Arjun Srinivass Venkataraman

Security Awareness Training -

• Lead and implemented role based training for Engineering, Finance, Sales and Executives.
• Created security awareness content and rolled out regular awareness trainings for Confluent employees using various LMS tools.
• Supported in integrating Workday Learning with custom LMS.
• Manage and oversee non compliance over security awareness.
• Responsible for promoting security culture across Confluent through various methodologies i.e. "Phishme" campaigns. security awareness games etc.

Customer Trust & Assurance - Sales Enablement -

• Engaged directly with customers, and prospects with goal of increasing win rate, while working cross-functionally with Legal, Compliance, Solutions Engineering, Marketing, Sales, and Product Strategy teams.
• Support our Sales team with security, compliance, product knowledge, objection handling in customer meetings, and security questionnaires or self-serve via Safebase Trust Portal.
• Partner across organization to ensure valuable and impactful security content is developed for Confluent customers.
• Identify, design, and implement process improvement initiatives to ensure scalability, allowing us to work smart and reduce repetitive tasks for customers and internal teams.
• Coordinate customer audits in support of customer compliance objectives.
• Scaled and automated security RFP responses via Loopio.

Third Party Risk -

• Served as internal third-party security advisor and subject matter expert.
• Developed appropriate third-party risk management guidelines, processes, and procedures documentation.
• Developed and implemented more robust third-party risk management program as part of overall risk management strategy.
• Conducted and participated in various end-to-end third-party risk management reviews.
• Acted as single point of contact for drafting and finalizing security contracts and addendums.
• Designed, built, and scaled Third-Party Risk Management tools and dashboards using Zen GRC.

Regulatory Compliance and Audits -

• Lead specific areas of SOx, ISO 27001 and PCI audits including but not limited to audit planning, overseeing execution of audit, and leading closing activities. Supervision includes assessing project status and results and overseeing timely completion, including work paper review and report preparation.
• Supported in implementing Sailpoint for User Access Recertification. Mapping of roles and permissions, SOD and integration with Okta.
• Responsible for end to end quarterly user access recertification.

Customer Trust & Assurance - Sales Enablement -

• Served as security expert to ensure that Dow Jones’s Sales and Product team is supported in pre-sales and post-sales efforts, contributing to closing new deals and driving customer retention, with deep knowledge of Dow Jones products.
• Engaged directly with customers and prospects with goal of increasing win rate, while working cross-functionally with Legal, Compliance, Solutions Engineering, Marketing, Sales, and Product Strategy teams.
• Support our Sales team with security, compliance, product knowledge, objection handling in customer meetings, and security questionnaires or self-serve via Trust Portal.
• Partner across organization to ensure valuable and impactful security content is developed for Dow Jones customers.
• Identify, design, and implement process improvement initiatives to ensure scalability, allowing us to work smart and reduce repetitive tasks for customers and internal teams.
• Coordinate customer audits in support of customer compliance objectives.
• Scaled and automated security RFP responses via RFPIO.
• Established Security statement and product white papers.
• Acted as single point of contact for drafting and finalizing security contracts and addendums.

Third Party Risk -

• Developed appropriate third-party risk management guidelines, processes, and procedures documentation.
• Conducted and participated in various end-to-end third-party risk management reviews.
• Designed, built, and scaled Third-Party Risk Management tools and dashboards using Process Unity GRC.

• Quality Risk and Compliance
• Heading and Managing Periodic Compliance Review program for business critical applications
• Review and approve Change Management plans, Validation plans and reports, Technical installation plans and reports
• Help IT service owners and business units to create risk entries pertaining to application / system risks present in environment based on system reviews performed in Risk Management System
• Provide recommendations to IT service owners on remediation plans for risks identified
• Vendor Risk Assessments
• Identify existing and new vendors, create vendor profiles and perform risk analysis using ARCHER GRC
• Perform Vendor Risk Assessment basis on ISO27001, PCI-DSS, HIPAA controls
• Vendor Risk Assessment classification based on business process and set criticality
• Vendor Administration using ARCHER GRC tool (viz
• Launch vendor risk questionnaires, risk classifications, sign off’s, automations, share point management, audit management etc)
• Provide control suggestions to comply with Regulatory frameworks / as per industry standards
• Remediation Co-ordination and ITGC

• Manage all audit observations for clients (viz
• Sox, Technology Audit, Internal Audit, SSAE16, external audit observations
• Verify identified gaps by external auditors and evidences
• Follow up with process owners and understand gaps identified and understand feasibility of implementation
• Ensure controls are implemented and re-test observations
• Perform quarterly ITGC control audits, Systems audit, Data Privacy Audit and IT Process Review (SOX)
• Understanding process and review existing controls
• Prepare process maps, map controls, prepare test rcm's, prepare test plans for tod and toe
• System controls for overcoming process implementation gap
• Review of ITGC Controls, Sox Testing (Test of Design and Efficiency), BCP/DR, Change Management, Physical Security
• Interface Control Reviews , Prepare process control report and provide recommendations
• Segregation of Duties (Oracle and SAP)
• Identify systems and processes and prepare high level process map
• Identify and review controls present in environment system configurable or external manual controls
• Analyze role definition and role assignment
• Suggest appropriate methods for remediation of role definition and role assignment conflicts
• Prepare SOD Matrix for recreated roles
• Suggested monitoring controls where exceptions were noted and recommended user access review process

• Process Review
• Understanding process and review existing controls
• Providing recommendations for overcoming implementation gap
• Compliance reviews according to Telecom Regulatory Authority of India and Department of Telecom regulations
• Functional Review
• Spearheading functional review of client’s system and checking access control
• Preparing gap analysis report and audit report
• Responsible for gap analysis and data analysis
• Managing application security, password, user management security, interface control and application specific controls
• Documentation Review
• Preparation of Standard Operating procedure for IT Processes
• Reviewing existing processes and controls
• Provide new processes and controls according to industry best standards and frameworks for betterment of organization