Post Job Free
Sign in

Information Security Risk Management

Location:
Fort Worth, TX
Posted:
May 25, 2025

Contact this candidate

Resume:

PAVAN KUMAR GAJJALA

E-Mail: ***********@*****.***

Linked in:pavan-g-005436354 Contact: +1-682-***-****

Professional Certifications:

CEH (EC council V10). ECSA (EC council).

CCSK CYBER RISK AND THREAT MANAGEMENT

PROJECT Endpoint Security

MANAGEMENT CERTIFICATION

AWS DEVELOPER ASSOCIATE

Professional Summary:

I am a techno-savvy professional with 3+ years of experience in Information Security - Risk and Compliance Management, Security Governance, Risk Management, ISMS auditor, Web application Security testing, Vulnerability Assessment, Network security.

•I worked as an Information Security Consultant in Cyber Governance Risk and Controls, web application security, network security and ISMS AUDITOR.

•Experienced in evaluating Risk and controls within purview IT General Controls (ITGC) and IT Enterprise controls ITEC)

•Expertise in Manual Web Penetration Testing & Network Penetration Testing.

•Developed information security governance framework, covering Information strategy, Policies, Directives and Guidelines based on ISO27001

•Evaluate production processes for compliance with quality requirements.

•Assist in development of audit plans, audit schedules.

•In depth Knowledge in NIST 800-30, NIST CFS, COBIT Standards.

•Vulnerability management risk scoring such as CVSS, CVE and related schema and scoring concepts.

•Utilized comprehensive knowledge of HIPAA and GDPR compliance requirements to create and implement data masking strategies that adhere to strict data privacy regulations, minimizing the risk of data breaches and legal repercussions.

•This included conducting impact analysis, setting masking policies, and validating masked data to maintain data integrity and regulatory compliance.

●Managed projects for incident, vulnerability malware Defense, email security and Encryption Filtering, DDOS, IPS, IDS, SIEM, Policy management and System compliance.

●Perform vendor risk assessments in support of internal business process area project teams.

●Generate regular risk management reports using various security technologies.

Technical Skills:

●Information Security

●Risk and Compliance

●Symantec Endpoint Protection Management Tool

●HIPAA, IRS Pub1075, CMS, PCI, CJIS, Social Security Administration and HITRUST

●Compliance Frameworks (SOX, GDPR, CAPA CJIS, CMS, ISO, SOX, SOC, PCI-DSS, ISO, HIPAA/Hitech)

●IDS/IPS

●Network Security Audit

●Service Now, JIRA, Cherwell

●Mock audit

●SharePoint, ServiceNow, Microsoft Project, Policy Management tool.

●Archer

●Risk Management

Tools Used:

SIEM Tool : LogRhythm, Splunk.

Scanning : Nmap, Zenmap, Nessus, Wireshark.

GRC Tool : RFPIO, Trust-arc

Web Penetration Testing : Microfocus-Fortify, Web Inspect, Havij, Burp Suite.

N/w Penetration Testing : Nessus, Nexpose, Metasploit.

Ticketing tools : Service now, Cherwell.

Programming Languages:

C, Dotnet, Python

Professional Experience:

Client : Genpact

Role : Consultant

Duration : Apr 2020 to Aug 2022

CYBER GOVERNANCE RISK AND CONTROLS (CGRC)

•Worked on Security Control Assessments and analyzed the Control Domains.

•Established a risk register and led regular risk review meetings to prioritize and address high-impact vulnerabilities.

•Partnered with compliance teams to align risk management activities with industry standards and regulatory requirements.

•Planned and executed onsite/virtual risk assessments for third party vendors focusing on compliance with regulations, policies, and internal controls

•Monitored, and tracked TPRM lifecycle activities (identify, due diligence, risk assessment contract negotiation, ongoing monitoring, and termination

•Worked on more than 300+ Exceptions reporting in archer.

•Collaborated with stakeholders to set realistic and measurable SLA targets, improving service delivery and customer satisfaction.

•Analyzed SLA performance metrics to identify trends and implement corrective measures, reducing SLA breaches by 20%.

•Leveraged extensive knowledge of HIPAA and GDPR compliance standards to develop and implement data masking strategies that comply with stringent data privacy regulations, thereby reducing the risk of data breaches and legal liabilities.

