Resume

Sign in

Information Security Audit Manager

Location:
Malkajgiri, Telangana, India
Posted:
March 06, 2019

Contact this candidate

Resume:

GARIMELLA CHANDRASEKHAR SARMA

Professional Profile

A result oriented techno- functional professional with cumulative experience of 36 years including 26 years in IT/ IS Audit / Compliance/Investigation and 10 years in General Banking.

Expertise in Information System/ IT Audit/Change Management/ Security/ Risk Assurance audit planning and its execution, ensuring completion of Audits within time and cost budgeting, issuing audit reports as well as following up, rectification of deficiencies, on time.

Adept at conducting security risk assessment, risk management, vulnerability assessment, IS & security audits and developing & implementing security policies.

Knowledge of ISO 27001 standard on Information Security Management Systems (ISMS), ISO 9001 Standard.

Licensed Master Trainer of NASSCOM in Cyber Security Compliance audit.

Knowledge of Business Continuity and Disaster recovery

Excellent interpersonal, communication and organizational skills with demonstrated abilities in team management coupled with supervisory and leadership abilities.

Conducted Investigations in areas of banking frauds.

Conducted SOC2 assessments at Phoenix and Dallas US

Conducted SOC2 assessments in India

Trainings conducted in ISO 27001:2013 and ISO 9001:2015.

Knowledge of PCIDSS.COPC and GDPR,COSO ERM

Knowledge of SSAE 16 SOC1, SOC2, Sec 404 of SOX and HIPAA.

Academic Credentials

Certified fraud Examiner (CFE)

Certified Information Systems Auditor (CISA)

Certified in Risk and Information Systems Control (CRISC )

ISO 27001 ISMS Lead Auditor– Information Security Management System(ISMS)

ISO 9001 QMS Lead Auditor

Master of Philosophy - Management

Master Of Science - Psychology

Master Of Business Administration – Banking & Finance

Certified Associate of Indian Institute of Bankers (CAIIB) (specialized in banking)

Cisco certified Network Associate(CCNA 2005-08)

P G Diploma in Cyber Law

Pursuing PhD in Management Styles from CESS Hyderabad

Trained in Customer operations performance center (COPC)

AWS Solution Architect

COSOERM

NASSCOM Licensed Master trainer for Compliance/Information Security

Core Competencies

TECHNICAL

Platforms : UNIX, Windows 2003 server

DBMS : Oracle

Applications : MS Office

Computer skills : Use of SQL

Organisational Experience

Career Summary

Freelance Consultant - (Nov-16 -till date)

Consultancy for the implementation of Information Security Management Systems according to ISO/IEC 27001:2013

Assisting in Conducting of SOC1 and SOC2 Audits.

PECB empaneled Auditor for ISO 27001:2013.

Consultancy for the implementation of Quality Management Systems according to ISO 9001:2015

Consultancy for the compliance with Administrative Responsibility (similar to SOX) legal requirements

Assisted multiple external audit engagements and communicated improvements and corrective actions to senior leadership. Diligently monitored remediation plans

Guidance in Business continuity and Disaster recovery

coordinate all IT audits and review the implementation of the resulting regulatory requirements

defining measures relating to criticality and risk

Implementation of IT Audits across projects.

Training of Resources on ISO 27001

Proficient in establishing risk management standard and conducting risk assessments.

Conducted SOC2 assessments at Phoenix and Dallas US

Conducted SOC2 assessments in India

Conducted Training on Network Security Compliances to IT Professors of Mumbai, Shivaji University, Sona college of engineering salem and Sairam engineering college Chennai,

Vice President –Internal Audit/Compliance –QuisLex Legal Services at Hyderabad.

(Oct-13 - Nov-16)

QuisLex has nearly 1200 resources mostly are lawyers.

Responsible for:

To oversee and coach all personnel working in or under the direction of the Company’s internal audit function ensuring that assignments are adequately planned and performed in accordance with Internal Audit's procedures and standards.

Providing oversight and direct execution for developing and implementing department strategy, Project Audits, Operational Audits.

Oversees the Company’s Sarbanes-Oxley (SOX) assessment, including planning and organizing, testing, and reporting, and working with process owners to develop and implement remediation plans to address any control deficiencies.

Resource planning and management associated with the completion of scheduled internal audits and assigned special projects.

