LinkedIn: https://www.linkedin.com/in/rishikaakavaram

Information Security Manager

Objective:

Dedicated and highly skilled Security leader with a passion for safeguarding digital ecosystems. Offering a proven track record of effectively mitigating security risks, resolving complex incidents, and championing security-centric product development. Seeking to leverage my experience and expertise to contribute to the organisation’s mission of creating safer systems for users and developers.

Summary:

Accomplished Information Security Leader with 7+ years of progressive experience in security and compliance management within healthcare and nonprofit environments. Proven ability to lead enterprise-wide security programs, drive compliance with HIPAA and state privacy laws, and foster a culture of accountability and equity. Adept at managing teams, vendor relationships, and risk management initiatives

Professional Experience:

Information Security Manager @ PPFL (Dec 2021 - Present)

• Lead and manage state wide comprehensive information security programs, including risk assessments, incident response, and infrastructure hardening across multiple clinical sites
• Developed and deployed a new security framework for the network and infrastructure, resulting in improved performance, visibility, and security for remote offices and the data center
• Oversee the work of Information Security Engineers, ensuring timely execution of compliance initiatives and alignment with NIST, ISO 27001/27002, HIPAA, HITECH, and state privacy laws
• Serve as HIPAA Security Officer, partnering with compliance teams and external contractors to maintain and update InfoSec policies and procedures tailored to affiliate needs
• Redesigned and developed security on network and infrastructure framework that was implemented across all remote offices and the data center to improve performance, visibility, and security
• Collaborate with Compliance Officers to ensure full alignment with organizational compliance plans, codes of conduct, and regulatory obligations
• Conduct regular risk management meetings, monitor system access and performance, and report compliance KPIs to senior leadership
• Lead implementation of mitigation and corrective action plans in response to identified risks
• Advise on enterprise-wide risk, vendor screening, and integrated risk management systems
• Design and maintain security monitoring systems, leveraging SIEM, DLP, IDS/IPS, and encryption controls to protect PHI and critical infrastructure
• Oversee phishing program, coordinate testing objectives, and manage training requirements
• Support PPFA accreditation efforts in partnership with CIO and affiliate teams
• Champion organizational values, equity, and service excellence, proactively seeking ways to improve efficiency and accountability

Security Manager -Threat Intel @ PPSWCF

• Conducted comprehensive threat modelling, risk reviews, and team exercises to proactively identify and remediate security risks, resulting in a 20% reduction in vulnerabilities
• Analyzed security and abuse incidents to extract valuable insights into attack vectors and Tactics, Techniques, and Procedures (TTPs), enabling the development of targeted threat mitigation strategies
• Led security engineering projects aimed at eliminating attack vectors, enhancing platform hardening, and improving detection and monitoring capabilities, ensuring robust protection against cyber threats
• Influenced the technical direction of products by providing guidance to ensure that new features and services were developed with security and privacy in mind, strengthening organisations’ security posture
• Coordinated seamlessly across multiple teams to resolve diverse cybersecurity and abuse incidents, fostering excellence in security risk management by identifying, monitoring, and reporting security gaps and incidents
• Collaborated with the security team to identify vulnerabilities in the organization’s systems, resulting in a 30% reduction in security incidents
• Conducted regular security audits and assessments, ensuring compliance with industry standards and regulations.
• Assisted in the development of security policies and procedures, contributing to the enhancement of the organization’s security posture.
• Monitored and responded to security alerts and incidents, maintaining the integrity and confidentiality of sensitive data.
• Conducted security awareness training sessions for employees, promoting a culture of cybersecurity vigilance.

IT Operations Manager (Full Time) @ OSI (January 2020 - Dec 2021)

• Implemented security solutions and managed IT operations across multiple offices, supporting over 220 users
• Reduced operational expenses by 30% while maintaining critical system SLAs
• Led transition from MSP, improving cost efficiency and service delivery
• Managed identity and access management, database security, and endpoint protection
• Deployed Windows Server 2019/2016, domain and administered Active Directory user accounts, DNS, client VPN, DR & DLP solutions, WAPs, LDAP, MDM, Anti-Virus client and FTP services
• Securing network servers and applications by tracking incident responses using SolarWinds N-central, log analysis, web filtering using Meraki-Firewall, Cisco-OpenDNS
• Configure and Manage Email filtration by setting Anti-Spam, Anti-Malware, DKIM, Content Filters
• Build internal tools for data analysis to improve sales performance
• Automation of Macros to send performance reports to engineering teams using Bash/Perl scripts
• Database administrator securing SQL, PostgreSQL databases by following IAM best practices

Software Engineer @ OSI (August 2019 - Dec 2019)

• Developed and maintained mission-critical software applications, ensuring optimal functionality and performance.
• Collaborated with cross-functional teams to gather requirements and translate them into effective software solutions.
• Conducted code reviews and implemented best practices for secure coding, resulting in a reduction in code vulnerabilities by 25%.
• Actively participated in the debugging and troubleshooting of complex software issues, consistently meeting project deadlines.
• Designed and implemented automated testing procedures, enhancing software reliability and stability.

