RamPawanKumarSista (17 0)
RamPawanKumarSista (17 0)
RamPawanKumarSista (17 0)
Scaling new heights of success with hard work & dedication and leaving a mark of excellence on each step
Third Party Management Certified Information Security Manager (CISM) & ISO27001 Lead Auditor Certified
Professional with 16+ years of experience in Information Security & Risk Management
IT Risk Assessment and close to 17.5 years of total IT experience.
Working experience in various areas of Information Security & Risk Management like
Infrastructure Security &
creation of IT Policies & internal controls, IT Security audits & internal reviews,
Network Architecture Reviews Vendor/Third Party Risk Management, Governance Risk & Compliance, Data Center &
Cloud assessments, Operational Risk Assessment
Customer Relationship
Management Proven skills in handling Information security & Risk involving strategy, technical
architecture, risk assessment, service design, integration & improvement, audit and
Information Security (IS) incident management as per legal & regulatory standards
Governance Expertise in assessing Information security requirements and translating these into
techno-functional specifications, custom designing solutions & troubleshooting for
Information Audit information systems as per standard norms
Security Framework / Experienced Leader with strong team management skills along with resource
identification, utilization and dispute handling.
Security Program / GRC
Proficient in managing stakeholders with the accountability of informing them on future
Operational Risk scenarios, maintaining key relations with clients by acquiring feedback on critical issues
and taking suitable actions to ensure positive experience
IT General & Application An innovative, loyal & creative professional with strong planning, communication,
Control Reviews analytical & negotiation skills
AREAS OF EXPERTISE
Assessing and implementing Information and Communications Technology (ICT) / Information Security (IS) Governance best
practices, recommendations & Industry Information Security (IS) requirements
Performing security risk assessment/analysis & recommending mitigation through appropriate controls, both in projects and for
existing assets
Reviewing new security policies, drafting and implementing security procedures and work instructions
Coordinating and facilitating internal and external audits; followed-up on audit issues responses, action plans & remediation
Implementing a procedure to ensure that risk management is performed in IT projects and major activities; ensured that the
security deliverables were considered in the project
Designing and implementing security controls, procedures and standards, Information Security (IS) structure
Utilizing sourcing of Managed Security Services to build and establish incident response plans for the organization
NOTABLE HIGHLIGHTS
Lead a successful team and handled 3000+ Third Party Risk Assessments in the last 2.5 years
Revised & improved Information Security practice, performed security risk analysis and mitigated through appropriate controls
such as ISO27001, PCI-DSS & HIPAA
Pivotal in recommending, designing and implementing appropriate security controls such as data security, encryption, policies &
procedures, identity & access management, BCP/DR; designed & implemented security procedures, standards and structures
for all platforms, databases and applications
Played a key role in performing information security risk analysis and periodic information system activity reviews for
information security processes with a resultant dip in non-conformance from 40% to 10%
ORGANISATIONAL EXPERIENCE
Since Apr’18 Cognizant Technology Solutions as Associate Director, Global Third Party Risk Management, Corporate Security
Build the Third Party Risk Management (TPRM) Program by developing, optimizing, leading a comprehensive Third Party
Risk Management strategy, framework, processes and tools, and reporting to actively handle third-party risk across
Cognizant’s supply base.
Develop collaborative working relationships with counterparts in in IT, Legal, Procurement, Finance, Privacy, Business
Units/Verticals and Corporate Security teams and other partners to implement vendor qualification, risk assessment, and
reporting policies and mitigation measures. Develop and lead supporting process and policy governance.
Lead a cross-functional team to implement and run vendor risk assessment and risk management solution for detailed
vendor risk profiles.
Participate in risk-related initiatives serving as an authority in vendor risk management and mitigation strategies.
Strong working knowledge of Privacy laws, Standards, rules and regulations
Deep insight of best practice standards such as ISO 27001, SOC1 / SOC 2, NIST, PCI, HIPAA is required along with working
knowledge on Application Security , SDLC, DAST / SAST
Demonstrates proven expertise and success in reviewing security architecture and strategies including Cloud technologies &
Certifications
Responsible for overall execution of the Third Party Risk Management program at CTS.
