical operational processes with high accuracy: Managed and executed daily operational processes, ensuring meticulous adherence to established guidelines and maintaining stringent data accuracy to support timely and reliable business outcomes.