sri vidya kotaru
Security Analyst
About
With about 1 years and 8 months of experience in the IT Risk Management sector, I have been involved in ISMS implementation. As a lead implementer, I forefront of the assessment of IT controls in the operation, identifying gaps, risks, and areas for improvement. Developed, implemented, and monitored Policies and SOPs. Worked with key stakeholders, including key service providers to ensure compliance requirements. Initiate corrective action and meet business and regulatory requirements. Performed internal audit and compliance w.r.t. ISMS. Have experience and understanding of Risk Management, Incident Management, ITGC, Business Continuity Management and TPRM.
Skills & Expertise (20)
Work Experience
Associate
AEGIS CUSTOME SUPPORT SERVICES PRIVATE LIMITED
Jul 2024 - Feb 2025
Conducting Internal Security Audits, Management Reviews, and Process compliance Reviews. Conduct Regular security monitor from various security solutions and act as per service level agreement. Conducting training & awareness programs on compliance & security within the organization through mailers, quizzes & during induction. Conducting quarterly MRMs with the steering committee to demonstrate the continual progress of information security within the organization Experience with Microsoft SQL Server database and Oracle. Have an Information Security and Software services background to speak intelligently to both technical and non-technical teams and understand the variety of risks posed to the firm in different situations. Conducting gap analysis, internal audit & spot checks of various support departments (HR/Admin/IT/Applications) to ensure their conformity to the information security controls, providing recommendations & follow-up closure within timelines. Expertise in metrics, reporting, Analysis, Presentations & dashboards with the ability to customize reporting. Conducting Third Party Risk Management to all vendors on annual basis and reviewing their activities occasionally. Provide technical support in the assessment, design and implementation of ITGC controls and developing COSO framework. Reviewing control evidence for adherence to accuracy, completeness and precision of control execution for all ITGC. Conducting VAPT of firewalls, switches, Wi-Fi networks, Windows servers. Building and maintaining security operations on Cloud Platform SaaS.
Security Analyst
SYSATEK
Feb 2025 - Present
Performed IT General Controls (ITGC) audits covering Access Management, Change Management, Backup & Recovery, IT Operations, Incident & Problem Management, and Business Continuity. Executed IT Application Controls (ITAC) audits for financial and operational systems, including transaction, authorization, and automated controls. Conducted walkthroughs with stakeholders to identify control gaps, risks, and dependencies, ensuring alignment with regulatory and internal control expectations. Conducted periodic access reviews, user access recertification, and production movement validations across critical systems. Prepared detailed audit reports, including observations, risk ratings, and remediation timelines; validated closure evidence for open issues. Created and maintained Information Security SOPs, Policies, Checklists, and guidelines aligned with ISO 27001:2022. Assessed IT infrastructure components including servers, network devices, communication ports, network topology, and architecture. Evaluated applications for secure coding practices, OWASP Top 10, threat modelling, and API security. Evaluated effectiveness of logging & monitoring controls, SIEM configurations, and alert escalation procedures. Assessed IT operations controls covering job scheduling, backups, server health monitoring, and incident response readiness. Developed risk and control matrices (RCM), test scripts, and control effectiveness assessment reports. Identified operational and security risks, recommended mitigation strategies, and ensured closure within defined timelines. Conducted periodic audits for third-party service providers, assessing vendor compliance, supply chain risks, and contractual security obligations. Delivered internal information security & cybersecurity training programs to employees. Supported external statutory, IT, and financial audits, coordinating evidence, walkthroughs, and remediation.
Education
BTech Mechanical Engineering - Vignan Engineering College
2017 - 2021 · Afghanistan