Overview
Work History
Education
Skills
Tools Used
Certification
Personal Information
Skills Summary
Timeline
Generic

Suraj Ramesh Pednekar

Thane West

Overview

12
12
years of professional experience
4
4
Certifications

Work History

Risk Assessment Lead (TPRM)

Atlas Systems
02.2021 - Current
  • Perform vendor third-party risk assessments to ensure client data is protected, security gaps are identified, and remediation efforts are tracked and monitored.
  • Identify, assess, and continuously monitor vendors’ security postures, including but not limited to system architecture, designs, Infrastructure security, data protection lifecycle, penetration testing, software engineering practices, training, certifications, and audits.
  • Conduct remote audits against vendors’ systems, policies, training, and security practices.
  • Lead team in performing due diligence on third-party vendors' security assessments, reassessments, and audits.

GRC Consultant at Client - IndiaFirst Life Insurance

Sequretek IT Solutions Pvt. Ltd.
09.2020 - 02.2021
  • Implements security controls, risk assessment framework, and program that align with regulatory requirements.
  • Evaluate risks and develop security standards, procedures, and controls to manage risks.
  • Perform User access recertification and reconciliation.
  • Creating monthly information security awareness training for all departments and their users.
  • In-person risk assessment/ audit for IFL critical vendors.

InfoSec SPOC (Reliance JIO Telecom Contact Center)

ASM Enterprise Solutions Pvt. Ltd.
09.2019 - 06.2020
  • Lead, collaborate, and work cooperatively with co-workers within the team to successfully plan, organize, coordinate, and complete all work related to audit engagements.
  • As a part of the Internal Audit Team, Responsible for Physical and environmental security.
  • Identify IT control weaknesses in processes by performing a Risk Assessment and documenting the findings.
  • Perform information security checklist tasks daily.
  • Determines the most effective way to protect computers, networks, software, data, and information systems against any possible attacks.

Information Security Consultant (Compliance and Risk Management)

Vanaps Consulting Pvt. Ltd.
10.2017 - 09.2019
  • Actively involved in understanding the business requirements and mapping the requirements of various standards (ISO 27001:2013), formulation of various information security policies and procedures with respect to the business requirements.
  • Contribute to the areas where there are needs for fine-tuning of the existing processes implemented in the ISMS/IT service management to streamline any gap in the process so that compliance with the respective standards & client satisfaction is ensured, client’s requirements are met, all regulatory, legal, contractual and statutory requirement are complied with and business grows.
  • Handled a team of consultants working on various client projects to ensure timely delivery of the deliverables to the clients as per the commitment.
  • Conducted security audits and Vulnerability assessments of IT infrastructure for Automotive, Event Management, Telecom, and Web hosting organizations.
  • Follows detailed project timelines and milestones; communicates deviations from timelines to management when identified.

Network Engineer - (Pteris Global, Project-Mumbai International Airport)

Netlink Systems and Solutions
08.2015 - 10.2017

L1 NOC Support Engineer (Support for Windows and Exchange Servers)

Zenith InfoTech Limited
03.2013 - 09.2014

Education

Bachelor of Science - I.T

Skills

Information Security

Governance

Risk Management

Compliance

Security Audits

ISO 27001:2013

ISO 27001:2022

SOC 2

GDPR

NIST SP 800-53

Third-Party Risk Management

TPRM Tools

LogicManager

ComplyScore

Coupa

MetricStream

ServiceNow

Audit Leadership

Compliance Leadership

Internal Audits

External Audits

Security Gap Identification

Corrective Action Plans

Regulatory Compliance

Security Controls

Risk Assessments

Remediation Strategies

Access Reviews

Gap Analysis

Data Protection Reviews

Policy Audits

Vulnerability Assessments

Nessus

Nexpose

Tenable SC

SanerNow

Wireshark

Nmap

Infrastructure Security

Network Device Configuration

Cisco L2/L3 Switches

Routers

ASA Firewalls

Security Awareness Programs

Technical Training

Project Management

Team Management

Stakeholder Management

Cross-Functional Collaboration

End-User Support

Tools Used

Nessus, Nexpose, Tenable SC, SanerNow, Wireshark, Nmap, Logic Manager, Coupa, ServiceNow, MetricStream, ComplyScore

Certification

ISO 27001:2013 Lead Auditor in-house training

Personal Information

  • Date of Birth: 06/06/85
  • Marital Status: Married

Skills Summary

Over 12 years of experience in IT and 7+ years in Information Security, specializing in Governance, Risk Management, Compliance (GRC), and security audits. Expertise includes ISO 27001:2013/2022, SOC 2, GDPR, and NIST SP 800-53 frameworks., Led and performed over 50+ vendor assessments for clients in the US across pharmaceutical, BFSI, and IT sectors. Hands-on with TPRM tools such as LogicManager, ComplyScore, Coupa, MetricStream, and ServiceNow., 5 years of experience as an ISO 27001:2022 Lead Auditor and SOC 2 assessor. Proficient in planning, executing, and reporting internal/external audits. Skilled in identifying security gaps, managing corrective action plans, and ensuring regulatory compliance., Implemented enterprise security controls, risk assessments, and remediation strategies aligned with business and regulatory needs. Conducted access reviews, gap analysis, data protection reviews, and policy audits., Practical knowledge of vulnerability assessments and tools including Nessus, Nexpose, Tenable SC, SanerNow, Wireshark, and Nmap. Strong foundation in infrastructure security and network device configuration (Cisco L2/L3 switches, routers, ASA firewalls)., Designed and delivered security awareness programs and technical training sessions for internal users, enhancing InfoSec maturity across departments., Led diverse teams across multiple client projects, ensuring on-time deliverables. Strong interpersonal skills with experience in stakeholder management, cross-functional collaboration, and end-user support.

Timeline

Risk Assessment Lead (TPRM)

Atlas Systems
02.2021 - Current

GRC Consultant at Client - IndiaFirst Life Insurance

Sequretek IT Solutions Pvt. Ltd.
09.2020 - 02.2021

InfoSec SPOC (Reliance JIO Telecom Contact Center)

ASM Enterprise Solutions Pvt. Ltd.
09.2019 - 06.2020

Information Security Consultant (Compliance and Risk Management)

Vanaps Consulting Pvt. Ltd.
10.2017 - 09.2019

Network Engineer - (Pteris Global, Project-Mumbai International Airport)

Netlink Systems and Solutions
08.2015 - 10.2017

L1 NOC Support Engineer (Support for Windows and Exchange Servers)

Zenith InfoTech Limited
03.2013 - 09.2014

Bachelor of Science - I.T

Similar Profiles

  • Gul KhatabGul Khatab

    Global Risk Lead for CTO Federated Risk & Controls at HSBC BANK USAGlobal Risk Lead for CTO Federated Risk & Controls at HSBC BANK USA

  • Isaac Barfi OpokuIsaac Barfi Opoku

    Lead Governance, Risk & Compliance (GRC) Analyst at The Central Bank of GhanaLead Governance, Risk & Compliance (GRC) Analyst at The Central Bank of Ghana

  • Srinivasan DamodharanSrinivasan Damodharan

    Risk & Compliance Lead at IBM/Kyndryl India Private LimitedRisk & Compliance Lead at IBM/Kyndryl India Private Limited

  • John CornwellJohn Cornwell

    Lead Security Governance Analyst, TPRM Manager at UPMCLead Security Governance Analyst, TPRM Manager at UPMC

CREATE PROFILE
Suraj Ramesh Pednekar