Expert in Cybersecurity Strategy, Roadmap Development, Cloud: Migration, Standards Dev, End-to-End Process Development, Go-Live Strategy after Workload Migration, Product Cybersecurity Functions
Expert ID: 736630 Illinois, USA
• Results driven Cyber security and Risk Management professional with 24+ years in regulated industries.
• Strong background leading cross-functional, global organizations in Cyber Security, Privacy, Risk Management, Audit and Data Protection functions
• Specialist and Subject Matter Expert in cybersecurity risk assessments on IoT, embedded systems, cybersecurity strategy and architecture development
• Familiar verticals: Banking, Healthcare, Automotive, and IT service industry
Cyber Security strategy / Roadmap development | Cloud: Migration, Standards dev, End-to-End process development, Go-Live Strategy after Workload Migration | Product cybersecurity functions | Risk Assessments/Remediation | Security cloud architecture | Data Analytics | Identify and Access Management | Data Protection | Awareness & Phishing campaigns | Enterprise Security Architecture | Cloud Security on Business Analytics solutions | ITIL processes | NIST/COBIT/ISO based Policy framework
Available for panels, in depth interviews, and surveys only.
|Year: 2000||Degree: Masters in Computer Applications||Subject: Computer Applications||Institution: Bharathidasan University|
|Year: 1994||Degree: Bachelors of Science||Subject: Physics||Institution: University of Madras|
|Years: 2019 to Present||Employer: Undisclosed||Title: Director||Department: Cyber Security / Enterprise Head of Insider Threat Program||Responsibilities: • Accountable for the Enterprise Insider Threat program strategy development and global implementation. Lead a global team of 15 to manage operations on DLP/UEBA monitoring on the cloud, Digital Forensics, CASB/Data labeling solutions, Data Analytics with a responsibility of budget up to $10MM annually.
• A few Items of Interest:
o Legal/HR/OEC/Privacy/LOB Relationship management and overall governance via tiered Enterprise Insider Risk Steering committee model
o Policy/Standard (AUP/Data Protection) Ownership driving 3 year program roadmap connected to Cyber/Business strategy
o Design Engineering requirements in a highly regulated industry representing program in front of External regulators/compliance boards/Auditors
o Enhanced Monitoring on High Risk functions/users/entities | Proactive Risk reduction based on Indicators of Compromise / Silent Blocks / Blocking outbound channels pre-emptively with monitoring | Social Media Surveillance | Automated Monthly Dashboards on InTP Metrics (KPIs/KRIs) | Public/Private Partnership | Human Centric InTP Awareness Program
|Years: 2017 to 2019||Employer: BMO Harris Bank||Title: Senior Manager||Department: Cyber Security Strategy, Architecture and Innovation||Responsibilities: • Implemented a global information security strategy with a forward-looking 3-year roadmap across all Information Security and Business pillars at the Bank with a $X,00 MM program funding approved by the Board. This included Cloud migration strategy for various critical and non-critical workloads at the Bank
• Led the development of Cloud migration of on-prem workloads to AWS and Azure Cloud: Created Target State Reference Architecture models, Security Design Patterns, created Runbooks (on operational tools from Azure/AWS, SIEM, MS Security center etc.,), and multiple standards for CSOC (including Exception processes) / automation modules prior to go-live (Encryption, Pentesting / Vuln scanning requirements, Compliance-as-code etc.,) on cloud monitoring efforts. Implemented security architecture standards (eg: Encryption/Authentication requirements) for critical business apps, processes and operating governance models for on-going Dashboard monitoring of application security health upon Cloud Go-live.
• Responsible for Architecture Review, Technical Design Reviews and other Governance councils from an information security perspective on Enterprise Infrastructure / Application changes including Cloud IAM processes, password-less authentication and MFA.
• Collaborated with DevOps and Tech team leads to implement security practices on Dashboard monitoring (Inventory, Vuln scanning, SOC etc.,), implementing continuous Risk Management and Compliance practices, Identity and Access Management provisioning, Exceptions Management, Standards development, and implementing an overall end-to-end dashboard prior to Go Live on Cloud workloads.
