Risk Management Power Bi
Resume:
Sushmitha Boddi Reddy
**************.**********@*****.*** (971) -708-3043
LinkedIn: https://www.linkedin.com/in/sushmitha-boddi-reddy-a816b1116/
Professional Summary
Results-driven Internal/Financial Auditor and Risk Management professional with over 6 years of experience in cybersecurity auditing, compliance and enterprise risk assessment. Experience in evaluating regulatory compliance with frameworks such as NIST CSF, ISO 27001, SOX and GDPR. Proven ability to conduct risk assessments, identify security gaps and implement strategic improvements to mitigate enterprise risks. Great at managing client relationships, streamlining compliance processes and optimizing security controls to enhance operational efficiency. Skilled in using tools like Power BI, Jira and Confluence for tracking, audit reporting and risk visualization. Strong background in cybersecurity awareness training, ITGC implementations and fraud investigations and financial audit reviews to ensure GAAP and SOX compliance. Committed to ensuring regulatory adherence and strengthening security postures across industries.
Skills:
Security Frameworks & Compliance: NIST CSF, ISO 27001, SOX, GDPR, IT General Controls (ITGC), SIG, FCC, FTC, PCI-DSS, SOC 2
Risk Assessment & Management: Enterprise Risk Management (ERM), Compliance Audits, Third-Party Risk Assessments, Fraud Investigations, Vendor Risk Management
Cybersecurity & IT Governance: Access Controls, Incident Management, Intrusion Detection & Prevention, Role-Based Access Control (RBAC), Disaster Recovery & Business Continuity
Audit & Reporting Tools: Power BI, Excel, Jira, Confluence
Strategic & Client Management: Client Relationship Management, Security Awareness Training, Contract Renewals, Compliance Standardization
Data Protection & Privacy: GDPR, CCPA, Secure Data Transmission & Storage, Billing Dispute Analysis
Process Improvement & Mapping: Strong knowledge of process improvement methodologies and proficiency in process mapping tools (Lucidchart, Microsoft Visio).
Soft skills: Communication, detail-oriented, Time Management, Interpersonal Skills, Problem-Solving and Adaptability.
Professional Experience
Role: Sr. Analyst, Enterprise Risk (Internal Auditor)
Company: T-Mobile Jan 2023 – Present
Define audit scope and resource allocation for regulatory compliance reviews across 15+ departments, ensuring adherence to FCC, FTC and GDPR guidelines, mitigating potential fines.
Conducted comprehensive audits across 3 departments to assess internal controls, risk management and compliance with SOX and GAAP standards.
Evaluate internal policies and procedures to ensure alignment with regulatory requirements, identifying gaps, assessing potential risks recommending actionable improvements.
Develop detailed audit reports, present findings to senior management and recommend steps for improvements.
Performed comprehensive analyses of enterprise risks in billing practices and identified few gaps in third party charges and presented the summary to senior management which reduced the billing dispute by 20% and increasing customer trust.
Assess and audit customer onboarding and business account opening processes to identify gaps in KYC/KYB compliance and recommend corrective actions.
Collaborated with finance teams to integrate financial audit procedures into regular reviews, enhancing financial reporting accuracy and ensuring GAAP compliance.
Created and maintained audit documentation in confluence and have experience in Jira for task assignment and internal reporting.
Lead cybersecurity awareness workshops for 200+ employees, reducing phishing incident rates by 25%.
Implemented process improvement methodologies such as Lean and Six Sigma to optimize internal audit processes.
Role: Risk Analyst
Company: Fisher Investments Mar 2022 – Dec 2022
Conducted Comprehensive Transaction Review (CTR) assessments across organizational divisions to ensure compliance with regulatory standards (SOX, GDPR) and internal policies.
Contribute to the strategic vision of the department and work as part of the team to conduct investigations, interviews and inquiries associated with instances of fraud, waste and abuse including violations of the company’s Code of Conduct.
Collaborated with cross-functional teams to analyze findings, identify discrepancies and implement corrective actions.
Designed advanced data visualizations and dashboards using Power BI to present findings interactively and improving risk assessment accuracy by 20%.
Supported financial reporting efforts by performing detailed financial audit reviews, reconciling transactional discrepancies, and ensuring adherence to SOX and GAAP standards.
Played a key role in standardizing compliance standards and policies across divisions, fostering consistency and alignment with organizational goals.
Streamlined risk management processes, enhancing operational efficiency and audit readiness.
Leveraged process mapping tools to visually document workflows and identify opportunities for process optimization, thereby enhancing client service delivery.
Role: Security Auditor
Company: Geodis Jan 2022 – Mar 2022
Conducted risk-based operational, financial and compliance audits ensuring adherence to ISO standards, SOX and regional trade regulations.
Reviewed access control mechanisms to ensure only authorized personnel accessed sensitive systems and data.
Ensured secure storage, transmission and processing of customer, proprietary and employee data in compliance with GDPR and CCPA.
Shadowed the team in verifying compliance with industry standards such as ISO 27001, SOC 2 and PCI-DSS for payment processing and sensitive data handling.
Supported fraud risk assessments using power BI, flagging potential vendor billing irregularities for further investigation.
Role: Systems Engineer
Company: PepsiCo (via TCS) Mar 2018 – Dec 2019
Deployed IT General Controls (ITGC) across PepsiCo’s sites, ensuring compliance with SOX, GDPR.
Conducted risk assessments for ERP and MES, identifying and mitigating 20+ critical vulnerabilities.
Implemented RBAC and intrusion detection systems, reducing unauthorized access by 70%.
Deployed security measures such as intrusion detection systems and firewalls to protect critical assets.
Collaborated with global and regional teams to implement backup and disaster recovery plans, ensuring business continuity.
Prepared audit documentation, achieving 100% compliance during internal and external audits.
Role: Systems Engineer
Company: Mondelez (via TCS) Dec 2016 – Mar 2018
Led ITGC implementation across 8 production plants, ensuring compliance with SOX.
Strengthened SCADA/ERP access controls, resolving 30+ security gaps.
Collaborated with cross-functional teams to establish backup and disaster recovery plans for critical manufacturing systems.
Monitored incident management protocols to minimize production disruptions.
Trained 100+ plant staff on ITGC best practices, improving audit compliance scores by 45%.
Analyzed existing vendor systems against Mondelez IT’s governance standards and implanted recommendations that improved security measures and enhanced vendor reliability by 20%.
Education
Master’s in Information Security
University of Kansas, Lawrence Graduated: 2021
Bachelor's degree in Computer Science
Jawaharlal Nehru Technological University Graduated: 2016
Contact this candidate