Rahat Uddin Email & Phone Number

New York, NY, US

Remote First, US

Mountain View, CA, US

• Led and coordinated security and compliance initiatives across GBO, partnering with cross-functionalstakeholder teams. Assess and report on business risks, drive remediation programs, respond to escalations, manage.
• Established and executed strategies for identifying and tracking exposure within GBO’s Digital Workplace Portfolio across various risk domains, orchestrating remediation efforts to address known and potential gaps.
• Execute Google’s RCSA (Risk & Controls Self Assessment) compliance program by assuming ownership of the Third-Party Vendor Risk portion of the RCSA. Collaborated with the first and second lines of defense, and analyzed.
• Led and owned the pilot program of privacy compliance remediation project to ensure Google products respect user trust and adhere to Google's privacy principles. Developed and ensured risk owners executed remediation.

Menlo Park, California, US

Menlo Park, California, US

• Conducted Microsoft SSPA assessments for data processors handling Microsoft Personal and Confidential data. Examined policies, procedures and documented evidence to measure compliance against security and privacy.
• Supported VRMMM (Vendor Risk Management Maturity Model) project, to evaluate client’s third-party risk management program against a set of comprehensive best practices and industry benchmarks. Reviewed and evaluated.
• Performed Risk Assessments that helped identify gaps within organization’s information security practice amongst various industries. Within these projects, tasks conducted were departmental interviews, data information.
• Supported internal TPRM team within a large Banking organization with Issue management functions regarding third-party vendors. Organized issue tracking metrics within Archer to provide status updates on current.
• Conducted HITRUST Readiness assessment for major health insurance provider to measure identified gaps against all security domains. Reviewed and evaluated evidence of organization’s policy, process and procedures to.

• Performing risk assessments and reviews for an array of organizations, where clients involved are required to adhere to many regulations including, HIPAA, GDPR, and PCI-DSS.
• Participate in on-site assessments for clients including interviews with IT and management personnel for providing risk assessment findings and determining top risks for an organization.
• Performing gap assessments based on NIST 800-53 and ISO:27001, to help identify potential risks to organizations and create a security road-map to better prioritize the activities designed to reduce the likelihood of.
• Lead data classification projects to help organizations categorize data and determine the most appropriate level of security safeguards and controls required to protect sensitive and critical information.
• Assisted as a support resource for Vendor Risk Management projects, including process coordination, analyzing responses and SOC 2 Type 2 reports, and providing recommendations for remediation and treatments of.