Expert Details

Expert in Cybersecurity Strategy, Roadmap Development, Cloud: Migration, Standards Dev, End-to-End Process Development, Go-Live Strategy after Workload Migration, Product Cybersecurity Functions

Expert ID: 736630 Illinois, USA

Request Expert

Summary
• Results driven Cyber security and Risk Management professional with 24+ years in regulated industries.
• Strong background leading cross-functional, global organizations in Cyber Security, Privacy, Risk Management, Audit and Data Protection functions
• Specialist and Subject Matter Expert in cybersecurity risk assessments on IoT, embedded systems, cybersecurity strategy and architecture development
• Familiar verticals: Banking, Healthcare, Automotive, and IT service industry

Cyber Security strategy / Roadmap development | Cloud: Migration, Standards dev, End-to-End process development, Go-Live Strategy after Workload Migration | Product cybersecurity functions | Risk Assessments/Remediation | Security cloud architecture | Data Analytics | Identify and Access Management | Data Protection | Awareness & Phishing campaigns | Enterprise Security Architecture | Cloud Security on Business Analytics solutions | ITIL processes | NIST/COBIT/ISO based Policy framework

Available for panels, in depth interviews, and surveys only.

Education

Year Degree Subject Institution
Year: 2000 Degree: Masters in Computer Applications Subject: Computer Applications Institution: Bharathidasan University
Year: 1994 Degree: Bachelors of Science Subject: Physics Institution: University of Madras

Work History

Years Employer Title Department Responsibilities
Years: 2019 to Present Employer: Undisclosed Title: Director Department: Cyber Security / Enterprise Head of Insider Threat Program Responsibilities: • Accountable for the Enterprise Insider Threat program strategy development and global implementation. Lead a global team of 15 to manage operations on DLP/UEBA monitoring on the cloud, Digital Forensics, CASB/Data labeling solutions, Data Analytics with a responsibility of budget up to $10MM annually.
• A few Items of Interest:
o Legal/HR/OEC/Privacy/LOB Relationship management and overall governance via tiered Enterprise Insider Risk Steering committee model
o Policy/Standard (AUP/Data Protection) Ownership driving 3 year program roadmap connected to Cyber/Business strategy
o Design Engineering requirements in a highly regulated industry representing program in front of External regulators/compliance boards/Auditors
o Enhanced Monitoring on High Risk functions/users/entities | Proactive Risk reduction based on Indicators of Compromise / Silent Blocks / Blocking outbound channels pre-emptively with monitoring | Social Media Surveillance | Automated Monthly Dashboards on InTP Metrics (KPIs/KRIs) | Public/Private Partnership | Human Centric InTP Awareness Program
Years: 2017 to 2019 Employer: BMO Harris Bank Title: Senior Manager Department: Cyber Security Strategy, Architecture and Innovation Responsibilities: • Implemented a global information security strategy with a forward-looking 3-year roadmap across all Information Security and Business pillars at the Bank with a $X,00 MM program funding approved by the Board. This included Cloud migration strategy for various critical and non-critical workloads at the Bank
• Led the development of Cloud migration of on-prem workloads to AWS and Azure Cloud: Created Target State Reference Architecture models, Security Design Patterns, created Runbooks (on operational tools from Azure/AWS, SIEM, MS Security center etc.,), and multiple standards for CSOC (including Exception processes) / automation modules prior to go-live (Encryption, Pentesting / Vuln scanning requirements, Compliance-as-code etc.,) on cloud monitoring efforts. Implemented security architecture standards (eg: Encryption/Authentication requirements) for critical business apps, processes and operating governance models for on-going Dashboard monitoring of application security health upon Cloud Go-live.
• Responsible for Architecture Review, Technical Design Reviews and other Governance councils from an information security perspective on Enterprise Infrastructure / Application changes including Cloud IAM processes, password-less authentication and MFA.
• Collaborated with DevOps and Tech team leads to implement security practices on Dashboard monitoring (Inventory, Vuln scanning, SOC etc.,), implementing continuous Risk Management and Compliance practices, Identity and Access Management provisioning, Exceptions Management, Standards development, and implementing an overall end-to-end dashboard prior to Go Live on Cloud workloads.
• Developed Security Design patterns on Certificate Pinning for mobile apps, Authentication models between Mastercard and BMO Online Banking solutions for on-prem and mobile apps
Years: 2015 to 2017 Employer: Abbott Laboratories Title: Global Senior Manager Department: Product Cybersecurity Responsibilities: • Assessed and remediated cyber security risks on all connected medical devices, embedded systems, connected, digital products in the cloud (AWS, GCP, Azure), and informatics solutions at Hospital/Lab environments globally.
• Implemented and managed a global program that connects cyber threats with quality, PCI, SOX, Privacy risks for Third Party risk management enterprise wide at Abbott.
• Established offensive and defensive security programs for connected medical device security testing efforts for on-prem and Cloud workloads
• Implemented a global cloud based Bug Bounty program for Medical device cybersecurity aligned with internal vulnerability and patch management, threat intelligence and incident response programs.
• Implemented Secure Development Lifecycle practices on connected medical devices aligned with cyber awareness training / campaigns, product cybersecurity white papers for regulatory consumption (Audit/FDA/Legal aspects).
• Developed and implemented an enterprise product security strategy for Cloud IAM with operational and management metrics including KPI/KRIs while managing a staff of 8 globally.
• Extensive experience in interpreting/applying IT Risk Management frameworks. Frameworks include: COSO, COBIT, ITIL, NIST SP 800-53 as well as NIST Critical Infrastructure / Core Cybersecurity Framework
• Negotiated product contract terms with consumers/vendors protecting Abbott’s cyber liabilities
Years: 2013 to 2015 Employer: Abbott Laboratories Title: Deputy CISO / Global IT Risk and Security Manager Department: Responsibilities: Key accountabilities:
• Implemented and managed Advanced malware detection for endpoint and network security programs, SIEM/MSSP services for the global enterprise
• Developed Target Reference Architecture, Security Design patterns and Security Architecture models on Cloud / customer facing critical Enterprise global applications
• Steering committee member / Active stakeholder on the following Enterprise programs: IAM, Data Labeling standards, GRC program, Information security strategy, Red team assessments, PKI, Vulnerability / Patch management, Cyber awareness including phishing campaigns
• Threat Intel – Strategic and Tactical Intel gathering and dissemination across Sr. Business and IT Execs

