Summary
Overview
Work History
Education
Skills
Accomplishments
Timeline
Generic

Sunny Nallala

Summary

Results-driven Information Security professional with over 10 years of experience, including 6.5 years specializing in Governance, Risk, and Compliance (GRC). Proven expertise in conducting internal audits, managing third-party risk assessments, and coordinating enterprise-wide security governance initiatives. Skilled in ensuring regulatory compliance, enhancing security awareness, and mitigating vendor-related risks. Adept at collaborating across teams to implement effective security controls and drive continuous improvement in organizational risk posture.

Overview

12
12
years of professional experience

Work History

GRC Consultant

Wipro Limited
10.2022 - Current
  • Generated and analyzed monthly Key Performance Indicator (KPI) reports to track security metrics and operational efficiency.
  • Led Security Incident Response efforts, effectively mitigating threats including malware infections, phishing campaigns, and data breaches.
  • Executed Periodic User Access Management (PUAM) recertification to ensure role-based access control and compliance with internal policies.
  • Collaborated with cross-functional IT teams to troubleshoot and resolve server connectivity and infrastructure issues.
  • Coordinated with stakeholders to collect and validate audit evidence for compliance and reporting purposes.
  • Reviewed and verified security governance reports submitted by tower leads, escalating discrepancies as needed.
  • Audited onboarding and offboarding processes to ensure proper access provisioning and deprovisioning aligned with security protocols.
  • Monitored and enforced user access controls, ensuring least privilege principles were maintained across systems.
  • Promoted security awareness and compliance by tracking mandatory training completion and implementing awareness campaigns.
  • Investigated and resolved incidents flagged by Data Loss Prevention (DLP) systems, reducing risk of data exfiltration.
  • Conducted root cause analysis of security incidents to identify vulnerabilities and recommend corrective actions.
  • Contributed to a global IT services organization, supporting enterprise-level Governance, Risk, and Compliance (GRC) initiatives.

Associate Manager

HCL Technologies Ltd
08.2022 - 09.2022
  • Company Overview: A multinational IT services and consulting company.
  • Performed internal audits to identify and mitigate security risks.
  • Co-ordinating with various cross functional teams as part of Evidence collection and Management
  • A multinational IT services and consulting company.

GRC Consultant

Auriseg Consulting Private Limited
05.2022 - 08.2022
  • Conducted comprehensive vendor risk assessments, ensuring alignment with organizational security policies and regulatory standards.
  • Executed end-to-end Third-Party Risk Management (TPRM) processes, including onboarding, due diligence, risk evaluation, and continuous monitoring of vendor relationships.
  • Reviewed and analyzed critical contractual documents such as Master Service Agreements (MSAs), Statements of Work (SOWs), and vendor security certifications (e.g., ISO 27001, SOC 2) to validate compliance and mitigate risk.
  • Collaborated with internal stakeholders and external vendors to facilitate risk mitigation strategies, resolve compliance gaps, and maintain secure vendor ecosystems.

Analyst

Unified Softech Pvt Ltd
04.2021 - 04.2022
  • Reviewed vendor contracts for compliance with security policies.
  • Collaborated with IT teams to resolve server connectivity issues.
  • Updated and maintained security policies to align with industry standards.
  • Assisted internal auditors by providing the evidence required by them
  • Followed up on audit findings to ensure timely resolution.

CS Associate

Amazon Development Centre
09.2020 - 03.2021
  • Company Overview: One of the largest e-commerce companies in the world.
  • Assisted customers with account inquiries, order status updates and returns in a fast-paced environment
  • Provided excellent customer service by following the company’s core values
  • Communicated effectively with internal teams regarding escalated issues
  • One of the largest e-commerce companies in the world.

Analyst

Wancura Software Solutions
01.2018 - 08.2020
  • Performs third party risk assessments, identifies issues and/or control gaps
  • Collaborated with IT teams to resolve server connectivity issues.
  • Ensure all vendors are classified and assessments completed in accordance with the VRM policy
  • Ensure all vendor relationships are documented in the VRM system
  • Identify and measure risk associated with vendor security controls
  • Reviewed and validated security reports for accuracy and compliance.
  • Promoted security awareness by tracking and improving training compliance.

Relationship Manager

Adarsha Automotives pvt ltd
12.2013 - 12.2017
  • Company Overview: Non-Technical Role Senior Relationship Manager Sales
  • Strong knowledge of domestic and foreign vehicle specifications
  • Vast understanding of auto financing procedures and guidelines
  • Extensive staff training abilities
  • Comprehensive organizational and communications skills
  • Non-Technical Role Senior Relationship Manager Sales

Education

MBA -

Osmania University
Hyderabad
05-2010

Skills

  • Risk Management
  • Internal Audit
  • Endpoint Security
  • Governance, Risk & Compliance

Accomplishments

  • Streamlined the process in critical situation
  • Successfully identified critical risks through comprehensive assessments.

Timeline

GRC Consultant

Wipro Limited
10.2022 - Current

Associate Manager

HCL Technologies Ltd
08.2022 - 09.2022

GRC Consultant

Auriseg Consulting Private Limited
05.2022 - 08.2022

Analyst

Unified Softech Pvt Ltd
04.2021 - 04.2022

CS Associate

Amazon Development Centre
09.2020 - 03.2021

Analyst

Wancura Software Solutions
01.2018 - 08.2020

Relationship Manager

Adarsha Automotives pvt ltd
12.2013 - 12.2017

MBA -

Osmania University
Sunny Nallala