Krishnan is a director with over 14 years’ experience in professional services. He has specific expertise in technology risk consulting and has been advising clients both in the public and private sector in designing and implementing information security controls.
- ISO 27001 certification assistance: Krishnan is a certified Lead Auditor on ISO 27001 and has successfully helped clients in designing and implementing controls as per ISO 27001 standards. He has worked with clients that have successfully implemented ISMS and obtained ISO 27001/27018 certification. Most recently, he has been working with a top Australian technology company and a document management company in implementing an ISMS framework that includes the design of the risk assessment process, the establishment of application and infrastructure hardening, training, and assisting in their certification process.
- SOC2 controls implementation and assessment: Krishnan has been involved in projects related to Service Organisation Controls Reporting and is adept at providing guidance in the implementation of the controls. Over the years, Krishnan has also performed several assessments on SOC1 and SOC2 for various clients primarily in the Software Development industry.
- Risk Assessment: As part of implementing Information Security Management Systems (ISMS) and establishing the governance framework, Krishnan has been responsible for performing internal risk assessments including reviews under SOC2, performing vendor risk assessments, and other compliance standards such as CPS234.
- IT general controls testing: Krishnan has significant experience in leading and performing IT General Controls and Security controls reviews. He has extensive experience in performing segregation of duties (SoD) and sensitive access controls review on Oracle. Additionally, Krishnan has experience in managing and leading teams on projects related to control testing, benchmarking, and evaluating risks on systems and integrated applications.
- Business Continuity / Disaster Recovery: Krishnan has developed Business Continuity and Disaster Recovery Plans for clients and has experience in performing threat modeling and failure mode effect analysis as part of business continuity management. Krishnan is a certified ISO 22301 Business Continuity Management Lead Implementer and has experience providing guidance to clients in improving their IT disaster recovery and service continuity.
Areas of Expertise
- Technology Risk Consulting
- Information Security & Business Continuity Standards consulting & assessment (ISO 27001, ISO 22301)
- Risk Management
- Information Technology
- Financial Services
- ACA, Institute of Chartered Accountants of India
Professional Memberships and Certifications
- CISA – Certified Information Systems Auditor, Information Systems Audit and Control Association
- CIPP – Certified Information Privacy Professional, International Association of Privacy Professionals
- ISO 27001 – Information Security Management Lead Auditor
- ISO 22301 – Business Continuity Management Lead Implementer