Saravana Kumar Manivannan Email & Phone Number

Toronto, ON, CA

Calgary, Alberta, CA

• Lead risk-based IT control testing and assessments for a leading financial institution in Canada.
• Ensuring compliance with SOC 1, SOC 2, ITGC controls, and regulatory standards.
• Uplifted and rewrote control descriptions and objectives, aligning them with NIST 800-53 and internal standards.
• Collaborating with internal stakeholders and cross-functional teams to provide remediation recommendations and track progress.
• Managing project timelines by planning control testing within sprint cycles and utilizing Agile methodologies to ensure timely delivery.
• Delivering weekly progress updates to senior management, addressing risks and improvement areas.

Toronto, Ontario, CA

• Provided cloud security advisory and conducted Threat Risk Assessments (TRA) for key Google Cloud Platform (GCP) and Azure migration projects.
• Performed security architecture design reviews, ensuring security controls were embedded across all stages of development and deployment.
• Collaborated with Solution Architects, development teams, and DevSecOps teams to assess key risk areas and implement secure cloud solutions, providing guidance on mitigating risks and ensuring security alignment with.
• Assessed security controls for cloud-native environments, including microservices, Infrastructure as Code (IaC), and Kubernetes.
• Ensured compliance with leading industry security standards such as ISO 27001, CSA Cloud Controls Matrix (CCM), CIS Benchmarks, and NIST 800-53.
• Contributed to risk reports and provided actionable recommendations to ensure security alignment with business objectives.

Toronto, ON, CA

• Led a 5-member team and managed the Third-Party Governance team, overseeing third-party cybersecurity risk assessments.
• Managed and enhanced reassessment processes for third-party risk management using Archer GRC, streamlining governance and risk evaluations.
• Conducted risk assessments for high-risk vendors, particularly cloud-based service providers, ensuring compliance with regulatory standards and internal policies.
• Collaborated with internal teams and stakeholders to assess and mitigate potential risks in vendor security architecture and network designs.
• Worked closely with legal and regulatory teams to advise on third-party contracts, ensuring alignment with security requirements and regulatory compliance standards.
• Contributed to the development of a Third-Party Risk Assessment Questionnaire using standards such as NIST and ISO 27002 to ensure comprehensive evaluations.

Toronto, Ontario, CA

• Developed a comprehensive strategy for third-party risk assessments and reassessment processes to enhance CIBC's systems and controls.
• Developed and implemented updated reassessment processes, utilizing the Archer GRC tool to streamline workflows and ensure consistent, reliable risk evaluations.
• Evaluated third-party vendor rating tools such as SecurityScorecard and BitSight, providing recommendations for selecting the optimal tool to integrate into the Third-Party Risk Management (TPRM) process.

Mumbai, Maharashtra, IN

• Managed a larger team responsible for the complete lifecycle of third-party risk assessments for a major financial institution, ensuring timely and accurate risk evaluations.
• Led the team in handling a high volume of third-party cybersecurity risk assessments, ensuring compliance with industry standards such as ISO 27001, NIST 800-53, PCI-DSS, SOC 1, and SOC 2.
• Demonstrated strong team management skills by mentoring and developing team members, ensuring high performance, and managing workloads in a fast-paced environment.
• Oversaw multiple third-party risk assessments simultaneously, consulting for various internal clients under tight deadlines and delivering high-quality results.
• Worked closely with stakeholders across the bank to manage risks associated with outsourcing operations, applications, and services to third-party vendors.
• Regularly reported to senior management on key risk metrics and findings, providing actionable recommendations for risk mitigation.

Noida, Uttar Pradesh, IN

• Conducted comprehensive risk assessments using COBIT and ISO 27001 frameworks to identify and mitigate security risks for a global pharmaceutical client.
• Collaborated with management to plan and execute risk and control assessments, ensuring alignment with internal security policies and industry standards.
• Led and completed a SOC 2 Type 2 audit engagement from start to finish, delivering detailed audit reports and recommendations to stakeholders.
• Conducted periodic IT infrastructure reviews, identifying vulnerabilities, and providing remediation strategies to promote a proactive security culture.
• Provided advisory support for the client’s SOC 2 Type 2 audit preparation, ensuring compliance with operational controls and improving overall security posture.

Teaneck, New Jersey, US

• Supported the Governance and Risk Analyst team in conducting ISO 27001, HIPAA, PCI-DSS, and SSAE 16 SOC 1 & SOC 2 audits for clients in the retail and banking sectors.
• Coordinated and executed gap analyses to identify compliance deficiencies and worked with stakeholders to implement enhanced security controls.
• Managed Information Security Compliance Exception Requests, ensuring proper documentation and adherence to company policies.
• Conducted internal and client-facing ISO and PCI-DSS audits, preparing detailed audit reports with actionable mitigation plans.
• Collaborated with cross-functional teams to follow up on audit observations, ensuring continuous improvement in security posture.

Bachelor'S Degree, Computer Application

Diploma, Electronics & Communication

Ssc