Information Security Analyst
Resume:
Ravi Prakash Vaddepalli
Information Security Analyst
425-***-**** *******@*****.*** https://www.linkedin.com/in/raviprakash-vaddepalli-48750318/
Summary :
Over 15 years of expertise in providing leadership to all IT GRC processes, including Data Privacy, Information security & Governance Risk and Compliance.
Certified in ISO27001 & ISO27017 Cloud security, provides independent assurance over the adequacy, appropriateness, and effectiveness of the IT internal control environment, & compliance with policies, procedures & regulatory requirements.
Expertise in managing various compliance requirements that include but are not limited to Data Privacy, PCI DSS, GDPR, CCPA, ISO, NIST, HIPAA, and Internal/External Audits; interfaced with the external auditors to provide the most benefit to the organization
Experience in security frameworks CIS, NIST CSF, ISO, COBIT, OWASP Top 10.
Expertise in governance, risk and compliance (GRC) directed reporting to senior management, the Board and Risk Management Committees, regulators, and provided leadership to routinely drive change to effectively manage risks controls, systems, and processes across the organization.
Expertise in Develop, Review and Enhance security policies based on NIST, ISO, Frameworks, Conducted Risk and Control Self-Assessment (RCSA) for applications and infrastructures.
Experience in Cybersecurity Program & Project Management.
Expertise in conducting privacy impact assessments when PII is involved.
Experience in Security Monitoring tools like SIEM and troubleshooting.
Experience in Security Operations, Implement and test firewalls, Managing IDS and IPS.
Experience in SOC operations and compliance, and SOC1 & SOC2 assessments.
Experience in DevSecOps, Operations and security compliance.
Leads the analysis and evaluation of technology-driven business processes and controls within the organization to create risk-based audit programs and testing methodologies (ITGC, GRC) to evaluate the adequacy of controls
Managed day-to-day operational risk management activities such as risk and controls assessments, incident capture and analysis, and scenario analysis and planning
Defined the risk management framework for the department and ensured that the highest level of quality was maintained; led and supported efforts to identify and mitigate risk, within assigned areas of responsibility
Technical Skills :
GRC
RSA Archer, BWise, IBM Openpages, Allgress, Risk Recon,
Ticketing Tools
Maximo, SharePoint, ServiceNow,
Technologies,
Database, Infrastructure, On-premise & Cloud, application security, cloud security, AWS, VPC, EC2, Lambda. Azure. SIEM,
Other Technical skills
SQL, Java, Database management, SDLC, Networking
Certifications
ITIL Foundation v3 – Certified (2014)
ISO27001 From BSI – Certified (2017)
CISM from ISACA – Training (2022)
ISO27017 – Certified (2023)
CCPA – Training (2020)
Azure Fundamentals – (2023)
Professional experience
Company: Novartis Healthcare Pvt Ltd Dec ’23 – June’ 24
Role: Security Expert
Description:
Novartis Healthcare private ltd. is leading pharmaceutical company in the world, Novartis produces innovative medicines and research in drugs. I was Business information security expert, Assessing Novartis applications and infrastructures for security compliance based on Legal and Regulatory requirements for IT and Pharma Industries.
Responsibilities:
Coordinated and facilitated internal (ISO 27001 Audits) and external audits; followed-up on audit issues responses, action plans & remediation.
Understand and analyze the Quotes and Opportunity information and determine the impact of new implementation on existing business processes.
Security assessments for new and upgrading projects to identify security gaps and suggest recommendations utilizing NIST 800-53 and conduct the risk assessments with NIST 800-30.
AWS Network and Security Assessments using EC2, VPC, Remediation validation using AWS Lambda.
Take lead on vulnerabilities and issues, work with business and application owners to fix them on time. Evaluating SOC2 documents for third party applications and mitigations.
Involved in major leadership decisions in security exceptions, reviewing and updating Information Security Policies and procedures, SOPs Standard Operating Procedures.
Suggest security enhancements and project governance & Operation.
