Mamta Sakuja
Olivehurst,CA
Summary
Security compliance GRC leader with over 20 years of diverse information security background. Deep and wide-ranging expertise in developing and implementing strategies for regulatory frameworks HITRUST, ISO 27001/ ISO 27002, PCI DSS, HIPAA, NIST CSF, CIS V8, CCM to name a few. Demonstrated expertise in developing new business proposals by identifying gaps in current security program, areas of improvement, and future technology needs. Collaborate closely with internal teams to identify the potential gaps and remediation prior to onboarding to compliance roadmap. Act as a practice leader by fostering people development through motivation, diverse perspectives utilization, coaching team members, and encouraging innovation. Results-driven with deep expertise in OCI & AWS as a baseline infrastructure for business entities providing application service offerings across multiple industries.
Knowledgeable Governance leader with solid background in leading analytical projects and driving process improvements. Successfully spearheaded multiple high-impact initiatives that enhanced operational efficiency and informed strategic decision-making. Demonstrated proficiency in data analysis and project management, consistently delivering actionable insights and fostering team collaboration. Experienced with data analysis and driving strategic improvements. Utilizes advanced analytical techniques to uncover insights that support business decisions and enhance operational efficiency. Strong understanding of project management principles and effective team collaboration to achieve organizational goals.
Overview
22
22
years of professional experience
1
1
Certification
Work History
Lead Analyst Governance, Risk & Compliance
Oracle Health
04.2021 - Current
- Leading HITRUST assessment & certification efforts for contractual scope with key responsibilities managing core HITRUST team. Extensive working on Archer environment for Audit repositories & engagement end to end process workflow
- Lead & manage Oracle Health Common Controls Framework from scoping to deployment to runbook for maintenance. Key objective being to streamline security and compliance processes by adopting a set of unified common controls, rationalizing existing frameworks, and establishing a consolidated audit and compliance framework, thereby improving efficiency, reducing risk, and enhancing overall security with inclusion of 20+ authoritative sources
- Critical success factors include Consolidated Control Framework and Compliance Monitoring, Effective Cybersecurity Measures and Incident Response and Comprehensive Audit Preparation and Participation
- Lead activities to develop & maintain audit program ( Site pre-assessment, gap analysis, level1 & level2 audits, preparation of audit interviews, audit reports,, document and share with management on CAPs, controls effectiveness and ongoing control audits.
- Assist in the identification, analysis, and assessment of IT risk scenarios in order to protect the confidentiality, integrity and availability of Motorola Solutions and customer systems and data
- Develop reporting capabilities to communicate the results of risk management program activities including product risk questionnaires and vendor risk assessments.
Senior Manager – Technology Cyber Risk, Security & Governance
Techdemocracy LLC
Atlanta, USA
12.2018 - 03.2021
- Leading & managing effort for HITRUST certification for one of the electronic medical record solutions
- Key responsibilities include Monitor security landscape by identifying security gaps, recommending mitigations, and evaluating mitigation strategies based on current security threats and technologies
- Migration of current on-prem solution to AWS environment to be duly compliant with HITRUST as per contractual commitments Extensive experience and understanding on how compliance fits into more modern AWS landscape
- Determine security requirements by evaluating business strategies and requirements, researching information security standards, and applying applicable data protection regulations
- Extensive support for SOX controls for Telecom client based out of Seattle.
- Monitor compliance with and develop or maintain security policies to ensure compliance with all applicable regulatory statutes, industry best practices and corporate business strategies
IT GRC Professional
Global Payments
Atlanta, USA
04.2018 - 10.2018
- Work with Global Payments stakeholders to identify PCI DSS controls that should be implemented based on the technology and selected cloud services (e.g., PaaS, IaaS, or SaaS)
- This includes gathering information about the in-scope application(s) or technology operating in the cloud provider’s environment
- Leverage existing test plan documentation to assist with formally defining the artifacts each control owner must provide to the Compliance team throughout the fiscal year which includes efforts to ensure business as usual (BAU) practices are resulting in ongoing PCI DSS compliance, as well as specific artifacts required to substantiate PCI DSS compliance during the annual recertification process executed by an external PCI Qualified Security Assessor (QSA)
- Collection & Analysis of compliance artifacts to ensure applicable development of metrics and status dashboard for executive management
- Participation in security projects and program development
- Paid attention to detail while completing assignments.
- Excellent communication skills, both verbal and written.
Lead- Managed Security Services- Email Security & Enterprise Mobility
Computer Sciences Corporation (DXC Technology)
India
06.2004 - 03.2018
- Worked on presales solutions development for email security & mobile security practice.
- Obtaining and collating information around information security risks and remedial action using risk mitigation plans
- Maintaining on-going visibility of initiatives and prioritize information security risk
- Documentation of processes, performing risk reviews and monitoring metrics to ensure compliance with the risk framework.
- Consulting for Email Security practice in infrastructure projects
- Coached and mentored 40+ new staff members, including conducting performance reviews
- Successfully managed & delivered Email Security Projects for various customers across North America & Europe region
Education
Bachelor's Degree - Delhi
Applied Electronics
Delhi, IndiaPost Graduate Diploma - Delhi
Global Business Management
Delhi, IndiaSkills
- Data governance
- Project Management
- RSA Archer
- Stakeholder Engagement
- Product based Risk Assessments
- AI risk assessments
- Vendor risk assessments
- Mentoring
- Problem-solving aptitude
- Professional demeanor
- Adaptability
- Strategic planning
- Interpersonal communication
- Analytical thinking
- Team collaboration
Certification
- CCSFP (HITRUST) – Certified HITRUST CSF Practitioner
- CDPSE: Certified Data Privacy Solutions Engineer ID:995554
- CISSP: Certified Information Systems Security Professional ID:504090
- CISM: Certified Information Security Manager ID:995554
- PMP: Project Management Professional ID:1020834
Timeline
Lead Analyst Governance, Risk & Compliance
Oracle Health
04.2021 - Current
Senior Manager – Technology Cyber Risk, Security & Governance
Techdemocracy LLC
12.2018 - 03.2021
IT GRC Professional
Global Payments
04.2018 - 10.2018
Lead- Managed Security Services- Email Security & Enterprise Mobility
Computer Sciences Corporation (DXC Technology)
06.2004 - 03.2018
Post Graduate Diploma - Delhi
Global Business Management
Bachelor's Degree - Delhi
Applied Electronics
Websites, Portfolios, Profiles
https://www.linkedin.com/in/mamta-m-16ab287/