Suraj Kempanapura
Education:
Master of Business Administration (M.B.A.)
Information Systems and Technology
Bentley University
2013 : 2015
Bachelor of Engineering (BEng)
Computer Science
Visvesvaraya Technological University
2005 : 2009
Experience:
2020 : Present
athenahealth
Information Security Audit Manager
Identity and Access Controls transformation
• Performed current state analysis of security administration analysis and submitted recommendations to strategically centralize security administration
• Documented business requirements and developed user stories to capture access approval workflows, password management, and security administration workflow
• Interfaced with business and technical stakeholders to understand application role/entitlement profiles, performed application analysis to clean up roles, developed Onboarding templates, SOD rules, and successfully Onboarded internally hosted applications of a strategic business unit to SailPoint
• Interfaced with business stakeholders to understand application role/entitlement mapping, performed application analysis to clean up roles, developed Onboarding templates and file feeds, and successfully Onboarded third-party/vendor applications to SailPoint
• Developed a VB based toolkit to be used by the Identity and Access Management team to analyze and report on high-risk cash and security applications
2015 :
KPMG US
Associate, KPMG Cyber
ServiceNow Security Incident Response (SIR) implementation
• Interfaced with business stakeholders from the SOC team in understanding the current state of processes executed by SOC - L1, L2, L3 and L4 teams.
• Captured business requirements through user stories, developed technical details and assisted in the development of solution design for the user stories
• Supported in the building and testing of user stories across three Sprints, demoed developed user stories with SOC business stakeholders as well as L1, L2, L3 and L4 analysts
• As part of Sprint 3, supported team in the identification of challenges related to OOTB QRadar integration
• Supported team in development & testing of QRadar email rules, SN email parser and business rule to map SIEM data into SIR records
GDPR implementation
• Interfaced with business stakeholders from both the US and the EU entities of a global gaming client to identify businesses in-scope of GDPR
• Identified processing activities involved in processing personal data and documented Records of Processing Activities (RPAs) for both the US and EU entities
• Performed GDPR gap assessment on applications that were identified as part of RPAs
• Documented and provided recommendations for closing security related gaps identified through assessments
• Developed a road-map to achieve compliance in terms of Data Processing Agreements (DPAs) to be signed with third parties, Intra-group agreements to be signed between business entities that transfer personal data, Fair processing notices to be shared with employees, Data Subject Right processes to be put in place for customers & employees, and Data Privacy Impact Assessments (DPIA) to be completed on third parties
• Defined and developed a GDPR governance model to be used by the client’s Global Privacy Office.
• Supported standing up of the privacy office and its privacy program by identifying activities (RASCI) to be performed by the business functions and overseen by the privacy office
2017 : 2020
KPMG US
Senior Associate
2015 : 2015
Bentley University
Senior Teaching Assistant
• Coordinating with faculty to upload teaching materials, managing software interface both from an admin and a user perspective, securing functioning technologies in the classroom to provide an impediment free classroom experience for online students.
• Pro-actively responding and assisting other TAs with class room set up, student support, walk in traffic, and working on other projects assigned by other ATC staff members.
2013 : 2015
Bentley University
Online Teaching Assistant
Company: athenahealth
Years of Experience: 14
Spoken Language: English, Kannada