• Developed Security Design patterns on Certificate Pinning for mobile apps, Authentication models between Mastercard and BMO Online Banking solutions for on-prem and mobile apps
|Years: 2015 to 2017||Employer: Abbott Laboratories||Title: Global Senior Manager||Department: Product Cybersecurity||Responsibilities: • Assessed and remediated cyber security risks on all connected medical devices, embedded systems, connected, digital products in the cloud (AWS, GCP, Azure), and informatics solutions at Hospital/Lab environments globally.
• Implemented and managed a global program that connects cyber threats with quality, PCI, SOX, Privacy risks for Third Party risk management enterprise wide at Abbott.
• Established offensive and defensive security programs for connected medical device security testing efforts for on-prem and Cloud workloads
• Implemented a global cloud based Bug Bounty program for Medical device cybersecurity aligned with internal vulnerability and patch management, threat intelligence and incident response programs.
• Implemented Secure Development Lifecycle practices on connected medical devices aligned with cyber awareness training / campaigns, product cybersecurity white papers for regulatory consumption (Audit/FDA/Legal aspects).
• Developed and implemented an enterprise product security strategy for Cloud IAM with operational and management metrics including KPI/KRIs while managing a staff of 8 globally.
• Extensive experience in interpreting/applying IT Risk Management frameworks. Frameworks include: COSO, COBIT, ITIL, NIST SP 800-53 as well as NIST Critical Infrastructure / Core Cybersecurity Framework
• Negotiated product contract terms with consumers/vendors protecting Abbott’s cyber liabilities
|Years: 2013 to 2015||Employer: Abbott Laboratories||Title: Deputy CISO / Global IT Risk and Security Manager||Department:||Responsibilities: Key accountabilities:
• Implemented and managed Advanced malware detection for endpoint and network security programs, SIEM/MSSP services for the global enterprise
• Developed Target Reference Architecture, Security Design patterns and Security Architecture models on Cloud / customer facing critical Enterprise global applications
• Steering committee member / Active stakeholder on the following Enterprise programs: IAM, Data Labeling standards, GRC program, Information security strategy, Red team assessments, PKI, Vulnerability / Patch management, Cyber awareness including phishing campaigns
• Threat Intel – Strategic and Tactical Intel gathering and dissemination across Sr. Business and IT Execs
Areas of responsibilities:
• Provide backup CISO services
• Monthly enterprise IT security metrics with KRIs/KPIs reporting to Sr. IT leadership
• Information Security policy / process review with peer divisional IT organizations
• Single Point of contact for Information Security on Cloud migrations, audit/compliance reviews, Enterprise Network and Application Security Exception approvals for Risk acceptance
• Review of enterprise procurement contracts for security clauses and deviations
• Managed department and project budgets / finances, Oversee cybersecurity advisory services
• HR accountability for 6 staff
|Years: 2010 to 2013||Employer: Abbott Laboratories||Title: Application Security Architect / Program Manager||Department:||Responsibilities: • Application Security architect / Program manager for global and business specific enterprise applications running SharePoint / SAP including but not limited to myHR, SAP, enterprise portals. Architected multiple external facing global enterprise portals on SSO/Federated PING/SAML aligned with corporate IAM strategies
• Performed Security Architecture Reviews of Enterprise critical applications
|Years: 2002 to 2010||Employer: Abbott Laboratories||Title: Sr. IT Consultant||Department:||Responsibilities: • Led global enterprise application/infrastructure support operations leading a staff of 9 SMEs (onshore/offshore)
• Managed enterprise infrastructure and application roll out delivery working with global teams. Developed project plans, communication plans, risk / impact assessments, Service Level Agreements and SOW, ROI and TCO analysis
|Years: to Present||Employer: Undisclosed||Title: Prior Positions||Department:||Responsibilities: Systems Administration, Database developer, DBA, and Network Engineering activities at Merrill Lynch (2000 – 2002), Ford Motor Company (1999-2000) and a Private service industry (1994-1999).|
|Associations / Societies|
|Member: FS-ISAC | AAMI | Infragard | ISC2 | Fintech Insider Risk Committee | HiTrust | MedSec | MDISS|
|Licenses / Certifications|
|CISSP 2013, CISA 2019, PMP 2007|