Open to opportunities

sumana singaraju

@sumanasingaraju

Message

Cybersecurity and GRC leader specializing in vendor risk and compliance programs.

United States

Message

What I'm looking for

I seek a senior cybersecurity/GRC role where I can scale compliance programs, lead teams, implement automation, and partner with leadership to reduce audit findings and support business growth.

I am a cybersecurity and GRC professional with 9+ years of experience driving vendor risk management, vulnerability management, SOC 2, ISO 27001, NIST, and GDPR initiatives. I lead teams and partner with C-suite stakeholders to translate security controls into actionable business metrics that enable deal closures and regulatory readiness.

I've delivered measurable impact across startups, mid-sized firms, and large enterprises — streamlining assessments, automating GRC workflows, and improving audit outcomes. Notable achievements include enabling six-figure deals through SOC 2/ISO readiness, reducing audit findings by 30%, and generating $500K+ in cost savings through faster vendor risk assessments.

I build automation using Python, integrate identity and cloud security solutions, and implement GRC tools such as ServiceNow IRM, RSA Archer, and Drata to improve efficiency and expand market access. I seek roles where I can scale compliance programs, mentor teams, and drive continuous improvement in risk posture.

Experience

Work history, roles, and key accomplishments

Cyber Security Consultant

VioletX LLC

Mar 2024 - Jun 2025 (1 year 3 months)

Led a team of 3 vendor risk analysts to streamline assessments, contributing to $500K+ cost savings, executed SOC 2 Type II and ISO 27001 readiness that reduced audit findings by 30%, and performed Nessus scans to prioritize remediation across AWS workloads.

Vendor Risk Management SOC 2)ISO 27001)Nessus AWS Risk Assessment Drata Archer ServiceNow

Cyber Security Intern

New York Life Insurance

Jun 2023 - Aug 2023 (2 months)

Onboarded 10 applications into SailPoint IdentityIQ improving provisioning efficiency by 20%, presented vulnerability assessment reports to leadership to drive remediation prioritization, and led a 7-person intern team to win the Annual Tech Intern Project.

IAM Vulnerability Assessment Provision Reporting Leadership Presentation

Senior Information Security Analyst

Informatica

Jun 2021 - Jul 2022 (1 year 1 month)

Aligned Incident Response and Risk Management with NIST CSF to reduce audit findings by 30%, tracked remediation of critical vulnerabilities to improve cloud security posture, and managed SOX ITGC readiness for IPO leading to successful first-time compliance.

NIST CSF Incident Response Vulnerability Management Cloud Security

Team Lead

Novartis Healthcare

Apr 2019 - Jun 2021 (2 years 2 months)

Led a global team of 5+ analysts to reduce third-party assessment turnaround by 40%, implemented ServiceNow IRM workflow automation cutting GRC reporting cycle time by 35%, and coordinated HIPAA compliance to ensure audit readiness with no major gaps.

Vendor Risk Management ServiceNow HIPAA GRC Leadership Process Improvement Compliance

IT Risk Analyst

Bank of Montreal

Nov 2014 - Mar 2019 (4 years 4 months)

Developed technology risk policies and remediation dashboards that reduced open audit issues by 50% within six months and provided executive reporting to strengthen risk governance.

IT Risk Policy Development Dashboards Stakeholder Management Compliance

Education

Degrees, certifications, and relevant coursework

Georgia Institute of Technology

Master of Science, Cyber Security

2022 - 2023

Activities and societies: Independent projects: Automated Third-Party Risk Management System (Python, Dash/Plotly) and Automated Access Review Framework to support SOX, SOC 2, and ISO 27001 compliance.

Master of Science in Cyber Security with coursework in Information Security Policies, Enterprise Risk Management, and a Cyber Security Practicum; awarded a 100% scholarship.