beBee background
Professionals
>
Hyderabad
Sai Kumar Balerao

Sai Kumar Balerao

IS | ITGC| Risk Mgmt | IAM | Compliance

Technology / Internet

Hyderabad, Hyderabad

Social


About Sai Kumar Balerao:

A CISM Certified professional with extensive experience in Cyber Security, IT Risk Management, Information Security Governance, and IT General Controls (ITGC) within the Banking & Financial industries. Proven expertise in Identity & Access Management (IAM), Privileged Access Management (PAM), Role-Based Access Control (RBAC), and ensuring compliance with regulatory frameworks such as SOX, NIST, and SOC2. Adept at leading control assessments, driving remediation of control deficiencies, and embedding a strong controls culture.

Experience

                                                                                                                              

 Profile Summary

  • A CISM Certified professional with extensive experience in Cyber Security, IT Risk Management, Information Security Governance, and IT General Controls (ITGC) within the Banking & Financial industries. Proven expertise in Identity & Access Management (IAM), Privileged Access Management (PAM), Role-Based Access Control (RBAC), and ensuring compliance with regulatory frameworks such as SOX, NIST, and SOC2. Adept at leading control assessments, driving remediation of control deficiencies, and embedding a strong controls culture.

 

core competencies

  • Risk & Governance: IT Risk Management, Information Security Governance & Compliance, Audit Management (Internal), Risk and Control Self-Assessment (RCSA), SOX Compliance, Control Testing (ITGC), Policy & Standards Development. 
  • Identity & Access Management: IAM Program Management, Privileged Access Management (PAM), Role-Based Access Control (RBAC), Identity Governance and Administration (IGA), Service Account Lifecycle Governance, User Access Reviews (UAR). Segregation of Duties (SoD) Controls and Attestation.
  • Security Operations & Tools: Security Incident Response Management, Vulnerability Assessment (Splunk, IBM Security Guardium), SIEM, IDS/IPS, Firewalls. 
  • Frameworks & Controls: NIST, SOC2 Controls, ITGC. 
  • GRC & Reporting Tools: RSA Archer, ServiceNow (GRC & ITSM), Farm, Core (JPMC Internal Tool), RISE (BoFA), Tableau, Splunk, Power BI. 
  • Change & Defect Management: HPSM, Vulcan, JIRA, Confluence, AC ALM. 
  • CyberArk Expertise: Enterprise Password Vault (EPV), AIM, BG
  • Business Modelling Tools: MS Visio, MS Project

Work History

 

Cyber Security Associate | 07/2024 to Till Date 

BA Continuum India Pvt Limited, Hyderabad, India

 

  • Led ITGC control testing focused on service account management within the Identity and Access Management (IAM) framework to ensure appropriate ownership and usage of privileged accounts.
  • Validated access control mechanisms ensure service accounts had appropriate permissions and followed the principle of least privilege.
  • Tested service accounts to ensure compliance with segregation of duties policies, minimizing the risk of unauthorized access to critical systems. 
  • Provided feedback and appropriate challenge to control owners on internal controls, assessments, remediation and documentation.
  • Managed and created monthly reporting packs for the RISE & The IT Risk Action Review Board.
  • Assessed documentation for ownership, usage logs, and roles tied to service accounts, ensuring that the accounts were assigned to valid AIT’s 
  • Reviewed audit logs for service and privilege account activities, ensuring compliance with monitoring and logging controls as part of ITGCs.
  • Led periodic certification campaigns to verify that service accounts were still required and that their access privileges remained appropriate. Worked with stakeholders to decommission or reassign unused accounts.
  • Worked on revocation, ensured all ARM manual requests collected necessary approvals to proceed with disablements after datamining.
  • Assisted applications owners in completing the RISE deliverables, providing guidance and ensuring timely completion.
  • Evaluated the effectiveness of policies and procedures, processes, systems, and internal controls.  
  • Oversaw the attestation and vaulting of service IDs via IGA, ensuring adherence to the RISE 919.1 standards and protocols.
  • Managed office hours queries and guiding owners to stay compliant with firm standard Rise activities.
  •  Performed access governance activities, including developing, maintaining, and facilitating the adoption of policy, standards, processes, and procedures. 

