RAMPAWAN KUMAR SISTA | CISM, ISO27001 LA

Contact: +91 - 7702609090

E-Mail: rampk_sista@yahoo.com

SENIOR LEVEL PROFESSIONAL

INFORMATION SECURITY | RISK MANAGEMENT

Scaling new heights of success with hard work & dedication and leaving a mark of excellence on each step

SKILL SET PROFILE SUMMARY

Third Party Management
IT Risk Assessment
Infrastructure Security &
Network Architecture Reviews
Customer Relationship
Management
Information Security (IS)
Governance
Information Audit
 Certified Information Security Manager (CISM) & ISO27001 Lead Auditor Certified
Professional with 16+ years of experience in Information Security & Risk Management
and close to 17.5 years of total IT experience.
 Working experience in various areas of Information Security & Risk Management like
creation of IT Policies & internal controls, IT Security audits & internal reviews,
Vendor/Third Party Risk Management, Governance Risk & Compliance, Data Center &
Cloud assessments, Operational Risk Assessment
 Proven skills in handling Information security & Risk involving strategy, technical
architecture, risk assessment, service design, integration & improvement, audit and
incident management as per legal & regulatory standards
 Expertise in assessing Information security requirements and translating these into
techno-functional specifications, custom designing solutions & troubleshooting for
information systems as per standard norms

Security Framework /
Security Program / GRC
Operational Risk
IT General & Application
Control Reviews
 Experienced Leader with strong team management skills along with resource
identification, utilization and dispute handling.
 Proficient in managing stakeholders with the accountability of informing them on future
scenarios, maintaining key relations with clients by acquiring feedback on critical issues
and taking suitable actions to ensure positive experience
 An innovative, loyal & creative professional with strong planning, communication,
analytical & negotiation skills

AREAS OF EXPERTISE

 Assessing and implementing Information and Communications Technology (ICT) / Information Security (IS) Governance best
practices, recommendations & Industry Information Security (IS) requirements
 Performing security risk assessment/analysis & recommending mitigation through appropriate controls, both in projects and for
existing assets
 Reviewing new security policies, drafting and implementing security procedures and work instructions
 Coordinating and facilitating internal and external audits; followed-up on audit issues responses, action plans & remediation
 Implementing a procedure to ensure that risk management is performed in IT projects and major activities; ensured that the
security deliverables were considered in the project
 Designing and implementing security controls, procedures and standards, Information Security (IS) structure
 Utilizing sourcing of Managed Security Services to build and establish incident response plans for the organization
 NOTABLE HIGHLIGHTS

 Lead a successful team and handled 3000+ Third Party Risk Assessments in the last 2.5 years
 Revised & improved Information Security practice, performed security risk analysis and mitigated through appropriate controls
such as ISO27001, PCI-DSS & HIPAA
 Pivotal in recommending, designing and implementing appropriate security controls such as data security, encryption, policies &
procedures, identity & access management, BCP/DR; designed & implemented security procedures, standards and structures
for all platforms, databases and applications
 Played a key role in performing information security risk analysis and periodic information system activity reviews for
information security processes with a resultant dip in non-conformance from 40% to 10%
ORGANISATIONAL EXPERIENCE

Since Apr’18 Cognizant Technology Solutions as Associate Director, Global Third Party Risk Management, Corporate Security
 Build the Third Party Risk Management (TPRM) Program by developing, optimizing, leading a comprehensive Third Party
Risk Management strategy, framework, processes and tools, and reporting to actively handle third-party risk across
Cognizant’s supply base.
 Develop collaborative working relationships with counterparts in in IT, Legal, Procurement, Finance, Privacy, Business
Units/Verticals and Corporate Security teams and other partners to implement vendor qualification, risk assessment, and
reporting policies and mitigation measures. Develop and lead supporting process and policy governance.
 Lead a cross-functional team to implement and run vendor risk assessment and risk management solution for detailed
vendor risk profiles.
 Participate in risk-related initiatives serving as an authority in vendor risk management and mitigation strategies.
 Strong working knowledge of Privacy laws, Standards, rules and regulations
 Deep insight of best practice standards such as ISO 27001, SOC1 / SOC 2, NIST, PCI, HIPAA is required along with working
knowledge on Application Security , SDLC, DAST / SAST
 Demonstrates proven expertise and success in reviewing security architecture and strategies including Cloud technologies &
Certifications
 Responsible for overall execution of the Third Party Risk Management program at CTS.
 Responsibilities include leadership of diverse & geographically spread-out teams of assessors, consultants and oversee
program activities to ensure effective risk management and mitigation throughout the third party life cycle.
 Provide thought leadership in redefining the risk assessment process and support the continuous improvement of the
TPRM program.
 Work closely with the Senior Leadership team as a key member of the second line of defense for TPRM oversight.
 Ensure that the TPRM program is in compliance with GDPR and all other applicable Regulations.
 Play a vital role in addressing any challenges with transformation, integration and post-merger security operations.
 Be the POC for all external audits including client audits.