Security Intern @ Planned Parenthood Fedration of America (May 2018 - Dec 2018)

• Developed a security model for PCI-DSS compliance to enhance the physical security by creating a separate VLAN and restricting the team access on other networks
• Documented the workflows of PPFA services in AWS and gained experience in security focused cloud services i.e., OKTA (IAM), Cisco Meraki Console, RED IM, Carbon Black
• Configured and administered Network Attached Storage (NAS) Developed PCI-DSS compliant security models and documented cloud workflows for PPFA services
• Gained experience in Network Infrastructure, InfoSec & Compliance in an enterprise environment

Microsoft Student Partner @ Microsoft (August 2015 - May 2017)

• Consistently worked with Microsoft Professionals all over the nation to share the knowledge on MS technologies and run workshops
• Presented a Wi-Fi Network Penetration Testing report at a National Institute (NITW) Cyber Innovation Talk
• Professional (MVA): Microsoft Azure Fundamentals

Certifications & Publications:

• Certified Information Systems Security Professional (CISSP) - (Currently Pursuing)
• CSA’s CCSK - (Currently pursuing)
• Holistic Information Security Practitioner (HISP) Mar 2026- Mar 2029
• ISC2 Certified in Cyber Security Jan 2025 - Jan 2027
• CompTIA Security+ Mar 2023 - Mar 2027
• Autopsy Basics and hands-on - Basis Technology May 2023
• Rishika Reddy, Big Data Analytics in Healthcare, 2nd IEEE international conference on computational intelligence and communication technology (CICT 2016) [DOI: 10.1109/CICT.2016.129]

Speaking Enagagements:

• “Easy Wins With Tools You Already Have” HS-ISAC Spring Summit 2025 highlights practical strategies for maximizing value and efficiency by leveraging existing technology and resources. The presentation focuses on simple, actionable steps teams can take to reduce waste, improve workflows, and achieve immediate results-without additional investment

Upcoming……….

• “From Checkboxes to Capability, Achieving operational resilience in a regulated healthcare world “ HS-ISAC Spring Summit 2026
• “2026 AI Trends and Threat landscape” WICYS 2026
• “AI and the 2026 Threatscape: Securing Innovation in the Age of Intelligent Adversaries” GHC26

Skills:

• Security & Compliance Tools- Microsoft Purview (Compliance/DLP), Defender (Endpoint & Cloud), Carbon Black, CrowdStrike, Splunk, Nessus, SolarWinds, Dynatrace,Trend Micro, Proofpoint, Wireshark, Burp Suite, Metasploit, Nmap, TCPdump, SQLmap, PolicyTech, CORL TPRM
• Governance, Risk & Forensics- Autopsy 4.16, Risk & Control Assessments (RCSA), Incident Response, SIEM, DLP, IDS/IPS, Vulnerability Management, NIST 800-53/61, ISO 27001/2, CIS Controls, HIPAA, HITRUST, SOC 2 Type ll, PCI-DSS, GDPR
• Access Control & Identity Management- Okta, OneLogin, Intune, Entra ID (Azure AD), SonicWall/Palo Alto/Cisco ASA/Firewalls, Active Directory, IAM Policy Administration, VPN
• Cloud & Virtualization- Azure, AWS, Citrix Virtual Apps/Desktop, VMware, Hyper-V, Datto
• Networking & Systems Administration- Office 365 admin, ConnectWise Automate/Manage, VOIP, SFTP, DNS, VPN, Citrix, JIRA
• Programming & Databases- C, Bash, PHP, Java, SQL, MySQL, PostgreSQL
• Operating Systems- Windows Server (2016/2019), Kali Linux, Ubuntu
• Security Frameworks (ISO 27001, NIST, HIPAA, PCI, COBIT Frameworks)
• Threat Modeling and Risk Assessment

Education:

• M.S., Computer Science

  Texas Tech University

  2017 - 2019

• B.S., Computer Science

  Kakatiya Institute of Technology and Sciences

  2013 - 2017

References:

Available upon request.

• [Information Security Blog] (https://medium.com/@) (coming soon…..)