Surya Teja

Develop and Implement: Security Policies Risk Management; Security Awareness Training Incident Response Compliance and Auditing Security Infrastructure Management Vendor and Third-Party Management Security Awareness Training Management Reporting

• Cloud Governance (Infrastructure & App Security): Coordinated internal and external security audits to maintain compliance and improve security posture by performing VAPT Audits, Network Security Audits, Cloud Security (Infrastructure and App Integrity), Role-Based-Access Control ( RBAC ) Audits, Privileged Access Management / Privileged Identity Management ( PAM / PIM ) Audits. Just-in-Time Access ( JIT ) Audits.
• Improved Compliance Score using Scrut.io , providing a real-time compliance dashboard to track adherence to multiple regulatory frameworks and organizational policies. Ensured compliance with relevant laws, regulations, and standards (e.g., GDPR , HIPAA , SOC 2 Type 2 , ISO 27001 ).
• Enhanced Cloud Security Posture by implementing cloud governance policies through Azure Defender for Cloud ( MDFC ) and Native Cloud Security Posture Management ( CSPM ) leading to continuous security assessments and actionable recommendations and keeping the compliance score on and above 85% .
• Increased Microsoft Cloud Security Benchmark Score by assessing and mitigating security gaps using Azure Defender for Cloud , ensuring compliance with Microsoft's Cloud Security Benchmark.
• Elevated IT Security Secure Score by utilizing Microsoft Defender Suite (MDE, MDI, Data, Apps) to evaluate and improve the security state of IT infrastructure, applications, and data.
• Leveraged Cyber Threat Intelligence platforms like Security Scorecard , Blackkite.com and Falconfeeds.io to anticipate and mitigate security threats through risk ratings, Supply chain risk and cyber risk scores.
• Enhanced Security Awareness among employees by deploying Microsoft Attack Simulation Training , simulating phishing attacks to assess and improve response capabilities.
• Promoted a culture of security consciousness throughout the organization by publishing Security Newsletters that provides awareness.
• Reduced Security Incidents by increasing employee awareness and response to security threats. Maintained detailed records of all incidents.
• Streamlined Incident Detection and Response using Microsoft Defender Endpoint (MDE) and Sentinel , enabling real-time investigation and automated workflows.
• Led investigations and responses to security breaches or incidents , minimizing impact and recovery time. Conducted Digital Forensics using tools like Autopsy and Any.Run for post-incident analysis, root cause identification, and evidence collection in cyber incidents.
• Business Continuity Plans and Disaster Recovery plans: Led cross-departmental initiatives to develop and implement comprehensive emergency preparedness plans, enhancing overall organizational resilience. Developed and maintained an incident response (IR) plan and Disaster Recovery Plan to efficiently address security incidents.
• Ensured Data Protection and Compliance with Microsoft Purview , monitoring and safeguarding sensitive data across environments to prevent unauthorized access or leakage.
• Managed Vendor Risk through Scrut.io , assessing risks posed by third-party vendors and mitigating potential vulnerabilities in the vendor ecosystem.
• Optimized Update Management using Azure Update Manager/EPC , automating patching for cloud and on-premises environments to maintain security and compliance.
• Maintained SecOps Field Manual via Atlassian, Microsoft Learn, or SharePoint , centralizing security operations guidelines and best practices for team knowledge sharing.
• Assessed and Mitigated Vendor Risks using Scrut.io , ensuring third-party compliance with organizational security standards.
• Negotiated Security Terms in vendor contracts to align with company policies and regulatory requirements.
• Monitored Security Requests Cycle Time with Jira , tracking and optimizing the time taken to complete security-related requests, improving service delivery efficiency at keeping the SLA to 99.9% .
• Presented Regular Reports on the status of information security programs to senior management, providing insights and proactive measures against the latest security threats.
• Also, Including all my responsibilities as Information Security Administrator.

Quantify Achievements:

• Reduced security incidents by 67% through enhanced policies and training.
• Managed a budget of $175,000 for security infrastructure improvements.
• Increased employee security compliance rates by 55% through engaging training initiatives.
• Designed and delivered quarterly security awareness training programs for 200+ employees.

