Information Security Manager

RAJU S. PUSAPATI

Franklin, TN ***** 615-***-**** ****.********@*****.*** www.Linkedin.com/in/rajupusapati

Information Security Risk & Compliance Manager

Highly skilled manager with over 12 years of progressive experience in Information Security Governance, Risk & Compliance Program Management, and 11 Years of IT technical project planning, execution, monitoring and, resource balancing skills with the ability to support multiple simultaneous projects. Expert in accomplishing continuous improvements and program maturity in information security management systems with a strong attention to detail. Demonstrated ability to problem solving, provide consistent high-quality results, manage teams, manage programs, and committed to creating best practices. Performed regulatory compliance reviews for more than 600 Information security controls and improved the quality of IT controls that impact information security audits and assessments.

PROFESSIONAL CERTIFICATIONS (Active)

CISSP (2010) CISA (2010) CISM (2010) CRISC (2010) CIPT (2018) CSSLP (2008) PMP (2006) ITIL MS Project: Managing Projects (2012) Project + (2009)

CORE COMPETENCIES

Information security program management IT service management IT project management using project management methodologies, standards and, best practices Information systems security policies, standards and, best practices Risk analysis and management Information systems audits management and compliance Cybersecurity Laws and Regulations US Privacy Laws & Regulatory Compliance International Privacy Laws and Regulations Information Security Governance, and Frameworks: COSO COBIT FIPS NIST Standards and Special Publications SOC 2 SOC 2+ External Audits Management ISO 27001-2 HIPAA HITRUST SOX IT Controls PCI-DSS CIS Controls OWASP Security Controls Security Control Remediation Maturity Improvements Security Configurations Program Management Program Reporting

RELEVANT EXPERIENCE

Deloitte, Hermitage, TN (August 2017 – August 2020)

Cybersecurity Risk, Compliance Program Coordinator/Manager

Reviewed, enhanced, and updated over 30 cyber security policies and more than 200 internal IT controls aligned with ISO 27001, NIST, and SOC 2 standards and specifications. Supported enterprise security governance and compliance program covering US and India operations. Analyzed FIPS and state information security and privacy laws, and increased awareness among more than 50 security teams and more than 100,000 stakeholders. Worked with legal and national information security leadership and drafted over 50 information security policies and procedures.

Reviewed, updated, and communicated more than 50 enterprise information security policies, procedures, and standards to more than 100,000 stakeholders. Monitored for compliance.

Analyzed and monitored enterprise Integrated Controls Library ICL consisted of more than 1200 controls and updated with relevant SOC 2, ISO 27001/2, Cloud, HIPAA/HITRUST, SOX IT, PCI-DSS, and NIST controls. Researched and improved control descriptions and ensured compliance.

Identified system components for risk assessments, conducted risk analysis and implemented enterprise security risk assessment frameworks and methodologies including FedRAMP, and RMF. Achieved in presenting the risk results of more than 200 security controls for mitigation that impacts the enterprise information security effecting more than 100000 stakeholders

Managed 10 external audits out of a portfolio of 35 projects. Coordinated with legal, enterprise risk, controls owners and leadership to initiate the audit engagement. Reviewed and finalized information systems audit scope and assisted and finalized the security control objectives, and description. Assisted in artifacts gathering and reviewed for relevancy, accuracy, and completeness. Managed schedules and more than 20 technical teams and ensured timely completion of tasks. Negotiated and collaborated with more than 50 subject-matter experts, and business engagement teams and ensured contractual and service-level agreements are met. Accomplished and presented 10 SOC2 reports every year on time and in-compliance with relevant information security standards to gain the competitive advantage for the business units.

Supported more than 50 business units and 50 control owners with standardized information gathering (SIG) and provided accurate information on enterprise security posture, policies, standards, and procedures.

Managed more than 30 simultaneous control remediation projects and tasks. Helped in identifying gaps in security controls effectiveness. Increased controls maturity, helped in achieving compliance, and minimized the risk to more than 50 security controls that impacts enterprise security posture.

State of Tennessee, Nashville, TN (August 2000 – July 2017)

Information Security Program Coordinator / Process Manager

Reviewed and developed more than 40 enterprise information systems security standards, procedures, and guidelines for the development of information systems security policies. Worked with the office of general counsel and ensured legal and regulatory compliance for security policies, and procedures.

Drafted disaster recovery and business continuity policies and submitted to highest level of management for approval. Managed and spearheaded disaster recovery project and created plans, procedures, guidelines. Implemented BC / DR efforts and supported in achieving required recovery and resilience of information systems that impacts more than million users.

Managed over 10 project teams, worked on project initiation, created project charter / statement of work, project plans, and security policies and frameworks. Developed project scope statements, project management plans, work breakdown structures, activity definitions and schedules. Assigned project tasks and work packages.

Developed communication plans, negotiated, and resolved issues.

Achieved collaboration between 10 project team and more than 200 stakeholders.

Created more than 100 status reports to management, and stakeholders every year. Provided advice, and technical assistance to management and 10 project teams in successful completion of projects on time and budget.

EDUCATION

Regent University, Virginia Beach, VA, USA.

LLM Master of Laws (including Cybersecurity, and Privacy Laws) (2020)

Austin Peay State University, Clarksville, TN, USA

MS Master of Science in Leadership (Strategic Leadership) (2019)

Acharya Nagarjuna University, Guntur, India

MBA Master of Business Administration (1993)

Contact this candidate