Summary
Overview
Work History
Education
Skills
Certification
Personal Information
Languages
Accomplishments
Affiliations
Timeline
Generic

Sandeep Gajjala

Hyderabad

Summary

Dynamic Information Security professional with extensive experience at TATA Advanced Systems Limited, excelling in cyber security compliance and risk management. Proven track record in implementing ISO 27001 and NIST frameworks, enhancing organizational security posture. Strong analytical skills and a commitment to continuous improvement drive successful project execution and stakeholder collaboration. Goal-driven analyst polished in managing and breaking down large volumes of information. Proactive at heading off issues in operations, workflow and production by uncovering trends affecting business success. Several years of experience in the industry.

Overview

13
13
years of professional experience
1
1
Certification

Work History

Assistant Manager

TATA Advanced Systems Limited
Hyderabad
10.2023 - Current
  • Conducted remediation activities, closed VAPT findings, managed enterprise risk, ensured audit accountability, and reported to the AVP of IT.
  • Conducted internal and external IT security audits to assess compliance and identify vulnerabilities.
  • Executed the execution and continuous improvement of the organization’s cyber security controls focusing on identity and endpoint.
  • Developed policy and procedure documents to enhance organizational security framework.
  • Implemented ISO 27001:2022 and provided certification support.
  • Implement NIST SP 800-171 Standard followed by CMMC Certification Preparedness.
  • Reported all security incidents to senior management and actively participated in the mitigation phase and incident report creation.
  • Executed VAPT Annual Assessment and monitored the remediation to ensure the gap closure happens on given timelines.
  • Act as the technical subject matter expert for security tooling and control operation.
  • Ensured security compliance with customer, contractual, and supplier requirements.
  • Provide technical input to customer security questionnaires, due diligence requests, and assurance artifacts, validating that responses accurately reflect implemented security controls.
  • Provide security input into customer and supplier contracts, including MSAs, SOWs, DPAs, and security schedules, ensuring commitments are technically achievable and aligned to the organization’s security posture.

Sr. ISMS SOX Analyst

Rimini Street Pvt. Ltd.
Hyderabad
04.2022 - 10.2023
  • Supported the ISMS SOX program alongside the VP Global Security.
  • Executed on various SOX compliance activities (Business and IT) in collaboration with business unit representatives.
  • Supported business units and Internal Audit in monitoring remediation activities for control deficiencies to enhance compliance.
  • Analyzed changes in internal controls proposed by business units to ensure the control environment is not adversely impacted.
  • Guided business units on control design.
  • Coordinated daily activities and administrative functions of ISMS and SOX Analyst to support program objectives.
  • Liaised with process owners across business units to create and update process documentation, flowcharts, and risk assessments.
  • Conducted ISO 27001 audits annually to ensure compliance with standards.
  • Managed monthly KPI metrics and developed CIO dashboard to highlight current risks for informed decision-making.

ISMS Analyst

Rimini Street Pvt. Ltd.
Hyderabad
10.2019 - 03.2022
  • Deployed excellent skills in periodic risk, control assessment, and validated potential control gaps, risks to with control owners and remediated them to ensure operating effectiveness.
  • Implemented strategic initiatives aligned with company objectives, ensuring adherence to planned timelines and budget.
  • Coordinated project activities to ensure alignment with timelines and objectives.
  • Managed departmental expenses per RSI policy to ensure initiatives aligned with Rimini's strategy and delivered value within budget constraints.
  • Facilitated professional and personal development activities to enhance team skills, boost performance, and support achievement of organizational goals.
  • Administered day-to-day operational activities and ensured appropriate resources were in place.

Senior Systems Engineer

First American India Pvt. Ltd.
Hyderabad
10.2017 - 10.2019
  • Managed system access control, ensuring segregation of duties and compliance with Sarbanes Oxley (SOX).
  • Oracle ERP Security Administration which includes migrating application security setting from lower test instances to production environment.
  • Established roles and responsibilities in application based on business requirements.
  • Logical Access Control Management, User access certifications.
  • Participated in SDLC phases, monitoring application security configurations throughout.
  • Conducting initial testing on the enhancements, UAT testing.
  • Experience in managing Master Data in Oracle EBS, Hyperion, and Fusion applications.

Process Developer

Genpact Pvt. Ltd.
Hyderabad
06.2013 - 09.2017
  • Assisted with Oracle EBS and other applications, replacing decommissioned systems with upgraded technologies.
  • Executed comprehensive cleanup activities for applications to enhance system performance.
  • Mitigated roles and brought controls on critical information systems.
  • Assisted IT controls for applications related to SOX compliance.
  • Participated in knowledge trainings to become domain expert, enhancing applications with additional functionalities.
  • Served as centralized hub on SharePoint to efficiently resolve user access and application issues.
  • Conducted regular audit reviews on the work and maintained corporate information systems with minimal risk.

Education

B.Tech. - Electronics and Communication Engineering

Jawaharlal Nehru Technological University
Hyderabad
01.2011

Skills

  • Cyber Security
  • NIST framework implementation
  • Risk assessments
  • Governance risk management
  • Compliance management
  • Incident response
  • Access management
  • Third-party risk management
  • Information Security (IS) Planning
  • Information Audits
  • Security Framework
  • Project management
  • Project Execution

Certification

  • ISO 27001:2013 Lead Auditor Certification
  • ISO 31000:2018 Risk Management Principles & Guidelines Implementation
  • Internal Auditor Certification for ISO 27001:2022

Personal Information

Date of Birth: 03/10/90

Languages

English
Proficient (C2)
C2
Telugu
Proficient (C2)
C2
Hindi
Advanced (C1)
C1

Accomplishments

Most Valuable Performer.

Affiliations

Playing Cricket

Timeline

Assistant Manager

TATA Advanced Systems Limited
10.2023 - Current

Sr. ISMS SOX Analyst

Rimini Street Pvt. Ltd.
04.2022 - 10.2023

ISMS Analyst

Rimini Street Pvt. Ltd.
10.2019 - 03.2022

Senior Systems Engineer

First American India Pvt. Ltd.
10.2017 - 10.2019

Process Developer

Genpact Pvt. Ltd.
06.2013 - 09.2017

B.Tech. - Electronics and Communication Engineering

Jawaharlal Nehru Technological University

Similar Profiles

CREATE PROFILE
Sandeep Gajjala