 

 

Cyber Security Associate | 08/2014 to 03/2023 

JP Morgan Chase & Co, Hyderabad, India

  • Performing IT General Controls (ITGC) Testing for all Access Management Processes & making sure the observations are mitigated and remediated.
  • Supported the Control Testing program including initial interviews regarding standard controls usage for applications in scope; assist with the identification and testing of shared controls. Performing testing of the evidence submitted to validate it justifies control effectiveness.
  • Assisted with the annual firm wide SOX -CCAP program, testing the evidence of the controls and identifying any significant control deficiencies, working with the appropriate Assessment leads, Technology Control Officer to identify appropriate remediation to improve the controls as necessary.
  • Performed audit of logical access controls, including user access review (UAR), and provided recommendations for remediation of the identified risks and vulnerabilities
  • Monthly Exam ready reviews. Audit readiness activities and RFI artifacts handling.
  • Implementing incident response plans within RSA Archer.
  • Partnered with stakeholders on Third Party application onboarding, offboarding and Platforms such as Wintel, EPV, UNIX and Database to meet GIAM control policies standards.
  • Actively participated in identity and access management (IAM) processes, including implementation and periodic review of user access controls to enforce segregation of duties (SoD) and mitigate unauthorized access risks.
  • Performed periodic SOX user access reviews for in-scope applications, validated remediation of exceptions, and coordinated with application owners to address deficiencies.
  • Monitored and validated change management activities to ensure compliance with SOX mandates, promptly identifying and escalating any deviations for timely remediation.
  • Assess and onboard new applications transitioning to IAM Operation teams for manual provisioning, ensuring compliance and service continuance.
  • Supported ongoing improvements in the SOX control environment by assessing control design, operating effectiveness, and recommending enhancements to reduce future deficiencies.
  • Migrated apps to MyAccess (SailPoint Identity IQ) for automation provisioning – reconciliation- certification a consistent end user experience in RSAM and role-based access control (RBAC).
  • Drove and ensured user & Sec admin roles have clear description of functions performed which enables the managers to effectively recertify user access.
  • As part of application onboarding process, guided application owners to Information Security Managers for create Control Polices Breaks against their SEAL ID’s (i.e., CP’s - Segregation of duties, PI Data visible and encrypted emails)
  • Communicated issues and evaluated issues, findings and best practices with the rest of the team and manager.
  • Remediated Open access issues to ensure permission are removed from unauthorized individual. Establish standard process around access and controls that are flexible enough to address specific business needs.
  • Worked on Impact assessments of process changes initiatives as part of change management process.
  • Performed audit of logical access controls, including user access review (UAR), and provided recommendations for remediation of the identified risks and vulnerabilities.
  • Configured workflow rules in Jira. Workflow rules are used to automate tasks, such as assigning issues to specific users or groups, or sending notifications when an issue change status.
  • Worked On IAM assignments in creating and maintaining SOP’s related to provisioning processes, including on-boarding, off-boarding, role management, user access reviews (attestation), report generation and compliance processes.
  • Engaged with application owners and product owners to ensure proper controls are in place to support solution delivery, risk mitigation with respect to (IAM)Access Administration and propose adoption of strategic tools.
  • Complied to SOX-SOC1 Recertification completeness and Segregation of duties requirements and shared evidence for PWC and Other audit responses for CTC line of Businesses.
  • Enforced privileged access control standards and workflows, including privileged user provisioning, credential management, session monitoring, and privilege elevation/delegation.
  • worked on access provisioning on AD using ARS for the creation & deletion of LAN accounts and granting access to domain accounts and assigning permission to groups and shared drives.

Consultant | 04/2014 to 08/2014 

ValueMomentum Software Services, Hyderabad, India

  • Managed network security policies which include access control, NAT, content, and authentication
  • Worked on access control lists and IOS upgrades and URL Filtering- web sense.

Assistant Support | 04/2010 to 09/2011 

WH Smith, Sheffield, United Kingdom

  • Manage incidents and request tickets logged in the IT Service management tool.
  • Functions included administering defined procedures, analysis and report generation, and exception processing.

 

Education

Education

Sheffield Hallam University - Sheffield | Master of Science, 2008-2010

Electronics and Information Technology

Jawaharlal Nehru Technological University - Hyderabad | Bachelor of Technology, 2004-2008

Electrical and Electronics Engineering

Professional Certifications

Certified Information Security Manager (CISM),

CompTIA Security +Ce,

Professionals in the same Technology / Internet sector as Sai Kumar Balerao

Professionals from different sectors near Hyderabad, Hyderabad

Other users who are called Sai