Garapati Laalitya

Cybersecurity professional with 2.5 years of hands-on experience in strengthening organizational security posture through risk assessments, vulnerability management and compliance audits. Proven expertise in conducting ISO 27001 internal audits, implementing ISMS controls, and ensuring adherence to regulatory frameworks such as GDPR and GRC. Experienced in threat analysis, policy development, and preparing audit ready evidence to support governance and compliance initiatives.

Skilled in DevSecOps, embedding security into every phase of the SDLC, integrating automated checks into CI/CD pipelines with Jenkins, GitHub, Jira, and Fortify to deliver resilient, security first workflows.

TPRM - Cyber Risk Assessor PricewaterhouseCoopers Private Limited • Conducted ISO 27001 internal audits to evaluate ISMS effectiveness, assess compliance with security controls, and prepare audit-ready evidence for stakeholders and regulators.

• Reduced security vulnerabilities by leading multiple assessments and providing actionable threat modeling insights for risk remediation.
• Enhanced vendor compliance with regulatory frameworks like GRC, ISO 27001, and GDPR.
• Accelerated SDLC security by collaborating with development teams to integrate compliance and performing SAST/DAST on 17 applications.
• Designed and implemented vendor onboarding due diligence processes, including security questionnaires, compliance certifications, and penetration test reviews.
• Partnered with business units to align vendor risk assessments with operational priorities, ensuring risk decisions supported business continuity and growth.
• Evaluated on security controls across domains like Access Management, Information Security, Application Security, Network Security, and Cloud Hosting.
• Conducted 13 threat modeling assessments, achieving 30% reduction in vulnerabilities through remediation.
• Maintained detailed audit trails and documentation to support internal audits and regulatory inquiries.
• Enhanced compliance of 25 vendors with GRC, ISO 27001, and GDPR by developing and executing tailored remediation plans.
• Developed executive summaries and risk dashboards for high‑risk vendors, translating technical findings into business impact metrics for senior stakeholders.
• Facilitated the closure of security gaps by reviewing vendor-provided artifacts and tracking resolutions. DevSecOps Engineer PwC • Enhanced security integration across SDLC for Tata Consumer Products Limited, securing 17 applications by embedding DevSecOps practices.
• Automated continuous integration and deployment (CI/CD) processes using Jenkins and GitHub, improving release efficiency by 98% across multiple applications.
• Utilized Jira for issue tracking and performed SAST and DAST implementing SLA policies across applications to ensure vulnerabilities were consistently tracked, prioritized, and resolved within defined timelines.

EDUCATION Bachelor of Technology in Computer Science Engineering Amrita Vishwa Vidyapeetham University 07/2019 - 05/2023 Bengaluru, Karnataka