• Optimized antivirus software deployment across all endpoints, reducing infection rates significantly over time.
• Worked closely with legal department to ensure adherence to data protection regulations in cross-border data transfers.
• Handled day-to-day security alerts flagged from Azure ( Microsoft Defender for Cloud ) and Microsoft Defender Endpoint.
• Ensured the environment was compliant with HIPAA, SOC2, GDPR, ISO 27001:2013, NIST SP 800-53 R5 , and other relevant standards.
• Conducted audits focused on applications, logs, AD objects, services, and backups on a weekly, monthly, bi-annual, and annual basis.
• Proactively worked on recommendations from Microsoft, Tenable, and Qualys to ensure machines in the environment were not vulnerable to zero-day exploits or major vulnerabilities.
• Enhanced network security by implementing robust firewall configurations and intrusion detection systems.
• Developed tailored incident response playbooks based on different threat scenarios, facilitating faster resolution times when faced with real-world events.
• Encouraged end-users to actively train on compliance with HIPAA , GDPR , and handling PHI, and PII by leveraging the platform Knowbe4.
• Pushed automation scripts via RMM tools like ManageEngine' s Endpoint Central to deploy patches, registry key modifications, and control peripherals .
• Managed appropriate end-user machine settings through Microsoft 365 Defender via Endpoint Manager Portal (Intune) over on-prem AD and Azure AD (Entra ID)-joined machines.
• Collaborated with the development team to address potential vulnerabilities and ensuring they were fixed before rolling out patch updates on internally developed products.
• Mitigated potential threats by continuously monitoring system logs and identifying unusual activity patterns .
• Wrote strategic business plans outlining need for departmental information technology resources.
• Implemented OS hardening policies by actively pushing them via Microsoft Endpoint Manager (Intune) .
• Performed assessments on potential vulnerabilities faced by customers' AppServer and addressed them with IT Ops by leveraging the Azure Secure Score platform, while keeping regulatory compliance scores such as SOC2, SOC TSP, HIPAA, ISO 27001:2013, and NIST SP 800-53 R5 .
• Implemented multi-factor authentication measures, adding an extra layer of security to protect company resources from unauthorized access attempts.
• Supported continuous improvement initiatives by staying up-to-date on emerging threats, trends, technologies, and best practices within the cybersecurity landscape.
• Conducted vendor assessments to evaluate their security posture before introducing their services into the environment, and worked closely with the legal department to review contracts for NDA, Terms of Use, and Privacy Policies

• Resolved escalated help desk tickets promptly, providing high-quality support to end users experiencing technical issues.
• Assisted in the onboarding process of new employees by setting up workstations, provisioning accounts, and providing initial IT training as necessary.
• Delivered Tier 2 and Tier 3 support for problem identification, diagnosis and issue resolution.
• Tested software remotely and onsite for server sets to maintain operational readiness.
• Spearheaded inventory control measures to replenish and maintain IT equipment.
• Enhanced system security with regular patch updates and vulnerability assessments.
• Conducted regular audits of user accounts and access permissions, maintaining compliance with regulatory standards and organizational policies.
• Implemented backup solutions, ensuring data integrity and availability in the event of a disaster or system failure.
• Maintained detailed documentation of network configurations, protocols, and procedures for efficient troubleshooting and information sharing among colleagues.
• Collaborated with IT team members to develop comprehensive disaster recovery plans, enhancing business continuity efforts.
• Managed vendor relationships effectively to ensure timely delivery of hardware/software products while staying within budget constraints.
• Supported remote workforce needs by configuring secure VPN connections enabling them to access critical resources from any location.
• Ensured optimal server uptime, monitoring system health and performing routine maintenance.
• Proactively identified areas for improvement in the IT infrastructure, recommending appropriate technology solutions to boost productivity and performance levels.
• Increased network stability by proactively analyzing performance metrics and addressing potential bottlenecks before they impacted users'' experience.
• Led large-scale infrastructure projects to successful completion, coordinating resources across departments for seamless integration into existing systems environments.
• Ensured compliance with industry regulations, meticulously documenting IT processes and controls.
• Reduced help desk tickets, proactively addressing recurring issues and implementing long-term solutions.
• Streamlined data backup processes, significantly reducing potential downtime during system failures.
• Facilitated seamless migration of company data to cloud-based storage solutions, ensuring flexibility and scalability.
• Led server infrastructure development, quality assurance, staging and production systems.

