GRC & Privacy Analyst
Resume:
Niharika Kaparaboina
GRC & Privacy Analyst
*********@*****.*** • 341-***-****
LinkedIn • San Fransisco Bay Area, California
Accomplished GRC & Privacy Analyst III with 5+ years of proven success in optimizing data protection and privacy compliance across complex technology landscapes, consistently ensuring adherence to stringent regulatory frameworks Expert in conducting Risk Assessments, developing policies in line with international regulations, and leading incident analysis to safeguard against data breaches. Proven track record in developing strategic solutions to enhance data privacy & security. Proven ability to strategize and implement controls that significantly improve security postures, ensuring a resilient defense against evolving cyber threats. Adept at cross-functional collaboration, gap analysis, internal auditing, and incident management. Areas of Expertise
● Project Management
● Data Protection & Privacy Compliance
● Incident Analysis & Response
● Cross-functional Collaboration
● Security Awareness Training
● Compliance Audits and Assessments
● Cybersecurity Risk Assessments
● Risk Assessment & Mitigation
● Policy Development
Technical Skills
Security and Compliance: ISO 27001 Implementation, AWS Cloud Security, Azure Security Management, FAIR Risk Analysis Privacy and Data Protection: OneTrust Tool, Data Subjects Rights Management, Tracking Technologies (Cookies, Pixels, Tags), Responsible AI/ML
Risk Management and Analysis: Risk Analysis & DPIA, NIST CSF, Business Impact Analysis, Third Party Risk Management, ISO 31000, ISO 27005
General IT and Project Management: Jira, Backup Management, Access Management, SDLC, Cross-functional Team Collaboration, Designing Policies standards & Procedures, SOX Compliance Professional Experience
Expedia, Bengaluru, India
Privacy Analyst III
December 2023 — May 2024
Conduct Privacy Impact Assessments for Expedia's diverse products and initiatives, focusing on identifying and mitigating inherent risks. Develop and maintain policies and standards to safeguard company assets, ensuring alignment with data protection laws and industry regulations. Facilitate compliance audits and assessments, including SOC 2 and third-party evaluations, by coordinating activities and tracking evidence. Assist in operations for Tracking Technologies, collaborating with engineering and marketing teams, and analyze security incidents and phishing alerts as first responder. Work with cross-functional teams to integrate privacy considerations into business processes, and provide guidance on privacy technology for new feature development.
• Assisted in development of privacy policy that aligned with international data protection regulations, reducing potential legal risks and enhancing company's reputation.
• Conducted awareness campaigns on Data Privacy across Expedia, raising employee understanding and commitment to privacy standards.
• Implemented OneTrust and BigID for data mapping, discovery, and privacy impact assessments, strengthening Expedia's Page 2 3
privacy program.
• Ensured adherence to data protection laws, industry regulations, standards, and legal requirements, including GDPR, CPRA, CCPA, PCI-DSS, ISO 27001, PIMS, and NIST.
• Developed strategy for privacy technologies and advised engineers and marketing leaders on optimal privacy solutions for new feature development.
• Conducted in-depth self-evaluation of privacy program, aligning with NIST standards to ensure rigorous assessment and industry best practice alignment.
• Produced concise assessment summaries detailing critical safeguards, pinpointing risk areas, and establishing comprehensive risk ratings for each evaluation.
IBM, Bengaluru, India
Account Privacy & Security Manager
November 2022 — December 2023
Conducted thorough Privacy & security assessments to pinpoint vulnerabilities and devise effective risk mitigation strategies, safeguarding sensitive data and systems. Conducted comprehensive Information Security assessments encompassing User Access management, Network, OS & Application Security, Encryption, Backup Management, Disaster Recovery, Physical Security, and Training & Awareness. Assisted Legal team in refining Third-Party Risk Management and vendor management frameworks to enhance security and compliance measures. Coordinated with global clients to interpret and enforce data protection laws, ensuring compliance with international privacy standards. Contributed to formulation and execution of incident response plans, minimizing impact of security breaches and ensuring uninterrupted business operations.
• Updated and enhanced System Security Plan (SSP) and Plan of Actions and Milestones (POAM), adjusting to evolving compliance mandates such as CPRA, GDPR, FED RAMP, HIPPA, NIST 800-171, and NIST 800-53.
• Prepared business units for comprehensive internal and external audits, encompassing corporate, BCR,SOX, ISO 27001, and PIMS audits, maintaining strict adherence to industry standards and regulatory requirements.
• Led ISO 27001 & PIMS surveillance and recertification audits, earning "Spot Recognition Award" for achieving flawless compliance with zero nonconformities.
• Developed and delivered training programs on security awareness and best practices, fostering culture of heightened security consciousness throughout organization.
• Teamed up with cross-functional groups to deploy robust security controls, ensuring alignment with GDPR, CCPA, and other pertinent industry regulations, thereby promoting secure client environment. IBM, Bengaluru, India
Data Security & Privacy Consultant
June 2019 — November 2022
Monitored and analyzed advanced threat events using Security Incident and Event Management (SIEM), User Behavior Analytics
(UBA), and Endpoint Detection Response (EDR) toolsets and event logs, identifying security indicators of compromise, attacks, and threats for remediation or suppression. Evaluated IT general controls and identified risks from various audits, prioritizing mitigation plans and ensuring adherence to industry standards. Conducted root cause analysis on identified risk events, recommending improvements that enhanced security measures and reduced vulnerabilities.
• Collaborated with stakeholders to implement effective risk management and mitigation strategies, promoting culture of Privacy & security awareness throughout organization.
• Validated network, wireless, and firewall security systems through comprehensive reviews and policy assessments.
• Implemented Risk Management Framework to bolster frontline risk mitigation capabilities, safeguarding sensitive data and systems from potential threats.
• Enhanced client security through utilization of AWS and GitHub Actions for security automation and compliance monitoring. UST Global, Trivendrum, India April 2017 — June 2017 Page 3 3
Internal Auditor Intern
Constructed and upheld audit plan, guaranteeing thorough evaluation of organization’s security posture. Verified artifacts and enhanced information security compliance landscape, pinpointing areas for enhancement and implementing robust security measures. Orchestrated and promoted understanding and implementation of operational risk throughout organization, cultivating culture of heightened security awareness. Assessed IT general controls according to project specifications, ensuring compliance with industry standards and regulations.
• Collaborated with stakeholders to implement effective risk management and mitigation strategies, promoting culture of Privacy & security awareness throughout organization.
• Validated network, wireless, and firewall security systems through comprehensive reviews and policy assessments.
• Implemented Risk Management Framework to bolster frontline risk mitigation capabilities, safeguarding sensitive data and systems from potential threats.
• Enhanced client security through utilization of AWS and GitHub Actions for security automation and compliance monitoring. Education
Bachelor of Technology in Electronics and Communication Engineering Kakatiya University
Master of Business Administration in Information Technology Business Management Symbiosis International University
Certifications
Certified Information Systems Auditor (CISA),2023
AZ 900, 2023
ISO27001, LA IRCA Accreditation, 2022
AWS Cloud Practitioner, 2022
Contact this candidate