Sreenu Rayavarapu

COMPLIANCE :

• Hired as the organizational authority on information confidentiality, integrity and availability
• A strong understanding of assurance in ISO/IEC 27001
• Ensure effective levels of data asset protection are in place and monitored including firewall, data loss / data leakage and intrusion detection and prevention.
• Create and manage a targeted information security awareness training program for all employees, contractors
• Documented and reviewed information security policies
• Provide regular reporting on current status of information security program to senior leadership team
• Conducted intensive safety audits and investigated reported issues, accidents and near-misses
• Answered questionnaires sent by client regarding information security
• Provided valuable compliance advice to the business unit management policies, controls, and procedures.

BUSINESS CONTINUITY MANAGEMENT:

• Ensure that Business Continuity program components (Business Impact Analysis, Risk Assessments, plans, strategies, etc.) are up to date and effective
• Plan and design risk management processes, and review and update policies and procedures to maintain effective risk control environment
• Ensure that new projects/ processes are integrated into the existing business continuity plan with the help of change management team and the relevant plans are reviewed and updated accordingly.
• Discuss the BCP documentation details with operations and conduct periodic review on their continuity plan.

THIRD PARTY RISK MANAGEMENT(TPRM):
• Conducted comprehensive risk assessments of third-party vendors to evaluate their security posture,compliance with regulations,and overall risk exposure.
• Developed and performed robust vendor risk management frameworks and processes to ensure compliance with industry standards and regulatory requirements.
• Monitored and tracked vendor performance and compliance through regular audits, reviews, and assessments.
• Reviewed and analyzed security documentation and reports provided by vendors, such as SOC reports, VAPT reports, and compliance certifications.
• Established KRIsand performance metrics to measure the effectiveness of vendor risk management activities.
• dentified and assessedrisks associated with third-party vendors and performed mitigation strategies to address them proactively.