Vijay Kumar Sureboina

Ph. +91 9789077552

Email: vijaykumarsureboina@gmail.com

Professional Summary
 15 years of experience in Information Security Risk and Compliance to protect the
confidentiality integrity and availability of information and information systems,
assess risks, threats and vulnerabilities from emerging security issues.
 An expert in performing risk assessment for various applications and tools developed
inhouse or a vendor managed.
 Develop, maintain and promote baseline security testing framework into part of
regression testing
 Expert in organization wide audits for ISO 27001, HIPAA, SSAE16 and PCI DSS and
HITRUST.

Educational & Professional Qualifications:

 Certified CISM - Certified Information Security Manager
 Certified ISO 27001:2013 ISMS Lead Auditor from BSI
 Certified GDPR (General Data Protection Regulation) from BSI
 Certified (CPISI) Payment Card Industry and Security Implementer from SISA
 MBA in Information Technology from Sikkim and Manipal University, 2009-2011
 Bachelor in Commerce, from Osmania University, 1997 – 2000

Cognizant Technologies Services – (June’20 – Till date)

Corporate Security Manager
Roles and Responsibilities:

 Expert in HITRUST Self-Assessment and audit for various healthcare projects

 Conduct HIPAA compliance audit at the organization level
 Maintain a working knowledge of relevant laws, regulations, policies, standards, and
procedures
 Perform Vulnerability scan with vulnerability reporting, tracking, management, and
remediation processes, methodologies, and strategies
 Expert in conducting internal audit for HealthCare projects and provide solutions to
remediate the observations.
 Participate in security incident response process and red team exercise
 Conduct Due Diligence and commissioning and decommissioning audits for various
applications and tools.
 Conduct floor awareness session to educate employees which reduces man made
incidents.
 Handling incidents at enterprise level and provide corrective action and preventive
action accordingly
 Implement Information Security related training programs at regular interval to
foster awareness within the organization.
 Prepare dashboard for internal/external audits, Training compliance, Desktop
compliance and publish to the Executive management.
 Provide responses to RFI / RFP and security questionnaire for new & existing
businesses

1
Sutherland Global Services - (April 2019 – April 2020)
Director - Information Security
Roles and Responsibilities:

 Implemented GRC archer at organization wide

 Identify various applications and tools for various clients to improve efficiency and
effectiveness and meet the requirements.
 Responsible and ensure that change management process is been followed.
 Collaborate with development teams to prioritize and remediate vulnerabilities
throughout the software development lifecycle and to improve security program.
 Review security controls
 Leading ISO27001, HIPAA and HITRUST audits
 Plan and perform ISO27001 recertification and surveillance audits
 Leading Healthcare and projects globally includes India, Philippines and USA.
 Review security controls for various applications and tools used for various clients to
meet compliance with industry best practice, legal and regulatory requirements.
 Review vulnerability assessment reports, risk assessment reports, Endpoint
Compliance report periodically.
 Investigate incidents and perform the root cause analysis.
 Perform discovery assessment and familiar with cloud security framework and
compliance requirements.
 Maintain, review and communicate organizational information security standards,
procedures and guidelines to support compliance and information security policies.

Cognizant Technologies Services – (May’15 – April’19)

Corporate Security Manager
Roles and Responsibilities:

 Expert in HITRUST Self-Assessment for various healthcare projects

 Handling a team and delegate work and conduct weekly review meetings.
 Leading critical Healthcare projects across all locations
 Conduct HIPAA compliance audit at the organization level
 Analyze vulnerability test reports and suggest remediation / mitigation plan.
Includes ability to prioritize process and reporting enhancements
 Coordinate, manage and conduct network vulnerability tests and remediation with
end users; and participate in dynamic/static application code scans/assessments
 Configure vulnerability scans, tailored to specific client requirements
 Produce vulnerability assessment reports and distribute to IT Support teams (for
remediation)
 Expert in conducting internal audit for HealthCare projects and provide solutions to
remediate the observations.
 Front-end external audits for different verticals end to end till the closure of
observations.
 Independently handle various clients at different facilities in different locations to
ensure that Client Information Security & Compliance requirements are met.
 Expert in setting up clean room controls for HealthCare projects deals with PHI/PII
data.

2
  Handling incidents at enterprise level and provide corrective action and preventive
action accordingly
 Implement Information Security related training programs at regular interval to
foster awareness within the organization.
 Plan and conduct IS Audits - Periodically test and evaluate Information Security
controls and techniques including customer contractual bindings through regular
internal and external audits.
 Risk assessment projection for healthcare projects and discuss the issues and
findings with the BU Heads.
 Conduct Due Diligence and decommissioning audits for various facilities.
 Prepare dashboard for HealthCare vertical for internal/external audits, Training
compliance, Desktop compliance and publish to the Executive management.
 Provide responses to RFI / RFP and security questionnaire for new & existing
businesses
 Understand business environment and propose fit for purpose information security
solutions

HCL Technologies Ltd - (Aug’13 – May’15)

Information Security Manager - Chief Risk Officer
Roles and Responsibilities:

 Maintain and Audit the system for complying SSAE16, ISO27001 (Surveillance and
recertification), PCI DSS and HIPAA Compliance
 Perform security audits for various application and tools developed inhouse for
various clients for Media and communications, Insurance, Banking, Manufacturing
and Health Care
 Conduct ISO 27001 audit on integrated, operational, and business process for the
handling projects
 Managed and implemented security policies, procedures and controls that are
required for ISO 27001, SSAE 16 (SAS70)
 Develop and maintain stakeholders within the business, provide education &
awareness of all aspects BC Program including, policies & standards
 Conducted IT Security awareness training programs for the new joiners
 Investigate on various incidents related to information security raised by an
individual in an incident management system tool

HSBC Electronic Data Processing Pvt. Ltd – (Oct 2003 – July 2013)
Information Security Specialist – Security and Fraud Risk (May 2003 – July 2013)
Roles and Responsibilities:

 Worked in Middle East Dubai for a short period to perform security testing for
various application and tools.
 Review, identify and assist the impact of security threats which includes internal
factors, external threats, vulnerabilities and malicious events, mitigate and reducing
risks to an acceptance level for internal use applications.
 Ensure that the necessary changes based on the audit findings are effectively
implemented in a timely manner. Assess the exposure from ineffective or missing

3
 control practices and formulate a practical and cost-effective plan to improve those
areas.
 Working with the business units to ensure the achievement and maintenance of
appropriate security controls. Monitor the effectiveness of our security policies and
practices covering physical, procedural and technical controls.
 Identify key risk areas in order to develop the audit plan and determine where staff
resources should be focused and maintain effective working relationships with all
business partners.
 Assist in the execution of audits and conduct audit fieldwork as needed. Audit
fieldwork includes developing test plans, completing the audit program,
documenting control weaknesses or inefficiencies, and managing the audit within the
given time frame.
 Provide support to management and business functional areas, as requested, when a
business disruption occurs.
 Conduct Information Security awareness training programs as per ISMS/
Contractual/ Regulatory requirements.

Personal Information:

 Date of Birth : 19th April 1977

 Nationality : Indian
 Languages Known: English, Hindi, and Telugu