Pradeep Reddy Sama

healthcare, insurance, and banking sectors. This included assessing client IT controls, identifying tech risks, and offering remediation recommendations. I documented audit findings meticulously, utilizing tools like e-Audit and excel macros for efficiency and accuracy. Furthermore, I led audit teams, ensuring timely delivery and seamless coordination with stakeholders. I fostered effective communication and collaboration among team members to achieve project objectives and deliverables.

As an Information Security Assurance Analyst at Synchrony, I oversaw security gap assessments and GRC projects aligned with NIST 800-53 standards. My focus was on managing and minimizing security risks associated with confidential information across transmission, processing, and storage processes. Additionally, I facilitated streamlined customer RFP response times by establishing a centralized repository and conducted security policy and third-party security reviews to ensure compliance and mitigate risks. Furthermore, I enforced user compliance over USB access through removable media exception reconciliations and facilitated governance sign-offs for access recertification. Additionally, I initiated educational programs at the team level to enhance security awareness and improve the organization's overall cybersecurity posture.

During my tenure as an IT Risk and Security Analyst at GE Appliances, I administered vendor risk assessments from procurement to yearly reviews. I refined risk treatment programs, ensured regulatory compliance, and communicated noncompliance issues internally and externally. Reporting to the Director of Cyber Risk, I managed performance metrics, conducted vendor performance audits, and implemented process automation using OneTrust VRM. Additionally, I served as a Systems Administrator for the BitSight platform, overseeing internal and vendor security ratings.

As a Senior Security Risk Analyst in Risk Management at Ivanti, I played a crucial role in developing and overseeing a scalable third-party security risk management policy, considering various factors like business context, industry standards, and regulatory requirements. My responsibilities included defining security requirements and contractual obligations for suppliers, conducting thorough assessments of supplier security risks, and advising on control measures. Additionally, I managed supplier onboarding and assurance reviews, tracked risks, responded to security questionnaires, and supported the incident response team during security incidents. I also Pradeep Reddy Sama, CTPRA - page 1 coordinated compliance programs like SOC 2, ISO 27001, and FedRAMP, and conducted regular reviews of security policies and procedures to ensure alignment with industry standards