Reading, Travelling, Cricket
Sandeep K Menon
Information Security Risk Management - Third Party Risk Management
Bengaluru
Summary
Self-assured individual considered well-trained Security Consultant with more than 20+ years of experience. Flexible and poised promoting well-developed skills in IT Risk and Third Part Risk Assessments .
Experienced with identifying and mitigating security threats through comprehensive assessments. Utilizes advanced techniques to ensure protective measures are effective and responsive to changing environments. Strong understanding of security protocol development and implementation, ensuring organizational safety and compliance.
Overview
22
22
years of professional experience
2001
2001
years of post-secondary education
3
3
Certifications
4
4
Languages
Work History
Lead Security Consultant
Allstate India Private Limited
03.2023 - Current
- Conducted thorough risk assessments of third-party vendors to ensure compliance with security, regulatory, and operational standards by working with Sourcing, Legal and Business Teams.
- Evaluated vendor risks, improved due diligence processes, mitigated potential threats through AI Tool - VISO which evaluates suppliers through a set of questions and documents uploaded by supplier either from Trust Center or from webpage which was onboarded and in addition evaluated Information Security Supplier Assessments and Data Privacy with Legal and Sourcing teams. A management summary was prepared post evaluation for senior leadership and uploaded to Archer for completion.
- Assessed vendor security policies and controls to identify vulnerabilities and ensure alignment with industry best practices with our AI Tool - VISO. Any vulnerabilities in PenTest reports of supplier found, post further investigation a Risk Finding was raised in Archer tool and assigned to business to remediate.
- Managed third-party risk audits, ensuring compliance with internal policies and external regulatory requirements. Led third-party risk assessment and ensured business continuity by assessing vendor dependencies and recommending contingency plans.
- Worked with business to identify Cyber Risks and assisted them to convert into a Security Findings and worked with business to ensure a Remediation Plan is in place based on criticality and its impact to ensure its sorted soon, else work with Governance Working Group which consist of senior security leaders of Allstate to ensure an extension is provided with valid justification either to Exception or Risk Finding. A presentation to the Working committee is prepared with Business Information Security Officer and Business and presented which justifies the Finding and current timeline for remediation and necessary fixes for same.
Team Leader ODC Projects
Morgan Stanley
09.2005 - Current
- Deputed to Morgan Stanley (P) Ltd. site as ODC Level 3 Escalation Engineer and reporting to the Vice President Technology and leading a team of 4 resources to set up and steady state of the ODC for the client.
- Accountable to lead the team for service delivery to the client along with Real Time & continuous follow-up with global support teams for Critical incident resolution.
- Managing the coordination activities during overall ticket life cycle while providing support services to the client.
- Responsible for ensuring that the Incident record is fully updated prior to Problem Management handover and for sending all Incident notifications as per agreed process.
- Spearheading continuous follow-up with support team for relevant notification updates per SLA and drive incident resolution, following the global Service Restoration Management Process.
- Providing input to and coordinate the development of the Root Cause Analysis (RCA), including initial recommendations.
Senior IT-Disaster Recovery Expert
T-Systems ICT India
06.2019 - 03.2023
- Company Overview: for Client Shell India
- 3yrs 4 Months in T-Systems, joined Bangalore centre on June 2019 as Senior IT Disaster Recovery Expert for their prestigious client Shell India. Duties include support of Disaster Recovery activities and Risk Management, including DR and BCP Audits. Have overall 10 yrs. of experience in Disaster Recovery/Business Continuity.
- Senior Subject Matter Expert (SME) responsibilities include support in peer-to-peer forums with customer representatives, other vendors and operational integrator (OI).
- Successfully completed a program to migrate applications on FCI (Future Cloud Infrastructure) of TSI and tested the DR capabilities by building the runbook from scratch.
- Successfully worked with migration team for lift and shift project for migrating infra for TSI Datacenters as part of Future Cloud Infrastructure (FCI) and conducted POC testing post migration.
- Ensured that the DR tests performed where successfully performed with 100% success rate with no failure by modifying runbooks and ensuring all critical risk factors are considered.
- To ensure that supported BCP/DRP’s are in place, adequately documented, reviewed, updated and tested in accordance to contractual obligations so that the contractually agreed service levels are met therefore avoiding potential penalties for non-compliance.
- Exceed SLA targets by driving service management disciplines around incident, change, and problem management.
- Perform Standalone, Annual, Integrated Datacenter (IDD) DR test, Custom DR Test to the landscapes that has been subscribed to DR solution so that it fulfills the compliance of the contract.
