Saravanan Swaminathan

Developed and implemented a comprehensive technology compliance strategy tailored for ServiceNow, ensuring alignment with regulatory frameworks such as PCI DSS, SOC2 and SOX.

Led a team responsible for assessing, monitoring, and reporting on compliance with regulatory requirements, maintaining a high standard of adherence across ServiceNow initiatives.

Collaborated closely with cross-functional teams including Legal, IT Security, and Risk Management to interpret and apply compliance requirements effectively within ServiceNow projects and operations.

Established and maintained effective relationships with external auditors and regulatory bodies, facilitating smooth audits and ensuring compliance validation.

Conducted regular audits and assessments of ServiceNow configurations, workflows, and data handling practices to identify and mitigate compliance risks.

Provided expert guidance to project teams and stakeholders on compliance-related matters, ensuring alignment with organizational goals and regulatory requirements.

Stayed informed about emerging compliance trends, technologies, and best practices within the ServiceNow ecosystem, integrating new insights to enhance compliance strategies and operational efficiency.

Oversaw and managed security portfolios, ensuring robust protection measures and adherence to PCI DSS compliance standards for PayPal and its subsidiaries.

Implemented and maintained rigorous technology controls to safeguard sensitive data and mitigate cyber threats across organizational systems and platforms.

Collaborated with cross-functional teams to develop and enforce security policies, procedures, and best practices, ensuring alignment with industry standards and regulatory requirements.

Led initiatives to enhance cybersecurity posture, conducting regular audits and assessments to identify vulnerabilities and implement proactive remediation measures.

Provided strategic guidance and technical expertise to stakeholders on security and compliance matters, fostering a culture of security awareness and accountability within the organization.

Played a key role in maintaining effective relationships with regulatory bodies and external auditors, facilitating successful audits and ensuring continuous compliance with industry regulations

• In my role at MKPSG, I undertook diverse responsibilities that aligned with the organization's mission: Conducted successful compliance audits for technology and financial service firms, evaluating adherence to standards like PCI DSS, SSAE 18, and SOX
• Offered strategic insights to bolster security measures
• Led comprehensive technology risk assessments for multiple tech companies, aligning their security practices with industry frameworks to assess security and risk landscapes
• Played a key role in evaluating information security controls and related process to uplift various compliance programs as per rapidly changing risk landscape
• Innovatively sought automation opportunities, streamlining processes in line with security best practices
• Conducted training sessions on security awareness, controls lifecycle management, and tech compliance audits, fostering a security-conscious culture
• Specialized in PKI audits, meticulously evaluating root and certifying authorities' compliance with local regulations and standards
• Exhibited adaptability through involvement in special projects, thriving in a dynamic environment and driving positive contributions amid change
• Overall, my tenure at MKPSG centered on ensuring compliance, bolstering security practices, and executing effective risk assessments.

• In my role as a GRC Consultant at Secure Logic, I've taken a proactive stance in leading and executing various compliance-related engagements
• Some of my key contributions include: Assuming a central role in scoping, designing, implementing, and executing technology compliance audits
• This has encompassed the orchestration of audit test work and ensuring that the resulting audit documentation is not only comprehensive but also aligned with established methodologies
• Conducting thorough technology compliance Gap Analysis for significant compliance frameworks such as SOC, and PCI DSS
• My involvement has extended to collaborating closely with organizations to aid them in achieving compliant status, proactively addressing any existing gaps
• Engaging in Internal Audits, which necessitates a comprehensive assessment of organizations against their internal information security risk policies, procedures, as well as industry benchmarks
• Maintaining an unwavering focus on compliance and controls, with continuous monitoring at the core of my responsibilities
• This vigilance has been instrumental in promptly identifying any potential drift or emerging changes within the dynamic technology risk landscape
• Throughout my tenure at Secure Logic, I've been entrusted with multifaceted responsibilities that span scoping, design, implementation, and continuous monitoring of technology compliance initiatives.

• Conducting in-depth Gap Analyses for significant compliance frameworks such as SOX, SOC, and PCI DSS
• Collaborating closely with organizations to guide them towards compliance, addressing gaps proactively
• Engaging in thorough Internal Audits, assessing organizations against internal risk policies, procedures, and industry benchmarks
• Maintaining a vigilant focus on compliance and controls, with continuous monitoring as a cornerstone
• Swiftly identifying potential deviations or emerging changes within the dynamic tech risk landscape
• Providing crucial support in implementing measures aligned with regulatory frameworks like PCI DSS, SOC, and SOX
• Guiding organizations through the intricate process of achieving compliance with these robust standards
• Throughout my role at MKPSG, I've demonstrated a commitment to comprehensive compliance management.

• As an Audit Manager at Nelson & Jegannathan, I've undertaken a comprehensive range of responsibilities to fortify compliance within the Information Security Program
• Key highlights of my contributions include: Supervising diverse internal audits within the Information Security Program, ensuring adherence to internal security policies and relevant regulations
• Spearheading the development and execution of compliance monitoring and enhancement activities, proactively aligning with internal policies and external regulations
• Leading the planning and execution of control design and operating effectiveness testing
• Ensuring meticulous documentation and clear communication of test outcomes
• Defining tactical steps, addressing control criteria, and rigorously testing control operating effectiveness
• Maintaining a precise system and control inventory, including identifying supporting roles, crucial for effective compliance management
• Actively contributing to enhancing internal controls through analytics and automation, fostering adaptive controls in response to evolving risk landscapes
• Throughout my tenure as Audit Manager, I've showcased a resolute commitment to compliance, robust internal controls, and continuous improvement.