Sowmya is a Partner in the ‘Cyber Risk Services’ practice Deloitte, India. She has almost eighteen years of work experience which includes both industry and consulting.
She has worked extensively in the areas of Information Security, Privacy, SOX, SAS70, HIPAA, and PCI. Sowmya has worked with clients across a range of industries, including Healthcare, Retail, Financial services, Oil and Natural Gas, Forestry and Hospitality.
Lead Privacy by Design (PbD) Assessment to incorporate privacy regulations in a healthcare software product to support deployment in Europe and USA.
Lead engagement to identify and standardize control requirements for ISO27001, ISO23301, Privacy Requirements for 3 countries. Created policy & procedures; assisted in implementation of required controls; assisted client in getting relevant ISO certification
Lead engagement to assess vendor information risk management for a large consumer electronics company. The scope of the review included global IT and Non IT vendors.
Designed and implemented an information security management system in line with ISO27001 for a telecom client. The objective of the project was to assist the client to get ISO certified.
Developed information security policies, guidelines and standard operating for a Business Process Outsourcing organization.
Developed framework to sustain and improve implemented information security controls for a manufacturing client.
Led several external and internal audits such as Statutory Audit, SOX and SAS 70/ SSAE 16 across various industries.
Designed, developed and implemented control infrastructure to comply with SOX 404 requirements for financial, oil and natural gas and IT organizations.