Sunil Devaguptapu

Information Security:

• Conducting Risk assessments for projects and acquired entities which are Business Impact Assessments from Confidentiality, Integrity and Availability, Disaster Recovery Objectives, Enterprise Recovery Objectives, Information classification perspective.
• Conducting Legal and Regulatory assessments from Data Privacy, Competitively Sensitive Information, Confidential technical Information which triggers Data Privacy Impact Assessments and Deep Level assessments.
• Checking the audit logging controls.
• Checking group records are present or not. Accordingly create the disposal plan by checking the schedule.
• Checking the personal data fields which are being processed and align the controls accordingly.
• Covering RBAC ( Role Based Access Controls ).
• Assessing Storage and Retention plan for data which is assessed in applications and acquired entities.
• Security Controls generation and creating work instructions.
• Implementation of controls and collecting evidences for appropriate security.
• Checking the design effectiveness of Controls.
• Checking the ISO 27001 controls at the organization level for identifying gaps. E.g. Checking Information Security Policies, Information Governance, Password controls, Physical security controls, Access controls, Removable physical media controls, Contracts and Procurement etc.
• Finding management : Raising the findings for gaps identified in the assessments. Following it up withe stakeholders for mitigation of the gaps by end of the project life cycle.
• Conducted compliance training on a new tool to reduce liability risks and operate effectively.
• Built and maintained relationships with clients to provide ongoing support.
• Involved in Lean to productive initiative.
• Involved in Quality Assurance of Risk Assessments completed by team members.

Data Privacy:

• Conducting data privacy assessments which includes Personal data possessed, purpose of processing which is primacy and secondary purposes.
• Checking the configuration of Data at rest and data at transit.
• Checking the data subjects consents appropriately addresses. E.g Opt in, Opt Out.
• Checking if DPA / DTA is present for vendors or not. Whether it is GDPR compliant.
• Checking for BCR principles.
• Checking the benefits of processing ( E.g. Improve customer service, Delivering benefits to data subjects, Protection of health and security of individual etc.)
• Checking the risks of processing (E.g. Reputational damage, Identity theft, discrimination etc.)
• Checking the data controller and data processor for accepting / rejecting the risk associated.
• Data Subject Access Requests - Produced detailed reports outlining key issues and proposed solutions.
• Working with DPO closely for closing DSARs.
• Improved processes by recommending operational changes.
• Involved in implementing controls around personal data.
• Analyzing the DSAR delays and providing inputs for streamlining the process

Internal Data Privacy Auditor:

• Supporting Data privacy audits for accounts, Business Enablement Functions.
• Evaluating the compliance and performance of against data protection laws as well as own policies and best practices.
• Educating the teams about data compliance who are involved in processing the data in internal accounts and business enablement functions.
• Educating the teams on principles of Privacy by Design and Privacy by default.
• Educating the teams on ISO 27701 ( PIMS ).
• Involved in preparing Data Subject Request and PII Breach Response SOPs for client.
• Involved in preparing the SOP of Privacy Incidents Handling process for the client.
• Involved in checking the SOP related data breach Incident register.
• Involved in checking the documents related to flow of Data processing.
• Involved in raising and closing the Non-Compliances in the internal audits done.

Identity Access Management for client:

• Involved in Implementing Access Controls for mitigating risk.
• Provided consultancy to the teams regrading access controls and compliance.
• Tracking and closure of controls related issues identified from Access reviews and from audit recommendations.
• Prioritize the tasks and assign to team by coordinating with cross functional team(s).
• Provide recommendations to management and clients regarding security and system improvement related operations.
• Supporting ITGC - Change Management, IAM, Operations Management
• Involved in Release Management Activities and coordinating with teams.
• Review of Access Rights every Quarter.
• Involved in Annual Audits conducted by E&Y and KPMG.
• Experience in Incident, Problem and Change Management.
• Conducting the Access management awareness sessions for the users to increase the awareness.
• Checking the appropriateness of Segregation of Duties (SOD) for the Users.
• Maintaining central repository for all on and off Boarding Users.
• Conducting audit related to sensitive data and restricting / provisioning the access to it.
• Involved in the checking the Risk Acceptance criteria of the client.
• Involved in Scrum activities which are daily scrum meetings, sprint planning and retrospection activities.

Identity Access Management for client:

• Involved in Implementing Access Controls for mitigating risk.
• Provided consultancy to the teams regrading access controls and compliance.
• Tracking and closure of controls related issues identified from Access reviews and from audit recommendations.
• Prioritize the tasks and assign to team by coordinating with cross functional team(s).
• Provide recommendations to management and clients regarding security and system improvement related operations.
• Supporting ITGC - Change Management, IAM, Operations Management
• Involved in Release Management Activities and coordinating with teams.
• Review of Access Rights every Quarter.
• Involved in Annual Audits conducted by E&Y and KPMG.
• Experience in Incident, Problem and Change Management.
• Conducting the Access management awareness sessions for the users to increase the awareness.
• Checking the appropriateness of Segregation of Duties (SOD) for the Users.
• Maintaining central repository for all on and off Boarding Users.
• Conducting audit related to sensitive data and restricting / provisioning the access to it.
• Involved in the checking the Risk Acceptance criteria of the client.
• Involved in Scrum activities which are daily scrum meetings, sprint planning and retrospection activities.

Identity Access Management for client:

• Involved in Implementing Access Controls for mitigating risk.
• Provided consultancy to the teams regrading access controls and compliance.
• Tracking and closure of controls related issues identified from Access reviews and from audit recommendations.
• Prioritize the tasks and assign to team by coordinating with cross functional team(s).
• Provide recommendations to management and clients regarding security and system improvement related operations.
• Supporting ITGC - Change Management, IAM, Operations Management
• Review of Access Rights every Quarter.
• Involved in Annual Audits conducted by E&Y and KPMG.
• Experience in Incident, Problem and Change Management.
• Conducting the Access management awareness sessions for the users to increase the awareness.
• Checking the appropriateness of Segregation of Duties (SOD) for the Users.
• Maintaining central repository for all on and off Boarding Users.
• Conducting audit related to sensitive data and restricting / provisioning the access to it.
• Involved in the checking the Risk Acceptance criteria of the client.

• Windows Administrator. Used to monitor windows backup servers in ECC Data Centre (Enterprise Command Centre).

Identity Access Management.

• ID creations.
• Password resets.
• Access management.