Jaya.

BK
Operational Lead/GRC Security Delivery specialist/
Information security Advisory Compliance /Audit/ Regulatory
Mobile:8885617912
Email:-Jayakandala.b@gmail.com

Kyndryl Information Security Advisory for

Employer
▪ Kyndryl Private Ltd (Previously IBM GTS)
Professional Summary
▪ Over 12 years of IT experience focusing on security,
auditing, compliance reviews, and risk Management.
▪ Currently working as Information Security Advisor for
Financial Sector.
Education
B. Tech in Electronics and Communication
Engineering-JNTUH -2010
Certification and Training
▪ ISO 27001 Lead auditor-IGC Certified
▪ CEH V9 Certified
▪ Certified Information Systems Auditor (CISA)
(Certified)
▪ Qualys Certified Specialist on Vulnerability
management
▪ IBM Certified Agile Explorer, Cognitive Practitioner
▪ Trained on C, C++ and .net from CMC (a subsidiary of
Tata Consultancy Services.)
▪ ITIL v3 Foundation Trained & Certified from Genpact.
Financial sector accounts mainly providing
IT Governance of Risk & compliance (GRC).
My role is a subject matter expert qualified
to perform multiple roles related to the
delivery of security & Risk management
services to a client. Responsibilities may
include leading the development and
implementation of policies and practices,
security programs, multi-functional teams,
and/or project plan delivery. Their sphere
of responsibility may range from a single
client account to multiple clients. They
provide subject matter expertise in specific
areas such as logical and physical access
management, information security,
incident management, issue and risk
management, audit readiness and
compliance. Management Self-Assessment
of Control (MSAC) is a formal and
comprehensive approach to the on-going
review and assessment of internal controls
that are in place to achieve business
objectives and guard against inherent risks.

Professional Summary
COMPANY DESIGNATION /ROLE PERFORMED YEAR
KYNDRYL PVT LTD Lead, Security Sep 2021-Till Date

IBM INDIA PTV LT Security Delivery Specialist April 2016 to Sep 2021

Genpact Security Administrator Aug2011-March2016

 Information Security Advisor: -State Street Corp (SSC) Sep2021 to Till Date

Services Performed Professionals with this Role demonstrate my capability to perform general
Operational /RMS/GRC skills and ensure risk and security compliance guidelines are
met. organizational/Clients the Three Lines of Defense Model issued by the
Institute of Internal Auditors, has been adapted for use by Kyndryl as a simple and
effective way to enhance communications on risk management and control by
clarifying essential roles and responsibilities.
Worked on a Framework of Internal Control that is enterprise wide and have a
pervasive effect toward the achievement of Kyndryl operating, reporting, and
compliance objectives while guarding against inherent risks.
Key Controls & Testing A key control is a specific activity or set of activities that is
executed to mitigate a significant risk and accomplish the objectives.
the related process. Compliance testing serves to validate that a control is working
effectively as designed.
Policy Management and Technical specification along with Operational
implementation
Ensure all Security Control Elements are reviewed annually and is reissued when
revisions are necessary and approved ISO/CIS. Technical Specifications are reviewed
annually. Getting all proposed revisions document reviewed and approved by the
customer CIS Team with client sign off.
Ensure audit readiness internally and externally GTO ,FLOD,SOX 404,
AUP,SAAE 18, Security process testing , Corp Audit,
As part of my role implemented ISO/IEC 27002:2013 Code of
practice for information security management, as a framework for
providing information security.

Policy Compliance & Auditing: State Street Corp (SSC) April2016-Sep2021

Services Performed Driving the IT Governance in order to address the Gaps and Improvements relevant
to organization growth. Conducting periodic compliance checks on both the Intel and
Unix servers across the State Street Environment through automated tool IBM Big Fix
(Formerly TEM)Configuring the Fixlets in BigFix as per the agreed value in the
technical specifications and performing the automated scans.Validating the
automated scan results and segregating the false positives and customer approved
exceptions from the valid deviations and working with the respective platform teams
to mitigate the deviations. Documenting the valid deviations found and raising Non-
Compliance Issue on respective teams and documenting the mitigation plans by
continuous follow-ups with the teams. Working closely with the client in technical
specification reviews, Exception letter extensions. Working with the deployment
teams to deploy BigFix agents on Intel and Unix servers and tracking the status by
weekly calls and updating the status to the account team. Periodic reviews and
improvements on SOA, policies, and their relevant operational documents.
Conducting Internal ISO 27001 Audits and Handling External Audits for the
Organizations/Conducting audit readiness programs within the team.
 Security Engineer: General Electric (GE) Aug’12-March’16

Services Performed
Maintaining the secure environment across GE for nearly 400,000 endpoints using
McAfee Endpoint Encryption Manager. Presenting the best practices to client Involved in
ITIL ticketing system for Incident, change and upgrade management.
Attended weekly Steering committee calls and updated the Compliance status.
Developed a Standard operating procedures and detailed process maps for support
related activities Handled Incident Management like McAfee Endpoint Encryption client
encryption issues, adding users to related machines, Creating Firewall rules with proper
business justification. Troubleshooting McAfee On-Access and Firewall related issues.
Involved in McAfee Endpoint Encryption Manager Server maintenance, generating
reports and Server Health check monitoring.

IAM Engineer: General Electric (GE) Aug’11-Aug’12

Services Performed
Account ID creation/Modification/Deletions using various applications. (IDM, Mainframe
sessions). Windows and NT account administration. Implementation of a VPN to enable
users to securely work remotely. Creating, granting, and revoking different kinds of
access per business requirement. Creation, Modification & Deletion of accounts in
Blackberry Enterprise Server. Responsible for creating mailboxes and shared mailboxes,
managing mailbox sizes. Managing & responsible for the publishing of the team statistics
and communicating it with the team.Taking care of escalated issues and providing Level
2 support for required user administration.

Key accomplishment

 Received Rock Star Award from the client in 2022

 Received client recognition Award for the contribution towards audit and clearing the audit with
with SAT “ZERO” defects in 2021.
 Received R&R award 5 times from Genpact Management for the exemplary & consistent
performance.
 Received “Ignited Mind” award from Genpact in Jan’16
 Received numerous Manager’s Choice awards from IBM Management

Personal Details
Marital Status : Married
Languages Known : Telugu, Hindi, English.

Declaration
I hereby declare that all details furnished above are true to the best of my knowledge.

Place: Hyderabad Jaya. BK