Archana Srinivas murthy_ar@outlook.

com • 919886128538

Risk & Compliance Management

Seasoned professional with substantial experience in enterprise risk management, cybersecurity, operational risk, and IT audit
across financial services, technology, and consulting sectors. Proven expertise in designing and leading risk and control
programs, including RCSA, third-party cyber risk, vulnerability management, and control testing. Adept at orchestrating
communication between Line of Business and Second Line functions to bolster cyber governance and maintain robust regulatory
compliance across diverse frameworks. Demonstrated success in leading cross-functional risk initiatives, conducting complex
risk assessments across hybrid/cloud environments, and managing remediation for high-impact findings. Known for strong
stakeholder management, effective communication, and a collaborative leadership style, including managing diverse teams
across regions.

Areas of Expertise
• Enterprise Risk Management • Regulatory Compliance • Security Incident & Event Management
• Operational Risk & Controls • Control Design & Testing • Application & Infrastructure Security
• Risk and Control Self-Assessment • Vulnerability Management • IT Audit
• Third-Party Cyber Risk • Issue Cycle Management • Business Control Management
Management

Professional Experience
Wells Fargo International Solutions Private Limited 2023 – Present
Lead Control Management Officer
Strengthen cybersecurity posture by designing, implementing, and validating risk and compliance controls for the first line of
business. Align with the second line to support cyber governance activities, promoting transparency and timely risk escalation.
Orchestrate RCSA readiness assessments, facilitate workshops, and execute post-activity follow-ups across multiple cyber
domains. Advise business stakeholders in identifying issues and driving corrective actions to closure. Analyze control design
and operating effectiveness, applying Fishbone methodology to uncover root causes and support the issue lifecycle.
• Designed, implemented, and tested over 50 robust cybersecurity controls for First Line of Defense business units,
directly improving the organization's risk posture and compliance outcomes, resulting in a 5% reduction in audit
findings year-over-year.
• Partnered with second line and third line teams as primary lead to support platform-level risk and control activities
across information security, cyber defense, vendor management, regulatory compliance, and control validation.
• Served as the lead consultant for high-risk cybersecurity projects, providing expert guidance on risk mitigation and
regulatory compliance to ensure successful project delivery.
• Assessed 100+ cyber controls and tested 20+ controls end-to-end; led closure of 4 corrective actions via design and
performance testing.
• Validated 10+ cyber applications for data center migration and served as primary facilitator for a full RCSA cycle.
Supported cyber initiatives by delivering risk and compliance expertise on medium to high-risk projects.
• Managed the implementation and monitoring of centralized, risk-based technology control programs to identify and
mitigate operational risks across people, processes, and systems.

Kyndryl Solutions Private Limited 2018 – 2023

Security Consultant
Supervised a geographically dispersed team (US/EMEA/APAC), providing coaching, guidance, direction on complex
assessments, managing hiring/training, and serving as the technical focal point for TPRM queries from business units and
procurement. Executed qualitative analysis to prioritize risk mitigation efforts, track technology risk reduction progress, and
spotlight high residual risk areas across the supplier portfolio. Reviewed remediation plans and risk acceptances for non-
compliant technologies, delivering regular reporting on risk scores and assessment metrics to support transparency. Maintained
internal IT security and compliance controls; conducted gap analyses and drove remediation aligned with regulatory standards.

Page 1 | 3
 • Directed the global Supplier Security Risk Management (SSRM) Programme for Kyndryl/IBM's CISO Office, covering in-
scope vendors across 66 countries and ensuring end-to-end cyber risk oversight.
• Engineered SSRM controls for supplier categories (Cloud, On-Prem, Services) using Process Unity, OneTrust, and
custom-built control questionnaires aligned with frameworks such as NIST 800-53, SSAE 16 - SOC 1 & SOC 2, CAIQ, SIG,
and ISO 27001, including process playbooks, escalation paths, remediation flows, and reporting mechanisms.
• Conducted 100+ third-party supplier cyber risk assessments across critical, high, and medium levels and industry
verticals, including SOC 2 Type 2 audits, re-validations, and served as audit liaison for internal/external stakeholders.
• Facilitated onboarding of suppliers and new technologies by performing cybersecurity risk assessments to ensure
compliance with corporate policies, regulatory requirements, and industry standards.
• Navigated complex computing environments including on-premises, hybrid, and cloud-based infrastructures (SaaS,
PaaS, IaaS), ensuring thorough risk evaluation across architectures.
• Produced and presented performance metrics and KPIs for the SSRM programme to CISO leadership, illustrating
programme effectiveness and continuous improvement areas.
• Governed third-party risk issue management, policy exceptions, and risk acceptance portfolios to ensure timely
remediation and regulatory compliance.

