Nirmal Devendran | Freelancer Resume

Summary: - CIPM, ISO 27001:2013, ITIL certified with 12 years of experience IT SOC Audits, Managing Controls & implementation of GDPR, CCPA, APPs, ISMS, PCI, NIST, HIPAA in IT/ITES industry Work Experience: $$$$$ Designation: Senior Compliance Manager From 2018 Nov… Managing Data privacy and Information security program which related policies, processes, standards, and procedures are in line with regional Laws and industry best practices. Accountable for Organization Information Security & Data privacy Management Program, Execution of GDPR, CCPA and other countries Data privacy laws. Oversees the planning, execution, management of projects related to Data privacy compliance, control assurance, audits, information security, risk management, vendor management and infrastructure. Leading the program for development and implementation of Data Privacy strategy, policy, framework and performing PIA (Privacy Impact assessment) and ensure data security in line with regional regulations and industry best practices. Developing and strategizing data privacy and Information security notices and Training materials; conducting awareness sessions and training to employees, contractors to increase understanding of company privacy policies, data handling practices and procedures and other privacy (legal) obligations. Monitoring the measurement and review of internal Audit processes, Control testing especially those that affect the Compliance of the project deliverables. Prepare/maintain risk matrix for identifying risks and evaluating the adequacy of the risk mitigation strategies in data protection and information security process in line with region Regulation and standards. Performs Supplier/Vendor assessment on Data privacy to ensure Third party teams/applications meeting compliance standards. Identify new or improved changes in regulations, standards and prepare documentation and construct controls to ensure complaint. Owns and runs the program for Data privacy and Information Security Exception management. Bureau VERITAS From May 2018 - Oct 2018 Designation: Lead Auditor Performed 3rd party audits in various organizations with the audit plan developed on ISO 27001 :2013 standard. Conducted 2nd party audits to clients of their outsourced IT environments on Incident management, Problem management change management, Patch management, BCP/DR and Backup Process/practices. Coordinated with team members and recommended continuous improvement process on standard processes and Practices. Trained Employees of many organizations on ISO 27001:2013 and ITIL standards and conducted data privacy awareness sessions. HCL Technologies Ltd. From May 2011- May 2018 Designation: Deputy Manager Performed 1st party audits and Compliance audits in IT infrastructure projects as per ITIL process and ISO standards. Carried out process Audits to assess the Compliance index of the projects based on ISO 20000, 27001, 9001 audit frameworks & ITIL Best practices. Audited Standard Operating Procedures, Process, Tools, Practices, SLAs deliverables as agreed in Contract MSA/SOW. Acted as an IT liaison with related business areas including Corporate Audits and implementation of standard and regulatory requirements. Monitored periodic access reviews, Incident management, Problem management, Change management, Patch management, BCP /DR and Backup process. Acted on yearly security policy reviews and updates; Created and maintain all IT policy related documentation. Performed Supplier/Vendor assessment to ensure Third party teams/applications meeting Organization compliance standards. Trained New joiners project teams on Information security and data privacy awareness. Reviewed all system-related information security plans to ensure alignment between security and privacy practices. Sutherland Global Services Pvt. Ltd. From Dec 2009- May 2011 Designation: Executive- Tech support Job Profile: L1- Tech support for the Product MacAfee & Family protection enterprise Product. Maersk Services Pvt. Ltd. From Dec 2006 - May 2009 Designation: Processing officer Process: Auditing & Documentation.