Environments: AWS Cloud, Sentinel, Archer, Azure Cloud platform, On premise infrastructure and applications
Client: Capgemini Jan ’21 - Nov ’23
Role: Security Architect
Project: Heathrow Airport
Description:
Heathrow is one of the leading airports in the world, My role was to assist in security assessments for the applications and infrastructure within Heathrow not limited to review and approve security assessments, Data privacy, GDPR, PCI-DSS, and other Local, Federal & Legal requirements
Responsibilities:
Coordinated and facilitated internal (ISO 27001 Audits) and external audits; followed-up on audit issues responses, action plans & remediation
Conducting Cyber Security Impact Assessments on various applications and infrastructure within Heathrow based on NIST, ISO & COBIT Frameworks
Conducting Business Impact Assessments (BIA) for business-critical systems and providing ratings for the applications.
Conducting firewall reviews and managing IDS and IPS within security operation center.
Conducting TPRM for the vendors and applications who provide services to Heathrow and validate SOC1 & SOC2 reports for security vulnerabilities. Conducting Security awareness trainings for team on SOC1 & SOC2 compliance
Conducting internal controls testing to ensure they meet SOC1 and SOC2
Conducting Information security awareness training to technical staff on compliance requirements.
Ensuring compliance with GDPR privacy regulations and SOC2 privacy criteria.
Define Scope of penetration testing and validating the results based on the reports
Assessing cloud infrastructure application on data hosting and migrations. CAIQ – Cloud security questionnaire assessments
Performed risk assessments for the applications dealing with payment card details based on regulatory requirements PCI-DSS.
Conducting Data Privacy Impact Assessments (DPIA) on Applications carrying out PII.
Evaluate the data flow diagrams and architecture documents, Detailed design document and conceptual design documents.
Ensuring compliance with GDPR privacy regulations and SOC2 privacy criteria.
Environments: Azure Data Factory, AWS, EC2, VPC & Azure data bases, SharePoint, Tenable, Nessus,
Client: PWC Acceleration Center May ’18 – Aug ’20
Role: Security Lead
Project: Mitsubishi UFJ Financial Group
Description:
Responsibilities:
Data Privacy (GDPR & CCPA) Compliance
PCI Compliance – PCI Assessments, Requirement evidence gap analysis
Application & Infrastructure risk assessments – New Asset Certification
Performed gap assessments with standard requirements NIST 800-53, 800-37, 800-30.
Risk & Controls Self-Assessment on IT General Controls and Risk Management
QA of Risk, Threat & Controls, Control Design Quality Analysis, Control Implementation, Control – Risk Mapping Quality check
Performed Physical Security audits using Genetec Security solutions. Validating and updating physical security controls.
Conducting cloud security assessments on AWS & Azure.
Conduct risk assessments based on security frameworks CIS, NIST 800-30, & COBIT.
Data Privacy Requirements, Data Survey interviews, Data Discovery, Data lifecycle management, Data flow maps,
Perform assessment and prepare ROC report on 12 PCI-DSS Controls with V3.2
Perform Gap Analysis and prepare policy documents.
Co-ordinate with Process Owners & Control Owners towards design, implement and testing of the controls, and remediation of control design, Risk and control mapping,
Used GRC Tools for risk management, Open pages, Bwise, Archer.
Environments, AWS, SharePoint, Tenable, Nessus
Client: Lead IT India Pvt Ltd July ’17 – Mar ’18
Role: Sr Risk Management Consultant
Project: Honeywell
Description:
Honeywell Aerospace Technologies is a manufacturer of aircraft engines and avionics. My role was to mange the risks with in the applications, database and servers with regulatory and legal compliance.
Responsibilities:
Coordinated and facilitated internal (ISO 27001 Audits) and external audits; followed-up on audit issues responses, action plans & remediation
Monitored risk assessments, vulnerability assessments and risk-based security reviews / audit were conducted periodically for applications, databases, operating systems and network devices
Utilized a remediation program that reduced findings from Penetration Testing and Security Assessments (Network, Database, Web Application and Servers)
Administered Access Permissions and Asset Management, their analysis planning, & coordination
Promoted information security culture by creating awareness using different modes (workshops, emails, portal articles) of training & awareness sessions
Performing ITGC testing for the applications and preparing TOD & TOE along with work papers.