•Implemented and managed security frameworks such as ISO 27001, NIST, and CIS Controls, ensuring robust protection of enterprise IT assets.

•Conducted gap analyses and compliance audits against security frameworks, achieving a 100% compliance rate within designated timelines.

•Developed risk management program and planned, developed, and modified policies, processes, guides, standards, and procedures and ensured compliance working with appropriate teams.

•Contributed across multiple enterprise verticals to develop an integrated organizational IT Security & Risk Strategy.

•Developed security control and risk scorecards, metrics, and reporting capabilities in GRC.

•Maintained up to date controls, coordinated the control assessments, identified, and escalated the non-compliance issues.

•Demonstrated proficiency in conducting Control Testing, encompassing Test of Design (ToD) and Test of Operating Effectiveness (ToE) methodologies.

•Extensive experience in Transactional Testing, evaluating the effectiveness of control procedures and transactional processes.

•Test of Design (ToD) Competence: Skilled in designing tests to assess the adequacy of control procedures and their alignment with regulatory requirements and organizational objectives.

•Proficient in issue validation processes, conducting thorough assessments to verify the resolution of identified issues and deficiencies within the organization's operations and controls.

•Conducted comprehensive risk assessments to identify potential control weaknesses and transactional irregularities, ensuring alignment with regulatory requirements and organizational objectives.

•Applied data analytics tools and techniques to extract meaningful insights from large volumes of transactional data, identifying patterns, trends, and anomalies to support auditing conclusions and process improvements.

APPLICATION SECURITY TESTING

•Experience in implementing security in every phase of SDLC. Have hands-on experience in application security,

•Vulnerability assessments and OWASP along with different security testing tools.

•Experience as an Information Security Analyst, involved in OWASP Top 10 based Vulnerability Assessment of various internet facing point of sale web applications and Web services.

•Capable of identifying flaws like Injection, XSS, Insecure direct object reference, Security Misconfiguration, Sensitive data exposure, Functional level access control, CSRF, Unvalidated redirects.

•Experience in different web application security testing tools like Acunetix, Metasploit, Burp Suite, SQL map, OWASP ZAP. Evaluate WAF utilization and devise strategies for enhancing and refining protection protocols.

•Demonstrated proficiency in planning, executing, and managing auditing and testing activities to evaluate the effectiveness of internal controls, risk management processes, and compliance frameworks.

Organization : Highmark Inc

Role : Member Technical

Duration : Oct 2022 to Nov 2023

Location : New York

INFORMATION SECURITY ASSURANCE- CYBER GOVERNANCE RISK AND CONTROLS (CGRC)

●Worked on Security Control Assessments and analyzed the Control Domains.

●Team builder and effective communicator with colleagues at all levels of understanding and responsibility.

●Creating, maintaining, communicating, and enforcing information security related documentation, e.g., policies, frameworks, standards, methods & procedures, executive presentations, corporate communications, and knowledge base (KB) articles.

●Established IT governance policies and processes to ensure alignment between IT initiatives and business objectives.

●Developed governance frameworks to monitor IT performance, enabling a 20% increase in project delivery efficiency.

●Conducted IT compliance assessments to ensure adherence to regulatory requirements and corporate governance standards.

●Collaborated with the SoC team to develop and implement threat intelligence assessment strategies, leveraging expertise in digital forensics and incident response to identify and address potential security threats

●Developed a custom case management tool with embedded cybersecurity techniques and procedures to streamline incident response workflows and improve collaboration between different teams Conducted digital forensics

ISMS AUDITOR

●Support department and help manage implementation of information security management systems.

●Conduct Information security awareness, training and educational activities to stakeholders.

●Manages information security risk assessments and controls selection activities Liaison with stakeholders and offers strategic direction to related governance functions (such as Risk Management, IT, HR, Legal and Compliance)

●Developed and enforced security protocols for DB2 databases, incorporating encryption, access controls, and monitoring to guarantee data privacy and compliance with standards such as HIPAA and GDPR.

Academic Qualifications:

B. Tech – JAIN University 2017 - 2021

MS COMPUTER & INFORMATION SCIENCE - AVILA UNIVERSITY JAN 2024 - CURRENT



Contact this candidate