Accenture Services Pvt. Ltd 2005 – 2018

Client Delivery Lead (UK placed), Security Team Lead - Managed Security Services
Served as SME to business unit risk leaders, issuing timely threat notifications and guiding remedial actions to mitigate
vulnerabilities. Conducted risk research and led client meetings; built strong stakeholder relationships whilst facilitating risk
assessments using formal risk rating methodologies. Directed the design and implementation of SIEM use cases, event
correlation logic, and incident response plans in Splunk, in collaboration with client stakeholders. Evaluated system security
posture in line with internal policies and industry standards, and provided compliance-driven cybersecurity recommendations.
• Led a high-impact vulnerability management pilot, recognized for delivering one of the most complex and critical client
deals; introduced a risk-based approach using CVSS for prioritizing and addressing security vulnerabilities.
• Deployed and implemented QualysGuard to scan and assess assets across multiple clients (Shared and Dedicated),
enabling vulnerability discovery, reporting, monitoring, and remediation planning.
• Delivered technical guidance and remediation recommendations to ensure regulatory compliance; managed findings
from identification through closure, recommending compensatory controls where necessary.
• Led the internal audit (ISO 27001) across multiple clients’ portfolios in preparation for external audits. Facilitated
client teams to meet external auditor requirements by validating relevant security control evidence.
• 3+ Hands-on experience in SOX IT testing as part of internal audit exercises across the client portfolio
• Reviewed and interpreted SOC and penetration testing reports, providing actionable insights and recommendations.
• Acted as SME for RCA documentation of incidents and problem records; advised delivery teams on mitigating risks
related to vulnerabilities, alerts, and notable security events.

Infrastructure Senior Analyst

Oversaw end-to-end change management lifecycle: identifying, raising, assigning, planning, executing, and resolving network
changes. Steered incident management activities, ensuring SLA compliance and co-ordination across response teams. Generated
monthly security reports covering SEP exceptions, unmanaged endpoints, and logging compliance for PCI-regulated
environments. Performed PCI compliance analysis using tools like Tripwire and Log Logic; ensured adherence to security
standards within client environments. Oversaw client change requests (RFCs); designed, developed, tested, and verified that
proposed solutions met business and technical requirements.
• Investigated IPS security events via SecureWorks; provided incident analysis and remediation recommendations.
• Configured and managed Juniper Firewalls, SSL VPNs, Websense Proxy/Virus Scanning, Symantec AV, Cisco
routers/switches, and remote access VPN solutions.
• Offered 24x7 operational support for Websense and Splunk SIEM, including log monitoring and event analysis.
• Investigated malware threats and infections using Symantec Endpoint Protection (SEP); collaborated with Symantec
Support to develop operational SOPs.

Infrastructure Analyst - Security Operations/Network Security

Administered SLA performance tracking, analytics, risk/issue resolution, incident/problem/change/release handling, and
scope change control. Managed 24/7 security operations teams across tools, such as Splunk, Qualys, McAfee, and Rapid7;
ensured consistent delivery and client satisfaction. Supported third-party audits and assessments, including external auditor
visits and completion of third-party security/risk questionnaires. Tracked work effort vs. budget; collaborated with senior
leadership to drive operational efficiencies.
• Built and maintained strong relationships with client leadership and business unit stakeholders by partnering with
senior management (Managing Directors) to drive engagement effectiveness and business growth.
Page 2 | 3
 • Served as SME for RFP responses on new opportunities; contributed to deal pursuits through security solutioning across
SIEM, VM, Endpoint, Firewalls, IDM, and third-party reviews.
• Designed and engineered client-specific security solutions (SIEM, Vulnerability Management, Symantec AV/DLP,
TPRM), partnering with internal teams for successful delivery and execution.

Education
Bachelor of Engineering in Electronics & Instrumentation
Periyar University, Tamil Nadu, India

Technical Proficiencies
Security: Archer, Splunk, QualysGuard, McAfee Vulnerability Manager, Nessus, Rapid 7, Cisco Firewall, Tipping Point IPS,
Symantec Endpoint and DLP products, Websense, Tripwire, Black Kite.
Compliance: Knowledge and understanding of relevant compliance and regulative requirements, such as Payment Card
Industry Data Security Standard (PCI DSS), ISO 27001, NIST 800-53, SOX (overview), IT ACT 2000, COSO and tools such as CSA
CAIQ, SIG, Prevalent, One Trust, Process Unity, Qualys’ PCI & Policy Compliance and Service Now
RCSA: Working knowledge of RCSA framework, Controls design/performance with FRASA elements and implementation, Issue
and Corrective Action lifecycle in the maintenance of the Risk Register, End-to-end management of control portfolio for cyber
risk

Awards & Accolades

Awarded “Celebrating Excellence” for Business Operations at Accenture
Received multiple Client Delivery Recognition Awards at Accenture
Earned various Performance Awards at IBM, Kyndryl, and Wells Fargo

Certifications
CRCMP – Certified Risk and Compliance Management Professional
CRMP – Certified Risk Management Professional
CPISI – Certified Payment Industry Security Implementer
CRISC – Certified in Risk and Information Systems Control
CISA – Certified Information Systems Auditor
ISO 27001 Lead Auditor – IRCA Certified
CCSK – Certificate of Cloud Security Knowledge
Symantec DLP – Data Loss Prevention
CCNA & CCNA Security – Cisco Certified Network Associate
CCSP – Cisco Certified Security Professional
CEH (C|EH) – Certified Ethical Hacker
Qualys Guard – Vulnerability Management Certified
Rapid7 Certified Professional – AppSpider Enterprise & InsightVM
Splunk Certified Admin and Power User
ITIL v3 Foundation

Page 3 | 3