Designed and implemented security controls, procedures and standards, Information Security (IS) structure, especially regarding logging of security events and the security risk mitigation controls
Consistent and value-driven performance led to numerous appreciations from US based clients & customers
Performed security risk assessment/analysis & recommended mitigation through appropriate controls, both in projects and for existing assets
Client: Invesco Ltd Sep ’16 – July ’17
Role: Advance Risk Analyst
Project: Invesco
Description:
Invesco Ltd. is an American independent investment management company that is headquartered in Atlanta, Georgia, I was conducting the risk assessments and audits for the organizations.
Responsibilities:
Executed and documented SOX Compliance and regulatory reporting controls testing throughout the organization including documentation of processes & controls and evaluation of control design and operating effectiveness
Assessed and implemented Information and Technology (IT) / Information Security (IS) Governance best practices, recommendations & Industry Information Security (IS) requirements
Performed security risk assessment/analysis & recommended mitigation through appropriate controls, both in projects and for existing assets.
Consistent and value-driven performance led to numerous appreciations from US based clients & customers
Performed security risk assessment/analysis & recommended mitigation through appropriate controls, both in projects and for existing assets
Client: IBM India Pvt Ltd Mar ’11 – Sep ’16
Role: Information security analyst, Sr operational professional.
Project: Statestreet Bank, Morgan Stanley, Molina Healthcare, BHP Billiton, Hartford, Telstra
Description:
State Street Corporation, is a global financial services and bank holding company headquartered at One Congress Street in Boston with operations worldwide, I was managing security compliance for the system
Morgan Stanley is an American multinational investment bank and financial services company I was doing the NAC ( New Asset Certification) finding and fixing the security issues before onboarding
Molina Healthcare, Inc. is a managed care company headquartered in Long Beach, California, United States. I was Auditing the company for local, Federal and Legal regulatory requirements.
Responsibilities:
Conducted ITGC Testing on applications and infrastructures and successfully managed multiple countries transition and transformation projects across Peru, Chile, Colombia & Brazil for cybersecurity assessments.
Conducted System security checks for Unix & Wintel systems based on industry best security standards.
Lead the Change Authorization Board in managing the changes on systems.
Coordinated and facilitated KCO, SSAE16, CTP, SOX and PWC audits with zero defects.
Appreciated by Audit Committee members and Higher Management of audited companies for probative engagement in resolving an issue on a RED account during the corporate audit
Established Security Delivery Metrics to enhanced visibility of security performance at Global Delivery Centers
Implemented security controls for clients based on security requirements.
Defined and created process metrics for the new process "In Security Health Checking" for preventive monitoring and effective capacity planning as per client needs
Environments: Unix, Wintel, Microsoft power point, Excel, VLOOKUP, HLOOKUP,
Client: C R INFOTECH Private Limited Sep ’08 – Feb’11
Role: IT Associate
Projects: Walmart, Irving oil,
Description:
Walmart Inc. is an American multinational retail corporation that operates a chain of hypermarkets, discount department stores, and grocery stores in the United States,
Responsibilities:
Performed system security patch evaluation and follow up on fixing.
Co-ordinated with System admin experts on latest released Microsoft TechNet patches and evaluated for applicability and helped in pushing the patches through Qualys guard.
Conducted System security checks for Unix & Wintel systems based on industry best security standards.
Performed system access control testing through IBM endpoint manager tool and identified vulnerabilities.
Co-ordinated with change authorization board team in fixing the pending vulnerabilities.
Helped admins in fixing the system access control vulnerabilities like password complexity criteria
Prepared dashboards on patch and system access control findings and presented to management on compliance.
Involved in internal audits and conducted Access, Change, Incident, Backup control testing.
Education
Course
College
Year
Masters in Computer Applications (MCA)
St Martin’s PG College, Osmania University, Hyderabad, India
2005-2008
Bachelors in Computer Applications
From Kakatiya University, India
2002- 2008
Contact this candidate