• Resolved escalated help desk tickets promptly, providing high-quality support to end users experiencing technical issues.
• Assisted in the onboarding process of new employees by setting up workstations, provisioning accounts, and providing initial IT training as necessary.
• Delivered Tier 2 and Tier 3 support for problem identification, diagnosis and issue resolution.
• Tested software remotely and onsite for server sets to maintain operational readiness.
• Enhanced system security with regular patch updates and vulnerability assessments.
• Contributed to development, administration and testing of disaster recovery plans.
• Improved system performance by implementing server upgrades and hardware replacements.
• Developed internal training materials aimed at improving department''s overall knowledge base and reducing the learning curve for new hires.
• Orchestrated integration and communication of software upgrades.
• Increased team productivity by automating routine tasks, allowing more focus on strategic projects.

• Responded to support requests from end-users and patiently walked individuals through basic troubleshooting tasks.
• Conducted root cause analysis of technical issues, implementing preventive measures for future occurrences.
• Provided remote assistance to clients, ensuring timely resolution of software and hardware concerns.
• Enhanced customer satisfaction by resolving complex technical issues promptly and effectively.
• Performed root cause analysis of reported issues to enact corrections.
• Managed multiple concurrent support cases with precision and focus, resulting in a high rate of case closure within target timelines.
• Served as an escalation point for challenging technical inquiries, demonstrating expertise in product knowledge and problem-solving abilities.
• Worked directly with clients in rollout and post-rollout stages to train and support new applications and systems.
• Developed comprehensive troubleshooting guides for internal use, improving team knowledge and performance.
• Delivered Tier-3 support and SME input to internal and external customers.
• Developed and maintained technical documentation, aiding in quicker onboarding of new team members and serving as reference tool.
• Optimized network performance, regularly monitoring and adjusting configurations to meet changing demands.
• Spearheaded creation of knowledge base, facilitating quicker resolution of common issues by both support staff and users.
• Empowered users by conducting workshops on best practices for software and hardware maintenance.
• Streamlined helpdesk response times, implementing new ticketing system that prioritized urgent queries.

Client: Wipro Limited and Sub-Client: HDFC Bank.

• Installed new or upgraded hardware and software and coordinated installation and follow-up with user to achieve customer satisfaction.
• Configured hardware, devices, and software to set up work stations for employees.
• Enhanced system performance by troubleshooting and resolving software, hardware, and network issues.
• Improved help desk ticket resolution times through diligent prioritization of requests based on urgency level.
• Troubleshot potential problems and eliminated before issues escalated or cascaded.
• Provided comprehensive technical support for users, addressing various issues related to computer systems, peripherals, and applications.
• Analyzed issues to identify troubleshooting methods needed for quick remediation.
• Relocated and configured desktop computer devices and phones to facilitate office moves and new employee workstations.
• Removed malware, ransomware, and other threats from laptops and desktop systems.
• Walked individuals through basic troubleshooting tasks.
• Documented support interactions for future reference.
• Coordinated with vendors on warranty claims for faulty equipment, reducing costs associated with repairs or replacements.
• Enhanced team collaboration by setting up efficient communication systems and tools.
• Installed and configured computer systems and applications, leading to smoother operations.
• Participated in regular team meetings to review support logs, identify recurring issues, and develop targeted solutions.
• Developed strong relationships with vendors, ensuring prompt response times when addressing hardware or software concerns.

• Facilitated smooth system migrations with minimal disruption to business operations, carefully planning and executing each phase of the project.
• Enhanced data security with regular system backups and encryption protocols.
• Streamlined workflows for improved productivity through process automation.
• Maximized system efficiency by implementing updated software and hardware solutions.
• Optimized IT infrastructure by designing and deploying scalable network systems.
• Boosted end-user satisfaction through timely resolution of technical support requests.