- Create the DR activity in the Checklist/Runbook for the DR Activity and then validate it with the engineering team or service line.
- Participated in real live disaster situation in our Houston DC which was affected by rough weather conditions and restored critical training applications to alternate DC and successfully restored them back once the situation eased.
- Conducted Stress-Testing of running applications for 1 week from alternate DC for a week as per request from customer, which includes regular monitoring, Health check updates of critical servers, network traffic monitoring etc.
- Direct life-cycle management (LCM) activities to maintain up to date technical documentation, including production & recovery configurations, application dependency maps, run books, patching schedules, overall solution architecture document, recovery strategies / plans and contract change.
- Schedule the business call with the customer to understand their requirement and update the DR planning progress.
- Ensure the RTO meets the DR solution that the customer had subscribed for their landscape.
- Create the posttest report, DR plan document and update the record for the application that tested the DR.
- Follow up on the permanent solution apply on the issue happened during the DR test and ensure the problem ticket is create to get record the remediation.
- Perform the documentation review and follow up the customer sign-off.
- Update the weekly reporting to the high management.
- Engage in BCP/DR Corporate Audits to ensure all the documents are compliant from BC/DR perspective. In addition, also participate in external Audits to ensure firm is compliant.
- For Client Shell India
Project Manager
Wipro Infotech
08.2015 - 05.2019
- Company Overview: for a leading Australian Bank
- 3 yrs. 8 months experience in Wipro and joined Bangalore centre on Aug 31, 2015, as Project Manager for a leading Australian Investment Bank. Last working date was 30th May 2019. Duties include support of Disaster Recovery activities and Risk Management for Investment Bank. Have overall 8 yrs. of experience in Disaster Recovery.
- Consulting engagement on managing and optimizing Disaster Recovery & Business Continuity Process for Client Business and Technology Services and handling team of 4 members.
- Preparing Asset Criticality Assessments for new and other banking assets which are being introduced or upgraded in bank after reviewing Technical Solutions Overview document.
- Liaising with Client Project & Business Stakeholders on performing Business Impact Analysis by evaluating internal & external factors, regulatory compliance requirements, financial loss to Business.
- Developing and executing Business Continuity Plans for various processes and functions, Review/update existing plans and procedures at regular intervals as well as testing the same.
- For a leading Australian Bank
Onsite Engineer for Morgan Stanley
Newtech Computer Services (P) Ltd.
05.2011 - 07.2015
- Company Overview: on contract with Morgan Stanley
- Reinforce the need for a Business Continuity program, resilience strategies and verify recovery objectives are sufficient to recover the business as identified by the organizations requirements. Facilitate the Business Continuity Management testing program for Technology Divisions. Work with business departments to understand test objectives, scope and assist in the execution of the test.
- Assess the business continuity implications of proposed technological or organizational changes. Coordinate revisions to existing business continuity plans or procedures through change control methods.
- Mature existing corporate wide business continuity programs across multiple teams and discipline while maintaining audit readiness.
- Drive emergency management responses using the Dialogic RNS and Everbridge system structure.
- Design and administer recovery support and direct business resumption staff during a disaster in the implementation of response and alternate operating strategies. Conduct disaster recovery tests for Morgan Stanley’s Data Centre’s in Asia Pacific in order to check the resiliency and DR standards.
- On contract with Morgan Stanley
Technical Support Associate
Accenture Services (P) Ltd.
03.2005 - 08.2005
- Accountable for installation, configuration and resolution of technical issues related to Symantec products.
- Analyzed the ISP issues for a major ISP like Southern Bell Communications Yahoo DSL Services.
- Involved in troubleshooting for installation of software on broadband / cable/ dialup networks.
- Analyzed and resolved technical issues pertaining to installation of Symantec products like Norton Antivirus, Norton Personal Firewall and Norton Anti-Spam.
- Enhanced customer satisfaction through qualitative service delivery and prompt resolution of queries/issues.
Technical Support Associate
Wipro Spectramind Services Ltd.
08.2003 - 11.2004
- Responsible for providing technical support to clients with compliance to service delivery metrics.
- Prepared and compiled various weekly / monthly MIS reports related to process and productivity.
- Involved in installation of patches on Anti viruses supplied by DELL computers as well as installation of service packs and troubleshooting of software, Internet and hardware related issues.
- Handled internet issues with regards to connectivity, browser issues, modem problems installation of internet software, membership queries etc on AOL.
- Maximized customer satisfaction through efficient call management and qualitative service delivery.
