Professional Documents
Culture Documents
VijayKumarSureboina (15 0)
VijayKumarSureboina (15 0)
Professional Summary
15 years of experience in Information Security Risk and Compliance to protect the
confidentiality integrity and availability of information and information systems,
assess risks, threats and vulnerabilities from emerging security issues.
An expert in performing risk assessment for various applications and tools developed
inhouse or a vendor managed.
Develop, maintain and promote baseline security testing framework into part of
regression testing
Expert in organization wide audits for ISO 27001, HIPAA, SSAE16 and PCI DSS and
HITRUST.
1
Sutherland Global Services - (April 2019 – April 2020)
Director - Information Security
Roles and Responsibilities:
2
Handling incidents at enterprise level and provide corrective action and preventive
action accordingly
Implement Information Security related training programs at regular interval to
foster awareness within the organization.
Plan and conduct IS Audits - Periodically test and evaluate Information Security
controls and techniques including customer contractual bindings through regular
internal and external audits.
Risk assessment projection for healthcare projects and discuss the issues and
findings with the BU Heads.
Conduct Due Diligence and decommissioning audits for various facilities.
Prepare dashboard for HealthCare vertical for internal/external audits, Training
compliance, Desktop compliance and publish to the Executive management.
Provide responses to RFI / RFP and security questionnaire for new & existing
businesses
Understand business environment and propose fit for purpose information security
solutions
Maintain and Audit the system for complying SSAE16, ISO27001 (Surveillance and
recertification), PCI DSS and HIPAA Compliance
Perform security audits for various application and tools developed inhouse for
various clients for Media and communications, Insurance, Banking, Manufacturing
and Health Care
Conduct ISO 27001 audit on integrated, operational, and business process for the
handling projects
Managed and implemented security policies, procedures and controls that are
required for ISO 27001, SSAE 16 (SAS70)
Develop and maintain stakeholders within the business, provide education &
awareness of all aspects BC Program including, policies & standards
Conducted IT Security awareness training programs for the new joiners
Investigate on various incidents related to information security raised by an
individual in an incident management system tool
HSBC Electronic Data Processing Pvt. Ltd – (Oct 2003 – July 2013)
Information Security Specialist – Security and Fraud Risk (May 2003 – July 2013)
Roles and Responsibilities:
Worked in Middle East Dubai for a short period to perform security testing for
various application and tools.
Review, identify and assist the impact of security threats which includes internal
factors, external threats, vulnerabilities and malicious events, mitigate and reducing
risks to an acceptance level for internal use applications.
Ensure that the necessary changes based on the audit findings are effectively
implemented in a timely manner. Assess the exposure from ineffective or missing
3
control practices and formulate a practical and cost-effective plan to improve those
areas.
Working with the business units to ensure the achievement and maintenance of
appropriate security controls. Monitor the effectiveness of our security policies and
practices covering physical, procedural and technical controls.
Identify key risk areas in order to develop the audit plan and determine where staff
resources should be focused and maintain effective working relationships with all
business partners.
Assist in the execution of audits and conduct audit fieldwork as needed. Audit
fieldwork includes developing test plans, completing the audit program,
documenting control weaknesses or inefficiencies, and managing the audit within the
given time frame.
Provide support to management and business functional areas, as requested, when a
business disruption occurs.
Conduct Information Security awareness training programs as per ISMS/
Contractual/ Regulatory requirements.
Personal Information: