AI-based Access Review Automation for Compliance uses machine learning to automate user access reviews, ensuring alignment with regulatory frameworks like SOC 2, SOX, ISO 27001, and NIST The system identifies risky access patterns and flags anomalies, prioritizing reviews for high-risk users This automation improves efficiency, reduces human error, and ensures continuous compliance with security standards
Sai Sumana Singaraju | CISSP | CISM
Los Angeles,CA
Summary
Cybersecurity & GRC Expert with 9+ years of experience in ISO 27001, NIST CSF, SOC 2, GDPR, PCI-DSS, and SOX compliance. Skilled in GRC program management, data masking, risk registers, incident response, and audit/risk issue tracking. Strong communicator, led security awareness programs and cross-functional collaboration to drive business-aligned security.
Overview
11
11
years of professional experience
1
1
Certification
Work History
Sr Information Security Consultant
VioletX LLC
03.2024 - 06.2025
- Ensured adherence to regulatory requirements (e.g.,SOC 2, GDPR) by designing and implementing security controls and compliance strategies.
- Performed gap analysis against IT policies, procedures, and security standards, offering strategic security recommendations.
- Implemented ISO 27001 and NIST cybersecurity frameworks, driving enhancements to Information Security policies and procedures.
- Designed and deployed security awareness programs, including phishing simulations, risk scoring, surveys, and training to mitigate cybersecurity threats.
- Collaborated with IT teams to ensure timely remediation of identified vulnerabilities and security risks
- Conducted comprehensive IT systems assessments to identify security risks, vulnerabilities, and areas for improvement.
Cyber Security Analyst
New York Life Insurance
05.2023 - 08.2023
- Onboarded applications into SailPoint IdentityIQ, ensuring seamless integration for user provisioning, de-provisioning, and access governance.
- Configured connectors, workflows, and rules in SailPoint to automate user lifecycle management and maintain least privilege access.
- Performed access certifications and compliance reviews within SailPoint to ensure adherence to security policies and regulatory requirements.
Sr. Information Security Analyst
Informatica Business Solutions
06.2021 - 07.2022
- Assisted with the implementation and monitoring of internal security controls, including Access Reviews, Privileged Activity Reviews, and Segregation of Duties.
- Deployed and maintained security tools such as SIEM, endpoint protection, and vulnerability scanners to safeguard IT systems.
- Contributed to creating and delivering security awareness programs to promote security-conscious behavior organization-wide.
- Strong understanding of cloud security concepts and platforms, including but not limited to AWS and Azure
- Proficient in securing systems and networks, including firewalls, endpoint protection, and intrusion detection/prevention systems.
Information Security Specialist
Novartis Health Care India Pvt Ltd
03.2019 - 06.2021
- Implemented and tested security controls to assess effectiveness and strengthen organizational security posture.
- Conducted SaaS Security Audits to evaluate Third Party vendor applications
- Utilized ServiceNow IRM (Integrated Risk Management) module to streamline risk tracking and reporting.
- Supported internal and external audits by providing necessary documentation and demonstrating adherence to security protocols.
Information Security Analyst I
Bank of Montreal
11.2014 - 03.2019
- Planned and executed internal audits across IT, security, and business processes to evaluate compliance with SOX, NIST, ISO 27001, and organizational policies.
- Led SOC 1/SOC 2 readiness audits, ensuring controls met trust services criteria (Security, Availability, Confidentiality).
- Partnered with IT, security, and legal teams to assess new systems/vendors for compliance risks prior to implementation.
- Presented audit results to senior management and boards, translating technical risks into business impacts.
Education
Master of Science - Cyber Security
Georgia Institute of Technology
12.2023
Technology
SASTRA University
05.2014
Skills
- Strategic leadership
- Problem Solving
- Collaboration
- Multi Tasking
- Compliance auditing
- Access control
- Cybersecurity frameworks
Certification
- CISSP - Certified Information System Security Professional
Interests
Timeline
Sr Information Security Consultant
VioletX LLC
03.2024 - 06.2025
Cyber Security Analyst
New York Life Insurance
05.2023 - 08.2023
Sr. Information Security Analyst
Informatica Business Solutions
06.2021 - 07.2022
Information Security Specialist
Novartis Health Care India Pvt Ltd
03.2019 - 06.2021
Information Security Analyst I
Bank of Montreal
11.2014 - 03.2019
Technology
SASTRA University
Master of Science - Cyber Security
Georgia Institute of Technology
Similar Profiles
Ashley Bird EspitallierAshley Bird Espitallier
GTM Leader - Venture Scale at VioletXGTM Leader - Venture Scale at VioletX
Kevin PenteltonKevin Pentelton
Delivery Driver/Dispatch Supervisor at Upstate Fulfillment LLC./UB Logistics LLC.Delivery Driver/Dispatch Supervisor at Upstate Fulfillment LLC./UB Logistics LLC.
Emma LuvianoEmma Luviano
Billing Manager at KDT LLC & KIDS DC, LLCBilling Manager at KDT LLC & KIDS DC, LLC
Steve SobelSteve Sobel
VP OF CREATIVE DEVELOPMENT/Lead Copywriter at Critical Content/SK Global GroupVP OF CREATIVE DEVELOPMENT/Lead Copywriter at Critical Content/SK Global Group
IRIS LOPEZIRIS LOPEZ
Senior Improvement Coach at CORE DistrictsSenior Improvement Coach at CORE Districts