Security Analyst Information

Sanjay Reddy Javidi

Governance, Risk, and Compliance (GRC) Specialist

832-***-**** # *****************@*****.*** ï linkedin.com/in/sanjayreddyj Summary

Information Security Analyst with 4 years of hands-on experience in compliance, risk management, and cybersecurity operations. Specialized in audit management, penetration testing, IAM, SIEM tools, and ServiceNow GRC, ensuring regulatory compliance with ISO 27001, NIST 800-53, PCI-DSS, and GDPR. Education

Pace University September 2022 – May 2024

Masters in Information Systems New York, NY

Skills

Governance: Policy requirements, Documentation, Training and Awareness Risk: SPOC for Risk Register – Semi-Annual reviews, updates Control Effectiveness Rating; Inherent vs Residual Risk Compliance: Ensured Compliance with controls policies Audits: Audit Management, Internal IT Auditing, Supported External Audits BCP/DR: Documented BCP Plan, BIA Matrix participated in DR Drills Frameworks: ISO 27001, NIST, PCI-DSS, SOC 1, SOC 2, GDPR Tools: ServiceNow GRC, Splunk Oracle Database, MS Visio Documentation: Policies, Audit artifacts, BCP documents Technical Skills: MS Excel, DBMS, MYSQL, Python

Soft Skills: Verbal and written communication, decision-making, problem-solving Cloud Security: Expertise in securing cloud environments (AWS, Azure, GCP), implementing security controls, and ensuring compliance with cloud security best practices Experience

Information Security Analyst August 2023 – Present Vanguard Malvern, PA

– Managed compliance frameworks within ServiceNow GRC, ensuring alignment with NIST, ISO 27001, GDPR, PCI-DSS, and SOX requirements.

– Performed security control assessments (SCA) and audits to validate adherence to NIST 800-53 and NIST 800-171 requirements.

– Monitored outcomes from risk assessments, penetration testing, and vulnerability scans, ensuring timely implementation of treatment plans and remedial actions.

– Prepared SOX audit reports, control test results, and remediation plans for internal and external auditors.

– Conducted quarterly risk assessments and semi-annual reviews, updating the Risk Register with Risk Rating and Control Effectiveness Ratings.

– Developed and maintained SOC 2-aligned policies, access control guidelines, and incident response procedures. Information Technology Security Analyst May 2020 – August 2022 Concentrix Hyderabad, India

– Formulated risk mitigation strategies and incident response plans in accordance with ISO 27001, NIST, and GDPR security frameworks.

– Monitored Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) for IT governance and risk assessment.

– Developed IT policies, risk management frameworks, and compliance procedures based on COBIT’s IT governance best practices.

– Implemented continuous monitoring strategies using SIEM tools to detect and respond to cybersecurity threats.

– Performed risk assessments for cybersecurity, information security, and business continuity to identify vulnerabilities and mitigate potential threats.

– Integrated IAM solutions with Multi-Factor Authentication (MFA), Single Sign-On (SSO), and Privileged Access Management (PAM) to enhance security.

– Facilitated the audit process within the team by identifying root causes of audit findings, determining appropriate CAPA, and implementing remediation plans.

Contact this candidate