Areas of responsibilities:
• Provide backup CISO services
• Monthly enterprise IT security metrics with KRIs/KPIs reporting to Sr. IT leadership
• Information Security policy / process review with peer divisional IT organizations
• Single Point of contact for Information Security on Cloud migrations, audit/compliance reviews, Enterprise Network and Application Security Exception approvals for Risk acceptance
• Review of enterprise procurement contracts for security clauses and deviations
• Managed department and project budgets / finances, Oversee cybersecurity advisory services
• HR accountability for 6 staff
Years: 2010 to 2013 Employer: Abbott Laboratories Title: Application Security Architect / Program Manager Department: Responsibilities: • Application Security architect / Program manager for global and business specific enterprise applications running SharePoint / SAP including but not limited to myHR, SAP, enterprise portals. Architected multiple external facing global enterprise portals on SSO/Federated PING/SAML aligned with corporate IAM strategies
• Performed Security Architecture Reviews of Enterprise critical applications
Years: 2002 to 2010 Employer: Abbott Laboratories Title: Sr. IT Consultant Department: Responsibilities: • Led global enterprise application/infrastructure support operations leading a staff of 9 SMEs (onshore/offshore)
• Managed enterprise infrastructure and application roll out delivery working with global teams. Developed project plans, communication plans, risk / impact assessments, Service Level Agreements and SOW, ROI and TCO analysis
Years: to Present Employer: Undisclosed Title: Prior Positions Department: Responsibilities: Systems Administration, Database developer, DBA, and Network Engineering activities at Merrill Lynch (2000 – 2002), Ford Motor Company (1999-2000) and a Private service industry (1994-1999).

Career Accomplishments

Associations / Societies
Member: FS-ISAC | AAMI | Infragard | ISC2 | Fintech Insider Risk Committee | HiTrust | MedSec | MDISS
Licenses / Certifications
CISSP 2013, CISA 2019, PMP 2007

Fields of Expertise

Request Expert

Dev Tool:

Request: expert/cybersecurity-strategy-roadmap-development-cloud-migration-standards-dev-end-to-end-process-development-go-live-strategy-after-workload-migration-product-cybersecurity-functions
Matched Rewrite Rule: expert/([^/]+)(?:/([0-9]+))?/?$
Matched Rewrite Query: experts=cybersecurity-strategy-roadmap-development-cloud-migration-standards-dev-end-to-end-process-development-go-live-strategy-after-workload-migration-product-cybersecurity-functions&page=
Loaded Template: single-experts.php