Responsibilities include leadership of diverse & geographically spread-out teams of assessors, consultants and oversee
program activities to ensure effective risk management and mitigation throughout the third party life cycle.
Provide thought leadership in redefining the risk assessment process and support the continuous improvement of the
TPRM program.
Work closely with the Senior Leadership team as a key member of the second line of defense for TPRM oversight.
Ensure that the TPRM program is in compliance with GDPR and all other applicable Regulations.
Play a vital role in addressing any challenges with transformation, integration and post-merger security operations.
Be the POC for all external audits including client audits.
Oct’15 – Apr’18 WIPRO LTD as Lead Consultant, Cybersecurity & Risk Services
• Helping clients as a Lead for the Information Security Practice by utilizing industry standards & frameworks for conducting risk &
security assessment activities including third party risk assessments.
• Involved in the preparation of risk assessment reports that included details of identified risks & description of potential business
impact and providing prioritized recommendations for remediation of the same
• Creating written reports and presentations for managerial and executive levels
• Researching & analyzing market trends, products, tools and techniques for enhancing subject matter expertise of the team
members and improving service offerings
• Worked with different clients across multiple verticals for various Information Security programs including vendor risk
assessments, audits, BCP/DR & Cloud Security.
Jun’11 – Oct’15 ADP Private Ltd., Hyderabad as Security Advocate with the Global Third Party Assurance Office
Role:
• Leading a global team of assessors & coordinators
• Utilizing industry standards & frameworks for conducting risk & security assessment activities during the different phases of
Vendor Assurance Program
• Involved in the preparation of risk assessment reports that included details of identified risks & description of potential business
impact and providing prioritized recommendations for remediation of the same
• Creating written reports and presentations at the engineering, managerial and executive levels
• Researching & analyzing market trends, products, tools and techniques for enhancing subject matter expertise of the team
members and improving service offerings
• Engaged in internal assessment and updating the reporting tools, documents and systems
• Reviewing & identifying holistic vendor risks pertaining to financial, operational, compliance/litigation, security & resiliency and
strategic associated with third party vendors & partners
• Conducting meetings with business, vendors and other GSO resources during different phases of the assessment process
• Organizing onsite assessments for assessing different security controls of the vendor
Dec’09 – Jun’11 HSBC Technology & Service Delivery, Hyderabad, Chennai & Mumbai
Growth Path:
Jan’08 – Nov’09 Assistant Manager – Business Information Risk officer (BIRO)
Dec’09 – Jun’11 Manager – Fraud & Business Information Risk officer (BIRO)
Role:
• Worked in close coordination with the Central Fraud Team for identifying high risk processes (thru Risk Assessment) and
preparing mitigation plans for the same
• Involved in the assessment of fraud & information compromise threats & controls
• Conducted:
o Regular IT Security reviews on local IT functions and suggested recommendations for the same
o Level 1 risk assessment for identifying risks involved in the access controls of operations and offered recommendations for
mitigating the same
• Monitored & ensured all group audit/internal control recommendations are implemented within domain
• Managed operational risk by adhering to group's operational risk framework
• Worked in close coordination with the Fraud & Security Department for investigating the fraud and theft occurrence
• Offered assistance as per the requirement of CoE BIROs and Central BIRO Function for conducting GR Information Security
Training & Awareness Programs
PREVIOUS EXPERIENCE
Jul’06 – Dec’07 Keane India Ltd., Hyderabad as Network Administrator for Infrastructure Services Business Line
Nov’05 – Apr’06 R Systems International, Noida as Senior Technical Executive
Growth Path:
Jun’03 – Jul’04 TAC/NAHD Analyst
Aug’04 – Jan’05 Information Security Officer
Feb’05 – Nov’05 Assistant Manager-IT Security
ACADEMIC DETAILS
2003 B.Sc. (Computer Maintenance & Engineering) from Loyola Academy, Osmania University, Hyderabad with 81.4%
CERTIFICATIONS
Course on CCNA
RSA Archer Administration Training
ISO20000
PERSONAL DETAILS