Summary
Overview
Work History
Education
Skills
Timeline
Generic

Parin Gandhi

Austin,TX

Summary

Information security professional with six years of progressive experience in the cybersecurity industry. Demonstrated skill in identifying business risks and compliance issues and designing proactive solutions. Proficient in documents and policy writing with a background in designing and implementing layered network security approaches. Hands-on experience in third-party risk management, risk assessment, and technical problem-solving. Experienced in various compliances and regulations, as well as FEDRAMP processes. Conceptual thinker with the ability to work independently and as a team member to successfully achieve project goals and objectives. Proficient in Cloud security, identity, and access management, monitoring and event management, governance and compliance, application delivery, data protection, image and patch management, self-service, and ops analytics in AWS platform.

Overview

5
5
years of professional experience

Work History

Security & Privacy Compliance Analyst/GRC Consultant

Sumo Logic
03.2023 - Current
  • Review, manage and update company Policies, Procedures and Controls implementation to ensure Laws and Regulation are respected.
  • Work in collaboration with Stakeholders to create new Policies that meet Company requirements.
  • Create monitor and submit policies exceptions for closure for activities that occurred and are against Company 's procedures.
  • Assist in internal and external Audits activities, by acting as a Liaison, preparing meetings, gathering documentation and evidences and assisting during controls review.
  • Work on findings identified by Auditors in Audits reports such as SOC1, 2 .
  • Partake in Company Business continuity and running Tabletop exercises for IRP, CP and DR plan.
  • Conduct Cyber-training programs for new and existing employees, and conducting campaigns such as Phishing on a quarterly basic.
  • Prepare Company for yearly ISO 27001 Compliance Certification
  • Provide monthly reporting to Upper Management in regards to environment cyber posture.
  • Develop corrective action plans for vulnerabilities identified, and work with SMEs to develop remediation plans.

Security Analyst

Sysdig
01.2022 - 02.2023
  • Provided oversight and reporting of third party by utilizing data and facts during evaluation process to satisfy regulatory
    Utilize vendor management system to document risk ratings on all vendors
  • Assessed inherent risk on vendors during Relationship review to ensure proper tier of Vendors
  • Collaborated with vendor's relationship owner to ensure information are corrected and valid in GRC Archer.
  • Conducted performance management with Business Unit to prevent services disruption or interruption
  • Conducted Security Assessment of all engaged Vendors by sending SIGs questionnaires to third Parties with security documentation request.
  • Stratified third parties based on risk to organization and
    performed SaaS assessments for all software vendors.
  • Actively managed all assessment deadlines by coordinating execution with both external third party and internal business partners.
  • Coordinated with external vendors to enhance and operate third party risk management program.
  • Responded to assessment and audit requests from clients.
  • Coordinated and managed internal and external assessment requests.
  • Reviewed information security requirements for both new and existing contractual agreements with outside parties
  • Reviewed contractual agreements with new, current, and prospective clients.
  • Updated and reviewed Information Security policies and procedures
    Review and enhance Technology and Security systems, processes, and tools to identify, track, and reduce risk within firm.
  • Prepared Reports and documentation process.
  • Reviewed controls population in SOC 2 type 2 and ensure CUECs are
    implemented.
  • Uncovered risks and document controls in line with our risk appetite
  • Documented findings and recommend risk mitigation plans for risks and controls.
  • Managed timely completion of information requests for third party
    products/services.
  • Led or contribute to strategic projects to enhance overall effectiveness of program.

Cybersecurity Analyst

Sumo Logic Inc
01.2019 - 12.2021
  • Designed company-wide policies to bring operations in line with Center for Internet Security (CIS) standards.
  • Developed and maintained incident response protocols to mitigate damage and liability during security breaches.
  • Reviewed violations of computer security procedures and developed mitigation plans.
  • Monitored computer virus reports to determine when to update virus protection systems.
  • Supported various systems on-prem and Cloud using NIST 800-37 and FEDRAMP compliance.
  • Created A&A documentation such as SSP, SORN, PTA FIPS 199 as part of Risk Management Framework.
  • Developed POA&Ms and ensure Milestones are met.
  • Conducted Categorization, Control Selection and Implementation prior to Assessment.
  • Prepared systems for Assessment and Authorization process.
  • Conducted continuous monitoring and ensure that change, configuration, risk and vulnerability management using NIST 800-137 as guide.
  • Scheduled, ran and collected scans results and ensured that POA&Ms are created.
  • Created and updated Systems wide Policies and Procedures.

Education

Master of Science - Telecommunication & Network Engineer

Southern Methodist University
Dallas, TX
12.2018

Bachelor of Science - Electronics & Telecommunication

Mumbai University
India
08.2015

Skills

  • IT SKILL_______________________________________________________
  • CISA Certified
  • CEH Certified
  • Security CompTIA
  • AWS Certified
  • Attention to detail
  • Designing security controls
  • Verbal and written communication
  • Teamwork
  • Vendor Risk/ Third-Party Security Risk Management
  • ISO 27001/27002 / PCI DSS / HIPAA/CCPA /GDPR / NIST /FISMA /FIPS /HITRUST/ITIL/COBIT
  • FEDRAMP COMPLIANCE
  • Scout tool/ Zen GRC/ Know before/ Bit-sight/ Archer
  • Good listening skills
  • Time management
  • Multitasker
  • Project completion
  • Analytical skills
  • POA&M] Plan of Action and Milestones
  • NIST 800-37, NIST 800-60, FIPS 199, NIST 800-53, NIST 800-53A, NIST 800-18, NIST 800 30r1, NIST 800-139, NIST 800-137
  • Policy and Control Analysis
  • AWS
  • Microsoft Offic 365

Timeline

Security & Privacy Compliance Analyst/GRC Consultant

Sumo Logic
03.2023 - Current

Security Analyst

Sysdig
01.2022 - 02.2023

Cybersecurity Analyst

Sumo Logic Inc
01.2019 - 12.2021

Master of Science - Telecommunication & Network Engineer

Southern Methodist University

Bachelor of Science - Electronics & Telecommunication

Mumbai University

Similar Profiles

  • Rahul Choudhary

    Rahul ChoudharyRahul Choudhary

    Head - Technical Success Engineering APJ/EMEA at Sumo LogicHead - Technical Success Engineering APJ/EMEA at Sumo Logic

  • Neema Negi

    Neema NegiNeema Negi

    Sr. Sales Research and Operations Specialist at Sumo LogicSr. Sales Research and Operations Specialist at Sumo Logic

  • SEONG MIN (SM) CHO

    SEONG MIN (SM) CHOSEONG MIN (SM) CHO

    Senior Financial Analyst II - GTM Finance at Sumo Logic, Inc.Senior Financial Analyst II - GTM Finance at Sumo Logic, Inc.

  • Nicolas Lozano

    Nicolas LozanoNicolas Lozano

    Account Development Representative - Expansion at Sumo LogicAccount Development Representative - Expansion at Sumo Logic

  • Sadia Ahmed

    Sadia AhmedSadia Ahmed

    Teacher at Green Flag Public SchoolTeacher at Green Flag Public School

CREATE PROFILE
Parin Gandhi