SAI RAJ PINNAPUREDDY
Dallas,Texas
Summary
Governance, Risk, and Compliance (GRC) Analyst with extensive experience in conducting enterprise risk assessments, compliance audits, and policy governance in both cloud and on-premises environments. Proficient in utilizing ServiceNow GRC to manage control libraries, assess risks, track remediation efforts, and ensure audit readiness while aligning security controls with industry standards such as NIST 800-53, NIST CSF, ISO 27001, HIPAA, GDPR, SOC 2, and PCI-DSS. Demonstrated expertise in leading change management processes within DevSecOps pipelines to maintain secure and compliant CI/CD practices, along with executing thorough third-party/vendor risk assessments to evaluate supplier security postures. Strong collaborator with cross-functional teams—including security, legal, audit, and engineering—focused on driving regulatory compliance initiatives and enhancing continuous monitoring efforts.
Overview
9
9
years of professional experience
1
1
Certification
Work History
SR. Security Consultant
CITI
10.2024 - Current
- Performed enterprise risk assessments and maintained risk registers to track and document security risks across business units, using ServiceNow GRC for workflow automation, reporting, and risk scoring.
- Conducted third-party risk assessments, evaluating vendor security practices, reviewing SOC 2 reports, issuing risk questionnaires, and managing the Third-Party Risk Management (TPRM) lifecycle.
- Developed and maintained information security policies, standards, and procedures aligned with NIST 800-53, ISO 27001, HIPAA, GDPR, SOC 2, PCI-DSS, and CMMC to ensure organizational compliance.
- Supported internal and external audit readiness, including gathering control evidence, managing POA&Ms, performing control testing, and assisting in the remediation of audit findings.
- Led governance activities across DevSecOps teams by integrating change management processes into SDLC pipelines and participating in Change Advisory Boards (CAB) to ensure secure deployment practices.
- Provided compliance oversight for cloud platforms (AWS, Azure, GCP), reviewing IAM configurations, encryption practices, and CSPM alerts to ensure adherence to cloud security baselines.
- Monitored and enforced security and privacy controls for PII, PHI, and other regulated data, aligning with DLP policies, data classification, and data retention standards.
- Delivered continuous monitoring and compliance reporting via dashboards and KPIs in ServiceNow GRC, enabling executive visibility into enterprise risk and control performance.
- Conducted incident response documentation reviews and participated in tabletop exercises to ensure policy alignment and readiness.
- Collaborated with cross-functional stakeholders including legal, audit, security operations, and engineering to ensure enterprise-wide security compliance and risk mitigation strategies.
- Developed and enforced GRC policies integrating AI ethics, data privacy, and security standards, conducting regular audits to maintain adherence to ISO best practices in adherence with ISO 42001.
Network Security Engineer
Elsoft Technologies
04.2020 - 01.2023
- Planned, designed, implemented, and supported secure LAN, WAN, wireless, data center, and palo alto firewall infrastructure across enterprise environments.
- Authored and reviewed technical documents including Requests for Change (RFCs), Technical Design Reviews (TDRs), and Low-Level Designs (LLDs) for LAN/WAN implementations.
- Conducted passive wireless site surveys using specialized tools to assess and ensure optimal coverage and performance.
- Provided advanced troubleshooting and configuration for complex enterprise networks, including routing protocols such as BGP, MPLS, OSPF, and EIGRP across core and distribution layers, utilizing Cisco 7200, 6509, and 3750 routers/switches.
- Led end-of-support (EOS) hardware refresh initiatives by replacing legacy switches (e.g., Cisco 6500 with 6500E and 4507, and 3550 with 3750X and 3850).
- Standardized and migrated data and WAN networks to align with industry and organizational best practices.
- Participated in LAN integration and migration projects, including CATOS to Native IOS conversions and hardware upgrades across LAN and wireless infrastructures.
- Provided technical oversight and hands-on support for WAN and LAN deployments, ensuring secure, stable, and scalable implementations.
- Reviewed Statements of Work (SOWs) and Bills of Materials (BOMs) for network infrastructure rollouts, ensuring alignment with project requirements and design standards.
Security Analyst
Elsoft Technologies
01.2017 - 03.2020
- Conducted continuous security event analysis using Splunk and Microsoft Sentinel SIEM, correlating data with threat intelligence to identify and escalate suspicious activities.
- Created and optimized correlation rules, dashboards, and reports, improving threat detection capabilities and reducing false positive alerts by 20%.
- Collaborated with teams to address vulnerabilities and enhance security posture, contributing to the resolution of 50+ high-priority vulnerabilities.
- Implemented and managed SAST tools like SonarQube to identify vulnerabilities during code development, ensuring secure code practices within CI/CD pipelines.
- Collaborated with cross-functional teams to enforce data security policies, utilizing Jira for task management and Confluence for documentation to streamline workflows.
- Monitored and analyzed threat feeds with Recorded Future and ThreatConnect, generating detailed reports on emerging threats.
- Designed and implemented cloud data security protocols using AWS Macie and Azure Information Protection to enhance data encryption, discovery, labeling, and recovery.
- Led DLP and insider threat management initiatives, deploying controls with Microsoft Defender for Endpoint and Forcepoint DLP to prevent unauthorized access.
- Conducted comprehensive risk assessments to identify and evaluate potential security threats, vulnerabilities, and impacts, providing actionable recommendations that mitigated risks and enhanced overall security posture.
Education
Master of Science (M.S.) - Computer Information Science
Southern Arkansas University
08.2024
Skills
- ServiceNow GRC expertise
- Enterprise risk assessment
- Compliance Frameworks: NIST 800-53, NIST CSF, ISO 27001, ISO 42001, HIPAA, GDPR, PCI-DSS, SOC 2, CMMC, COBIT
- Policy & Governance: Security Policy Development, SOPs, Governance Documentation, Acceptable Use Policies
- Secure CI/CD policy management
- Internal and external audit assistance
- CSPM policy implementation
- Experience with Change Advisory Board
- Vendor risk assessment and compliance
- Incident response management
- Development of ATO packages and SSPs
- Data privacy governance
- GRC metrics reporting
- SIEM management
- Security awareness training
- Access control
- Compliance management
Certification
- CISSP Certified Information Systems security professional, 2025
- CISM Certified Information security Manager, 2024
- CompTIA Network+
- AWS Solutions Architect
Timeline
SR. Security Consultant
CITI
10.2024 - Current
Network Security Engineer
Elsoft Technologies
04.2020 - 01.2023
Security Analyst
Elsoft Technologies
01.2017 - 03.2020
Master of Science (M.S.) - Computer Information Science
Southern Arkansas University
Similar Profiles
Rebecca FormaRebecca Forma
Mortgage Loan Processor at CitiMortgage Loan Processor at Citi
Mahima BhandariMahima Bhandari
Assistant Vice President - Product Manager at CitiAssistant Vice President - Product Manager at Citi
Steven McAreeSteven McAree
Data Quality Manager at CitiData Quality Manager at Citi
Daniela WongDaniela Wong
Executive Assistant to the Managing Director at CitiExecutive Assistant to the Managing Director at Citi
Nicosha JohnsonNicosha Johnson
Case Manager at The Stewpot-FPCCase Manager at The Stewpot-FPC