# Kritica Sinha, CISSP > Sr. Software Engineer, Information Security | External Party Risk Management | Carnegie Mellon University Location: Herndon, Virginia, United States Profile: https://flows.cv/kritica I am an Information Security and Risk Management professional with 7+ years of experience delivering high-impact security, privacy, and risk solutions across global technology, retail, and consulting organizations. I specialize in Security Risk Automation, Third-Party Risk Management (TPRM), Governance Risk & Compliance (GRC), Cloud Security, and Data Privacy. Throughout my career at leading firms like Walmart and EY, I have built scalable risk management frameworks, automated security workflows, and led privacy and compliance initiatives aligned to standards such as NIST CSF, ISO 27001, GDPR, and SOC 2. I specialize in designing secure workflows that balance operational efficiency with regulatory compliance, saving millions in risk mitigation and process optimization costs. My technical background in Python, Java Spring Boot, React, Apache Spark, and cloud security technologies enables me to bridge the gap between cybersecurity principles and scalable architecture. I bring a strong focus on automation, data-driven decision making, and cross-functional collaboration with engineering and information security teams. Above all, I’m passionate about enabling businesses to innovate securely, proactively manage risks, and drive trust with their customers and partners. Key areas of expertise:
 • External Party Risk Management • Security Automation & Risk Scoring Algorithms
 • Developing Applications • Application Security Risk Assessments
 • Data Privacy & GDPR Compliance
 • Cloud Security & Threat Modeling
 • Incident Management & Governance
 • SOC 2, ISO 27001, Hi-Trust Assessments
 • Data Security, DLP, and Privacy Engineering ## Work Experience ### Senior Software Engineer, Information Security | Risk & Compliance @ Walmart Global Tech Jan 2023 – Present | Reston, Virginia, United States • Engineered an automated solution to streamline the external party recommendation process by analyzing third-party risk assessment data and implementing an operations-defined scoring algorithm • Spearheaded the design and deployment of an automated notification system using Thymeleaf, eliminated manual email processes, and reduced notification effort to stakeholders • Developed comprehensive end-to-end process flow diagrams to visualize data exchange scenarios between multiple systems, covering request creation, assignment, and closure stages of the external party risk assessments process • Enabled cross-functional teams to understand system components and necessary functionalities, streamlining the integration and data flow mapping across database tables and microservices • Implemented a scalable data pipeline leveraging Apache Spark to integrate big data from GCP-hosted sources to automate research and contact tracing • Implemented a React-based user interface, enabling business users to create and manage external party risk assessment tickets seamlessly Empowered stakeholders to self-serve key information such as assessment results, contact details, and security certifications, reducing operational dependency and streamlining decision-making • Engineered a Spring Boot microservice to create APIs, providing seamless integration with stakeholder tools to process assessment data in real-time. Enabled end-to-end automation of risk assessment workflows and enhanced visibility into external party risk posture ### Risk Lead, Cybersecurity @ Walmart Global Tech Jan 2023 – Jan 2023 | Reston, Virginia, United States • Engineered a Python-based microservice to ingest and process data from external sources and apply an operations-defined algorithm against Walmart’s security baselines ### Senior Risk Specialist, Cybersecurity @ Walmart Global Tech Jan 2021 – Jan 2023 | Reston, Virginia, United States Software Development: • Creating a front end to showcase the analysis results for consumption by the risk analyst team and the leadership • Developed a solution to automate the vendor recommendation process by analyzing the assessment data generated from vendor risk assessments, and calculated the recommendation score based on the set threshold from the analyst team. This enabled the reduction of the backlog of unassessed vendors in the Walmart environment and the assessment work hours per individual Programming languages used: Python, React, Node.js, Sequelize Vendor Risk Analysis: • Conducted risk assessments for vendors handling highly sensitive data, reviewed ISO 27001 Statement of Applicability and Hi-Trust Reports • Conducted internal market assessments for Walmart’s markets to ensure compliance with NIST SP 800-53 and NIST CSF • Created a Tableau Story for the leadership to provide an overview of the vendor assessment process which included assessed vendor count, third-party source turnaround time, team turnaround time ### Featured Expert @ Criya (YC W22) Jan 2023 – Jan 2023 | United States ### Student Consultant - Capstone Project @ Tata Consultancy Services Jan 2020 – Jan 2020 | Pittsburgh, Pennsylvania, United States • Created an AI/ML solution for voice fraud detection using biomarkers from the audio datasets • Preprocessed the audio datasets to extract features such as frequency, pitch, emotions, vocal tension and analysed them with respect to chroma feature, spectral centroid, valence, and arousal ### Graduate Teaching Assistant @ Carnegie Mellon University - Heinz College of Information Systems and Public Policy Jan 2020 – Jan 2020 Helping students with the concepts of Decision Making Under Uncertainty and Blockchain Fundamentals ### Academic Tutor - Python Programming @ Carnegie Mellon University - Heinz College of Information Systems and Public Policy Jan 2020 – Jan 2020 ### Graduate Teaching Assistant @ Carnegie Mellon University - Heinz College of Information Systems and Public Policy Jan 2020 – Jan 2020 Helping students with the concepts of Negotiation ### Data Analyst Intern @ SingleSource Property Solutions Jan 2020 – Jan 2020 | Pittsburgh, Pennsylvania, United States • Developed a business analytics solution to provide insights that would play a key role in improving the processes and increasing the COVID impacted productivity by at least 90% • Engineered the raw call reports generated from 3CX Management Console using python to update the database (Microsoft SQL) with clean and relevant data • Conceptualized and delivered a Tableau story using the newly created tables to project agent wise productivity, daily staffing requirements, department productivity and trend over a time period • Architected and deployed a forecasting solution by querying on a 2 billion product lifecycle data set to identify the time-consuming status movements and product line, thereby allowing the management to use the projections when engaging with clients • Calculated the total time taken for orders to move from one status to another (order created to billed) and presented the overall state of order lifecycle through boxplot representation using Matplotlib for the purpose of forecasting ### Student Consultant - CMU @ MUFG Jan 2019 – Jan 2019 | United States • Developed an OCC-compliant risk management model that will enable products, services, features, channels and market segments to be risk-assessed in a reusable, modular fashion ### Security Consultant @ EY Jan 2018 – Jan 2019 | Gurgaon, India • Performed Third-Party Risk Assessment and Business Impact Analysis for apparel, accessories, and sports equipment industry client leveraging NIST CSF, NIST SP 800-53 standards, and SOC 2 Type 2 reports. Assessed Software Application Security controls, Cloud Security controls, and other organizational controls constructed risk reports highlighting the business and technical risks, and assisted with a remediation plan to follow the industry best practices and stay compliant to industry standards. • Conducted application security risk assessment of critical applications/assets of a major banking client. Created threat models and risk reports to present the client/management with the mapping of threats and vulnerabilities to risks and their business impacts. ### Security Analyst @ EY Jan 2017 – Jan 2018 • Monitored and analyzed Symantec (Network and Host) Data Loss Prevention (DLP) events and identified false positives and security events. Generated escalation reports to inform business delegates for further actions. • Performed privacy impact assessment for systems in a leading conglomerate, serving more than 1000 applications / systems / products, and identified gaps with respect to GDPR compliance. Advocated identification of Personally Identifiable Information collected/stored/processed by the client and helped in maintaining the Record of Processing Activities(ROPA) for the product families. ### Analyst @ EY Jan 2016 – Jan 2017 • Assisted the Data Security Program team as Data Security Program Consultant with analysis of DLP data. Reviewed and analyzed Network (Symantec) and Host (McAfee) DLP events to identify operational business processes, potential data loss events, false positives. • Analyzed “low impact” devices, as defined by NERC CIP v5 and v6, of client’s transmission medium impact substations. Recommended controls and developed baseline configuration manuals and security configuration field guides and conducted a firmware analysis for the devices in scope. ## Education ### Master's degree in Information Systems Management with concentration in Business Intelligence and Data Analytics Carnegie Mellon University - Heinz College of Information Systems and Public Policy Jan 2019 – Jan 2020 ### Bachelor of Engineering in Information Science & Engineering Dayananda Sagar Institutions Jan 2012 – Jan 2016 ## Contact & Social - LinkedIn: https://linkedin.com/in/kriticasinha --- Source: https://flows.cv/kritica JSON Resume: https://flows.cv/kritica/resume.json Last updated: 2026-03-22