Oct’15 – Apr’18 WIPRO LTD as Lead Consultant, Cybersecurity & Risk Services
• Helping clients as a Lead for the Information Security Practice by utilizing industry standards & frameworks for conducting risk &
security assessment activities including third party risk assessments.
• Involved in the preparation of risk assessment reports that included details of identified risks & description of potential business
impact and providing prioritized recommendations for remediation of the same
• Creating written reports and presentations for managerial and executive levels
• Researching & analyzing market trends, products, tools and techniques for enhancing subject matter expertise of the team
members and improving service offerings
• Worked with different clients across multiple verticals for various Information Security programs including vendor risk
assessments, audits, BCP/DR & Cloud Security.

Jun’11 – Oct’15 ADP Private Ltd., Hyderabad as Security Advocate with the Global Third Party Assurance Office
Role:
• Leading a global team of assessors & coordinators
• Utilizing industry standards & frameworks for conducting risk & security assessment activities during the different phases of
Vendor Assurance Program
• Involved in the preparation of risk assessment reports that included details of identified risks & description of potential business
impact and providing prioritized recommendations for remediation of the same
• Creating written reports and presentations at the engineering, managerial and executive levels
• Researching & analyzing market trends, products, tools and techniques for enhancing subject matter expertise of the team
members and improving service offerings
• Engaged in internal assessment and updating the reporting tools, documents and systems
• Reviewing & identifying holistic vendor risks pertaining to financial, operational, compliance/litigation, security & resiliency and
strategic associated with third party vendors & partners
• Conducting meetings with business, vendors and other GSO resources during different phases of the assessment process
• Organizing onsite assessments for assessing different security controls of the vendor

Dec’09 – Jun’11 HSBC Technology & Service Delivery, Hyderabad, Chennai & Mumbai

Growth Path:
Jan’08 – Nov’09 Assistant Manager – Business Information Risk officer (BIRO)
Dec’09 – Jun’11 Manager – Fraud & Business Information Risk officer (BIRO)
Role:
• Worked in close coordination with the Central Fraud Team for identifying high risk processes (thru Risk Assessment) and
preparing mitigation plans for the same
• Involved in the assessment of fraud & information compromise threats & controls
• Conducted:
o Regular IT Security reviews on local IT functions and suggested recommendations for the same
o Level 1 risk assessment for identifying risks involved in the access controls of operations and offered recommendations for
mitigating the same
• Monitored & ensured all group audit/internal control recommendations are implemented within domain
• Managed operational risk by adhering to group's operational risk framework
• Worked in close coordination with the Fraud & Security Department for investigating the fraud and theft occurrence
• Offered assistance as per the requirement of CoE BIROs and Central BIRO Function for conducting GR Information Security
Training & Awareness Programs

PREVIOUS EXPERIENCE

Jul’06 – Dec’07 Keane India Ltd., Hyderabad as Network Administrator for Infrastructure Services Business Line
Nov’05 – Apr’06 R Systems International, Noida as Senior Technical Executive

Jun’03 - Nov’05 HSBC EDPI, Hyderabad

Growth Path:
Jun’03 – Jul’04 TAC/NAHD Analyst
Aug’04 – Jan’05 Information Security Officer
Feb’05 – Nov’05 Assistant Manager-IT Security

ACADEMIC DETAILS

2003 B.Sc. (Computer Maintenance & Engineering) from Loyola Academy, Osmania University, Hyderabad with 81.4%

CERTIFICATIONS

 Certified Information Security Manager (CISM)

 ISO27001 Lead Auditor Certified
 Pursuing CISSP
 COURSES / TRAININGS ATTENDED

 Course on CCNA
 RSA Archer Administration Training
 ISO20000

PERSONAL DETAILS

Date of Birth: 24th November 1982

Languages Known: English (Verbal & written)
Location: Hyderabad, India