Available for Opportunities

MSK.

Sr. Information Security Risk Analyst | CISA-certified | GRC

I'm Madhava Sai Kolluri — a CISA-certified information security risk analyst with 9 years of overall IT experience. Currently leading IT audit, GRC assessments, and NIST SP 800-53 SSP documentation at Alipro, with automated evidence pipelines across Azure and multi-cloud. Previously drove compliance execution across 8 concurrent state healthcare programs at UHG/Optum (MARS-E, HIPAA, ARC-AMPE, SOC 2, FISMA on Azure, AWS, GCP).

Known for building Power BI dashboards, Python-driven audit automation, and translating dense technical findings into risk assessments that CISOs, auditors, and business leaders can act on. Whether it's SOC 2 Type 2 evidence, RMF authorization packages, or vendor risk reviews — I focus on outcomes that hold up under scrutiny.

NIST SP 800-53 RMF Cloud Security IAM / RBAC RSA Archer GRC
Madhavaa
9+
Years Exp
200+
Controls Mapped
3
ATO Approvals

Timeline // Protocol History

Professional journey and career milestones

SEP 2025 - PRESENT

Sr. Information Security Risk Analyst

Alipro — Remote, Bloomington, IL

Spearheaded the full NIST SP 800-53 Rev 5 authorization package (SSP, control narratives, evidence) hitting 95% first-review acceptance and delivering 2 weeks ahead. Led SOC 2 Type 2 end-to-end with zero follow-up requests. Automated Azure evidence collection in Python — cut per-cycle effort from 3 days to 4 hours.

Azure
NIST RMF
SSP
FedRAMP
Power BI
JUL 2020 - SEP 2025

Sr. Information Security Engineer Analyst

United Health Group (Optum) — Hyderabad, India

Managed compliance execution across 8 concurrent state healthcare programs on Azure, AWS, and GCP — aligned to MARS-E, HIPAA, SOC 2, FISMA, NIST SP 800-53. Zero major findings across 4 consecutive audit cycles. Authored 200+ control narratives; drove POA&M to 90%+ on-time closure.

RSA Archer
FISMA
MARS-E
HIPAA
AWS
MAY 2019 - JUL 2020

Front-End Developer & Web Designer

Jxtapose — On-site, Hyderabad, India

Built responsive websites for 8 client accounts (HTML5/CSS3/JS) — boosted client traffic 55% via SEO-optimized builds. Created Figma wireframes that cut post-build change requests 60%. Hardened all sites with SSL, CSP, and WordPress hardening — zero critical findings in quarterly scans.

Entra ID
Sentinel
RBAC
IAM
OCT 2018 - APR 2019

Front-End Developer & Web Designer

Storyqube / Voiceqube — On-site, Hyderabad, India

Designed and built 25+ reusable front-end components for an AWS-based voice platform — lazy loading + code splitting cut page load 35%. Delivered onboarding for BITS Hyderabad, BITS Goa, and IIT Roorkee with zero rollback incidents. Implemented AWS WAF, CORS, and input sanitization.

AWS
S3
CloudTrail
Splunk
Nessus
OCT 2016 - OCT 2018

Associate

Wipro / Google — Hyderabad, India

Verified and enriched geospatial datasets across 5+ map enhancement projects. Proposed a validation checklist adopted by the team that reduced error rates by 20%.

Data Quality
GIS
Validation

Skill Matrix // Core Competencies

Technical expertise and domain knowledge

description

GRC & Compliance

NIST 800-53 RMF FedRAMP FISMA

Proficiency

cloud_sync

Cloud Security

Azure AWS GCP

Proficiency

shield

IAM & Zero Trust

Entra ID RBAC MFA CA Policy

Proficiency

verified_user

A&A & ATO

SSP SAR POA&M Archer

Proficiency

radar

SIEM & Monitoring

Sentinel QRadar Splunk Nessus

Proficiency

build

Tools & Reporting

Power BI SNOW JIRA SPO

Proficiency

Operation Log // Key Projects

Recent projects and successful implementations

01 verified_user

ATO Acceleration — Azure

Drove NIST RMF from FIPS 199 through continuous monitoring. Mapped 200+ controls, cleared ATO two weeks early with 95% acceptance.

NIST RMF ATO Azure
200+ controls mapped
02 description

Enterprise Healthcare SSP

Built SSPs for FISMA-regulated healthcare platforms at Optum. Created golden templates cutting drafting time by 30%. Helped 3 systems achieve ATO.

SSP FISMA MARS-E Archer
3 ATO approvals
03 shield

IAM Governance — Azure CRM

Designed Entra ID RBAC models, enforced MFA and Conditional Access. Reduced unauthorized access by 60%.

Entra ID RBAC Sentinel
-60% unauth access
04 cloud

AWS Cloud Hardening

Engineered security controls for voice platform. Hardened S3 with SSE-KMS, implemented CloudTrail logging.

AWS S3 CloudTrail
05 monitoring

Security Dashboards

Built Power BI dashboards consolidating incident, access review, and remediation data for leadership KPI visibility.

Power BI KPI Audit
06 policy

POA&M Remediation Engine

Managed POA&M register end-to-end, coordinating with engineering to close 15 findings in under two months. 90%+ resolved within target timelines.

POA&M GRC Remediation NIST
15 findings closed in 2mo
07 smart_toy

Vibe Coding

Developing AI-powered GRC compliance dashboard

AI GRC Compliance Dashboard

Credentials // Learning Journey

Education

2013 - 2017

B.Tech — Computer Science

JNTU Hyderabad

Professional Certifications

CISA (ISACA)

ISACA

CompTIA Security+

Optum Corporate Training

CC — Cybersecurity

ISC2

SAFe Scrum Master 6.0

SAFe Agile

Azure Admin AZ-104

Udemy

CISSP — In Progress

ISC2

Initialize
Direct
Link

EMAIL

ogmadhavaa@gmail.com

PHONE

(309) 612-6327

LOCATION

Bloomington, IL — Remote-First

AVAILABILITY

work mail