Veluvarthi Venkat Ram Manisha

MANISHA VELUVARTHI 📍 South Africa | 📞 - | 📧-🔗 LinkedIn: Manisha Veluvarthi PROFESSIONAL SUMMARY Results-driven Risk Management and Compliance professional with over 8+ years of global experience focusing on Vendor risk management, due diligence, Third-Party Risk Assessments, Governance, Risk & Compliance (GRC), Fraud prevention, Compliance monitoring, Data Privacy, and Regulatory adherence. Strong knowledge of ISO 27001, TPRM frameworks, POPIA and FICA principles. Adept at managing third-party risk lifecycle processes, implementing compliance controls, and working with cross-functional teams to ensure organizational resilience and adherence to local and international standards. Skilled in policy development, regulatory frameworks, ISMS audits, risk assurance, and compliance automation. Proven track record in aligning enterprise controls, compliance strategies, data privacy, and third-party assessments with internal risk frameworks. Proficient in implementing IT GRC frameworks aligned with ISO, COBIT Experienced in coordinating IT audits, managing risk registers, preparing cybersecurity incident communications, and reporting on GRC metrics to executive and regulatory stakeholders EDUCATION MBA – International Business, University of South Wales, UK – 2012 B.Tech – Electronics and Instrumentation Engineering, JNT University, India CERTIFICATIONS & TRAINING Diploma in ISO 27001:2022 – Information Security Management System (ISMS) from Alison CISA Cert Prep: Information Asset Protection for IS Auditors Third-Party Risk Management (TPRM) Certification AML & Fraud Prevention Training Advanced Microsoft Excel for Data Analytics CORE COMPETENCIES Vendor Risk Management: Expertise in onboarding, categorizing, and assessing third parties based on risk domains such as information security, operational resilience, financial health, data privacy, and compliance posture. Skilled in developing and applying vendor risk rating models and heat maps. Third-Party Due Diligence: Proficient in conducting detailed risk assessments, document reviews, and control validations across diverse vendor types (IT, outsourcing, logistics, consultants). Experienced in collecting and analyzing SOC 2 reports, ISO certifications, and cybersecurity questionnaires. Information Security & Data Privacy Controls: Knowledgeable in ISO 27001 and GDPR frameworks. Evaluate third-party security posture including encryption, access controls, business continuity and data breach response readiness. Hands on experience in ISO 27001:2022 ISMS implementation, risk treatment planning, data classification and continual improvement cycles Compliance & Risk Monitoring and review: QRM Activities, AML Investigations, Fraud Prevention, Cybersecurity Risk, Data Privacy (GDPR, DPAs, Incident Management), Compliance Audits. Design and implement continuous monitoring frameworks including performance KPIs, SLA compliance checks, risk alerts, and periodic vendor reassessments. South African Regulatory Compliance: Good understanding of POPIA (Protection of Personal Information Act), FICA (Financial Intelligence Centre Act), and King IV governance principles. Able to map global vendor risks to South African-specific obligations and recommend mitigation strategies aligned with local law. Governance, Risk & Compliance (GRC): Hands-on experience with governance, risk, and compliance tools like Archer, ServiceNow GRC, and OneTrust to automate workflows, manage risk assessments, and generate compliance reports. Audit & Regulatory Readiness: Prepare risk documentation and participate in internal and external audits. Maintain an up-to-date repository of vendor controls and compliance records to support regulatory reviews and inspections. Cross-Functional Collaboration: Partner effectively with Procurement, Legal, Compliance, IT Security, and Internal Audit to ensure third-party risks are identified early and remediated promptly Policy Development & Process Optimization: Contribute to the drafting and enhancement of TPRM policies, procedures, and control standards. Implement process improvements to increase efficiency, reduce risk exposure, and align with best practices. PROFESSIONAL EXPERIENCE Novartis Healthcare Pvt. Ltd Third-Party Risk Management (TPRM) Specialist | April 2019 – March 2023 Conducted end-to-end risk assessments for global vendors with focus on data privacy, operational, information security, and compliance risks ensuring regulatory compliance, governance, and internal control alignment. Assessed vendor controls against ISO 27001, POPIA, GDPR and and internal frameworks requirements. Integrated South African frameworks ( FICA, POPIA) into the global TPRM program to ensure regulatory alignment. Developed and implemented GRC frameworks for third-party engagements to enhance visibility and oversight. Implemented ISO 27001:2022-based Information Security Management System (ISMS) controls for third-party engagements. Performed data privacy risk assessments for third-party engagements, ensuring appropriate handling, storage, and transfer of personal and sensitive data. Collaborated with legal, procurement, and data privacy teams to manage contract risks, reviewing Data Processing Agreements (DPAs) for privacy control alignment and ensure effective SLAs. Conducted internal ISMS audits, ensuring documentation accuracy and alignment with security objectives and risk treatment plans. Created detailed risk reports to enhance transparency, accelerate reviews, and reduce aging. Embedded QRM principles across due diligence and audit processes, ensuring consistency in governance and issue tracking. Facilitated continual improvement cycles of the ISMS, ensuring certification-readiness and improved information security posture. Conducted desktop reviews and virtual audits; implemented CAPAs to reduce compliance gaps. Led development of incident response plans and cybersecurity communications. Supported IT audit readiness and tracked IT governance KPIs. Evaluated adequacy of business continuity and disaster recovery plans Managed Labor Rights Risk for the global clusters; worked with Global HSE teams to resolve high-risk compliance cases. Built a central Law Library aligned with ILO regulations and Third-Party Code of Conduct. Led User Acceptance Testing (UAT) on the SNOW Platform, validating automated workflows for risk and compliance reviews. Reason for leaving: Pregnancy and parenting sabbatical Ivy Comptech Pvt. Ltd Risk Operations Senior Associate | August 2017 – March 2019 Led the implementation of vendor risk registers and documentation reviews in accordance with local compliance requirements (FICA, POPIA). Partnered with internal audit and legal to remediate risk gaps and respond to regulatory inspections. Evaluated vendors’ financial stability, anti-bribery/AML risks, and alignment with ESG policies. Monitored financial transactions for internal risk compliance and global AML adherence. Conducted AML investigations and reviewed alerts; escalated suspicious cases per regulatory requirements. Executed KYC verifications and Enhanced Due Diligence (EDD) for high-risk entities. Managed chargebacks across payment gateways, including investigation, documentation, and representment. Resolved fraud-related disputes in alignment with Visa/Mastercard guidelines and internal protocols. Strengthened fraud prevention mechanisms through data analysis and internal collaboration. Supported internal/external audits and financial crime compliance efforts. Delivered training on third-party risk to internal teams to promote a culture of compliance and due diligence. Innopark India Pvt. Ltd Risk Analyst | March 2015 – August 2017 Managed client communications while maintaining compliance with financial transaction standards. Monitored payouts and high-risk behaviours; ensured strict adherence to AML and KYC processes. Developed internal policies to improve risk control and mitigate fraud exposure. Maintained QRM-aligned audit logs and risk registers, supporting internal governance. ADDITIONAL INFORMATION Passionate about compliance innovation, ethical governance, and risk culture improvement Experienced in global compliance collaboration across regulatory, legal, and audit teams Strong understanding of GRC and QRM integration across operations Proven expertise in Data Privacy, Financial Crime Compliance, Third-Party Governance, and Audit Readiness Hands-on contributor to IT compliance programs addressing POPIA, Cybercrimes Act, and ETC Act. References and contact numbers shall be provided on request