Prepares and updates a comprehensive risk-based audit plan for evaluating the effectiveness of controls in place to manage significant risk exposures and comply with the Company’s established internal controls.

Advising IT Dept on Regulatory requirements.

Conducted around 200 Internal Audits on ISO 27001 & ISO 9001 standards and the audits covered in the following departments:

Human Resources - recruitment, background verification, exits

Training

Information Technology - All controls of ISO 27001:2013 covered

Purchase and Finance

Administration, environment & facilities

Physical Security

Risk Assessments reviewed once in six months

Management review meetings every quarter numbering 12 MRMs

Projects/Operations of LPO(Legal Process Outsourcing)

a) Contracts

b) Litigation

c) Mergers & acquisitions

d) Billing

Business continuity and Disaster recovery

Conducted > 30 Induction/refresher trainings on ISO 27001:2013

Conducted 12 vendor audits who are suppliers to the company in different products/processes.

Conducted 5 Internal Auditor's training for the eligible resources on 27001 & 9001

Conducted upgradation training programs on 27001 & 9001 to all the internal auditor

Conducted a transition training on ISO 27001:2013 to TUV-SUD south asia Hyderabad clients for one day.

Implemented COPC standard across the organization.

Organize, direct and control the Internal Audit department and oversees and reviews the general performance of all audits including audit planning, preparation and review of programs, documentation and reports.

Manages/conducts follow-up on open Audit issues and action items to ensure timely closure of management action plans.

Conduct special investigations in coordination with Legal, Senior Management, External Auditors, and the Audit Committee in the area of fraud or misconduct.

Maintains confidentiality, independence, and objectivity in all assignments.

Provides guidance and support to business and functional units in the development, refinement and documentation of internal controls and business process improvements.

Coordinating in conduction of Business continuity plan testing and disaster recovery

Visited and Implemented ISO 27001:2013 & ISO 9001:2015 at our Chicago (USA) site

Oversees all the Certifications ISO 9001:2015, ISO 27001:2013, COPC, EU Safe Harbor, HIPAA, SSAE 16(SOC1, SOC2).

Lead Auditor – ISO 27001:2013 & ISO 9001:2008 ( Nov 2010 – Oct 2013) in the following Certification bodies.

a)Det Norske Veritas AS – 04th Jun 2012 to 04th Oct 2013 as Lead Auditor at Hyderabad

b)ControlCase India Pvt Ltd – 01st sep 2011 to 30th May 2012 as Senior Consultant/Group Head (LA ISO 27001, 9001) at Mumbai

c)TUV-SUD South Asia – 12th Nov 2010 to 26th Aug 2011 as Senior Manager (LA 27001 & 9001) at Mumbai

Responsible for :

Planning the audit and make effective use of resources during the audit.

Representing the audit team in communications with the audit client and auditee.

Organize and direct audit team members.

Providing direction and guidance to auditor-in-training.

Leading the audit team to reach the audit conclusions.

Adhering to the principles of auditing, like, ethical conduct, fair presentation, due professional care, independence, evidence based approach as given in IS/ISO 19011:2011.

Conducted ISO 27001:2013 and ISO 9001:2008 audits at countries like USA, Philippines, Qatar and India

Visited Dayton, Ohio, Manila Philippines conducting Datacenter Audit for ISMS certification.

Conducted ISMS audit at Doha, Qatar while I was in TUV-SUD.

Implemented ISO 27001:2013 and certified which is one of the earliest companies in India.

Qualified IRCA ISO 9001:2015 transition course conducted by DNV.

CANARA BANK INDIA (1979 - 2010)

Senior Manager - IS Audit (2006 – 2010)

Manager – IS Audit (2000-2006)

Officer - IT /IS Audit (1993 – 2000)

Officer – Banking (1989 - 1993)

Jr. Officer – Banking (1979 - 1989)

Personal Details

Address : Flat # 503, Manju Vigneswara Towers,Yadav Nagar

Malkajgiri, Hyderabad-500047-INDIA

Telephone : +91-984******* & +91-40-401*****

Date of Birth : August 12 1956

E-MAIL ADDRESS : ac8o0j@r.postjobfree.com

Holding US B1 VISA till 2022 & Canada VISA till 2019.

Additional Accomplishments:

President ISACA USA Hyderabad India Chapter

Vice President Association of Certified Fraud Examiners (ACFE USA) Hyderabad India Chapter



Contact this candidate