Bejoy Mamachan

As an integral part of the core corporate security team, I focus on the strategic implementation of security controls, conducting audits, and providing valuable consultation on information security. My primary role involves offering support to a prominent Insurance client with a widespread presence in the US and UK. Key responsibilities include Internal Risk Assessments: Conducting meticulous internal risk assessments based on Master Services Agreement (MSA) and client requirements, utilizing the GRC platform – Metric Stream for comprehensive risk management. SOC Audits Coordination: Providing end-to-end support for SOC audits, ensuring seamless collaboration with Operations, Auditors, and various support functions to facilitate timely completion without any non-conformities. Security Consultation: Offering ongoing support to the business unit by addressing security-related queries and providing clarifications on a daily and ad-hoc basis. Awareness Sessions & Phishing Campaigns: Conducting proactive awareness sessions and phishing campaigns aligned with the respective accounts within the portfolio, fostering a culture of heightened security consciousness. Security Incident Management: Taking charge of managing security incidents raised for the supported accounts, including IT incident/breach management, investigation support, and collaboration with HR, Compliance, Legal, and other relevant stakeholders. Risk Management: Diligently working on all open risks and ensuring their closure before the due date, contributing to a robust risk management framework. Endpoint & Software Compliance: Monitoring endpoint and software compliance, proactively addressing non-conformities, and ensuring timely remediation. In this capacity, I have consistently demonstrated a commitment to ensuring the highest standards of information security, contributing to the resilience and effectiveness of the overall security posture for the client across diverse geographical regions. Team Leader – Risk & Compliance In my role as a Team Leader within the Risk & Compliance (RC) team, I play a pivotal role in ensuring that both Cognizant and client compliance requirements are rigorously adhered to. My responsibilities span diverse areas, including IT Whitelist Audits, support for risk assessments, SOC Audits, and providing strategic consultation on information security. I offer dedicated support to a leading US client, a provider of information, analytics, and business services with a workforce exceeding 4000 across five locations. SOC 1 & 2 – SSAE 18 Audits: Provided comprehensive support for SOC 1 & 2 – SSAE 18 Audits, ensuring timely completion without any non-conformities. Coordinated efforts with Operations, Auditors, and various support functions to facilitate a smooth audit process. Risk Assessments/Management: Conducted detailed risk assessments using the GRC platform – Metric Stream, diligently working on all open risks and closing them before the due date. Compliance Adherence: Ensured strict adherence to Non-Disclosure Agreements (NDA) and Background Verification Checks (BGV). Physical Security – ODC Controls: Implemented rigorous checks for ODC controls, including validation of fire extinguishers, anti-pass back functionality, shredder availability, door closure time, Wi-Fi signal detection prevention, and the presence of security awareness posters within ODC. Oversight of logs at the security helpdesk. ODC Management Standard Adoption and Governance: Led the adoption and governance of ODC Management Standards, overseeing physical access provisioning, de-provisioning, and reconciliations. New Entrant Access Restrictions: Applied restrictions on desktop, network, and communication controls for new entrants, ensuring compliance with IT Whitelist requirements. Maintained readiness for internal and external audits. Employee Awareness and Training: Led awareness sessions, phishing campaigns, created informative "Do You Know" mailers, and managed the completion and reporting of mandatory compliance trainings. IT Whitelist Audits: Conducted monthly/quarterly IT Whitelist audits on desktop, network, and communication controls, certifying compliance with business regulations for successful client and external party audits. Logical Access/Application Access Audits: Oversaw audits of logical access and application access, ensuring alignment with established controls. Exception (Privileged Access) Management: Reviewed exception management, reconciliation, and attestation for privileged access, ensuring compliance with security protocols. Floor Walks: Conducted regular floor walks to assess and enhance overall security and compliance measures. In this capacity, I have consistently demonstrated leadership in upholding the highest standards of risk management and compliance, contributing to the overall security posture and regulatory adherence for the organization and its clients.

As a vital member of the Governance, Risk, and Compliance (GRC) team, my primary focus is on leading Risk Management activities for a prominent client including performance management of 2 Senior Analysts Key responsibilities include: Leading Risk Management Process: Taking charge of the end-to-end Risk Management process for the client, aligning with their specific requirements and objectives. Facilitating Risk Discussions: Ensuring comprehensive discussions with respective leads to identify, assess, and document all relevant risks using the prescribed risk submission document. Updating and Maintaining Risk Register: Diligently managing the risk register by regularly updating it with accurate and current information, providing a dynamic overview of the risk landscape. Conducting Regular Cadence Calls: Establishing and conducting routine cadence calls with leads to communicate the status of open risks and address any overdue risks, maintaining transparency and fostering collaboration. Proactive Risk Closure: Collaborating closely with leads to ensure that all open risks are addressed and closed within the stipulated time frame, adhering to defined Turnaround Time (TAT) benchmarks. In this role, I have demonstrated effective leadership in navigating the intricacies of risk management, ensuring that all processes align seamlessly with client expectations. My commitment to timely communication, thorough risk documentation, and proactive risk mitigation has contributed to a robust risk management framework for the client.

As the Global Information Security Manager at [24]7.ai, I am entrusted with the oversight of compliance activities across three key sites in the India geographical region—Bangalore, Hyderabad, Shillong, Philippines Key responsibilities encompass: • My role involves the management and leadership of Third-Party Assessments for an Australian client monthly. This entails meticulous updating of sections related to Training and Awareness, Infrastructure, Staff, ODC Floors, CCTV, Exceptions, and Contact Centre. Ensuring the timely submission of required artifacts and responses is crucial, and any observations or findings are promptly addressed in collaboration with relevant stakeholders. I am adept at gathering necessary responses or artifacts for closure. • Conducting audits of HR files to verify attributes such as NDA, COC, Infosec, ID & Address proof, Drug test compliance, and BGC completion timelines. I regularly publish detailed reports to stakeholders, providing valuable insights into compliance status. • Leading Clean Desk Audits to ensure optimal workstation security. This involves verifying that computers at unoccupied workstations are appropriately secured, absence of papers on printers, unattended Photo ID badges/Access cards, and adherence to guidelines regarding cell phone visibility at agent workstations. • Conducting comprehensive CCTV Audits, assessing placement, recording quality, image clarity, entry and exit coverage, frisking coverage, recording, and monitoring systems. • Overseeing Physical Security Audits covering DOTL, monitoring, access control validation, access log management, frisking protocols, register management, and tracking material movement • Conducting Desktop Audits encompassing local admin access, patch updates, antivirus status, approved applications list, email domain restrictions, browser restrictions, URL testing, DLP implementation, and sensitive information handling • Efficiently managing user access reviews, ensuring the timely revocation of exit resources access, including NT ID reconciliation and physical access • Compiling and maintaining a comprehensive compliance dashboard to provide a real-time overview of compliance metrics. In this capacity, I have demonstrated a commitment to ensuring a secure and compliant environment while implementing effective strategies to address findings and enhance overall information security.