Associate
Birla Sun Life Mutual Funds
04.2003 - 07.2003
Education
B. Com. - Accounting
Mumbai University
Diploma - Software Engineering
Aptech Computer Education
Skills
Risk assessment
Cybersecurity risk management
Risk mitigation strategies
Risk assessment and mitigation
Internal compliance assessment
Excellent communication
Decision-making
Data safeguarding practices
Disaster recovery planning
Business continuity planning
Professional Highlights
- 2+ years of experience in third-party risk management, vendor due diligence, and regulatory compliance.
- Proven expertise in identifying, assessing, and mitigating risks associated with third-party relationships.
- Adept at using GRC tools and delivering executive-level insights through impactful risk reporting.
Update
06/01/22
Key Highlights
- Conducted end-to-end risk assessments for 200+ vendors annually, resulting in an 80% improvement in issue remediation timelines.
- Used AI tool VISO to automate vendor onboarding and risk scoring system, reducing onboarding cycle time by 60%.
- Collaborated with Legal, Procurement to develop a unified third-party governance policy aligned with enterprise risk appetite.
Awards
- Commendation from leading Australian Bank for best support and work done for FY-18.
- Award of Excellence in Wipro for Technical Consulting in FY-2018.
- Best Engineer on site by the IT Management team of Morgan Stanley.
Personal Information
- Passport Number: Z6730056
- Date of Birth: 07/22/77
- Marital Status: Married
Accomplishments
- Achieved quick faster result by introducing AI Tool by working with internal teams doing POC testing for Supplier Security Assessment tasks.
- Resolved and changed the format for Information Supplier Security Assessment document which led to smooth onboarding of suppliers before the contract agreement signatures.
- Achieved new way of closing out Risk Findings by proper monitoring and closure by automating the workflow in Archer with Archer development team. Worked with the team to built report structure in PowerBi.
Certification
ITIL
Interests
Cricket, Hiking, Reading, Travelling
🏏 Cricket A passionate team sport enthusiast, I enjoy playing and following cricket, Whether it's a T20 or a world cup showdown, the game keeps me sharp and energized and its the pulse of India.
🥾 Hiking Exploring nature trails is my way of recharging. Hiking helps me stay physically active while cultivating patience, resilience, and an appreciation for the outdoors. From forest treks to hilltop views, every step is a reminder of balance between challenge and tranquility. Have been to forts of Maharashtra, Raigad, Rajmachi, Dukes Point.
📚 Reading I find great joy in reading a mix of Sci-fiction, Philosophy and other good reads related to academics or corporate world . It fuels my curiosity, expands my worldview. Whether it's a gripping novel or a thought-provoking article, I see reading as both relaxation and continuous learning.
✈️ Travelling An avid traveler, I love discovering new cultures, cuisines, and perspectives. Am a big time foodie.
Timeline
BSI - ISO/IEC 27001:2022 Lead Implementer
11-2024
Lead Security Consultant
Allstate India Private Limited
03.2023 - Current
Senior IT-Disaster Recovery Expert
T-Systems ICT India
06.2019 - 03.2023
Project Manager
Wipro Infotech
08.2015 - 05.2019
ITIL
05-2012
Onsite Engineer for Morgan Stanley
Newtech Computer Services (P) Ltd.
05.2011 - 07.2015
Team Leader ODC Projects
Morgan Stanley
09.2005 - Current
Technical Support Associate
Accenture Services (P) Ltd.
03.2005 - 08.2005
Technical Support Associate
Wipro Spectramind Services Ltd.
08.2003 - 11.2004
Associate
Birla Sun Life Mutual Funds
04.2003 - 07.2003
Higher Diploma In Software Engineering - Aptech
12-1999
Diploma - Software Engineering
Aptech Computer Education
B. Com. - Accounting
Mumbai University
Similar Profiles
Anurag RaiAnurag Rai
Senior Auditor at Allstate India Private LimitedSenior Auditor at Allstate India Private Limited
SIDDHARTH JAINSIDDHARTH JAIN
Data Scientist at Allstate India Private LimitedData Scientist at Allstate India Private Limited
THEJASHWINI M.RTHEJASHWINI M.R
Analayst at Allstate India Private LimitedAnalayst at Allstate India Private Limited
Ashvin B GAshvin B G
Advocate at M.A.R ASSOCIATESAdvocate at M.A.R ASSOCIATES
Payal KamraPayal Kamra
Manager at M/s Deloitte Haskins & Sells LLPManager at M/s Deloitte Haskins & Sells LLP