Jul 2020 – Jan 2024 · 3 yrs 6 mos

• I was part of the Cyber Security Governance, Risk and Compliance function.
• Key Accomplishments in Cyber Security GRC role:
• Risk Management
• As part of GRC operations revamp plan, improved existing processes for operational efficiency
• Managed global projects for security risk assessments performed by US and Europe regions with focus on closure within agreed upon TAT
• Established Risk Management governance for ASEAN entities and regimented Vendor Risk Assessment process
• Revised Information Security controls as part of Architecture Review Board review
• Jointly strategized on global application repository data clean-up campaign and achieved targeted results
• Integrated System Risk Assessment process into Architecture Review Board; Achieved streamlined process and single point security validation experience for business units saving time and effort
• Contributed significantly to the 360-degree Project Health Assessment program as Security CoE by partnering with other CoEs like Engineering, Quality, Documentation, Agile, etc to provide single window review of projects saving time & effort for business units.
• 🏆 This project received global recognition as it was awarded V-up Accomplishment Award by the CEO.
• Worked closely with HQ counterparts to select and test features of GRC automation tool
• Policy Governance
• Reviewed and revised of Global Security Standards and coordination with US and Europe regions
• Security Culture Initiatives
• Automated monthly Security induction sessions for contractors into video-based training saving 5 man-hours every month. This project won global CEO recognition in the form of V-up Accomplishment Award for FY22. 🏆
• Ideated and started Security Awareness monthly Mailers & Newsletters to foster 'Security First' culture. This is widely appreciated by leadership for promoting security awareness.
• Key contribution to adapt and introduce Information Security Annual eLearning Refresher for staff

Jul 2019 – Jun 2020 · 11 mos

• Hired as Dy General Manager with a mandate to set up BISO function initially for Marketing and Sales Dept. My role progressively expanded to cover many other key departments to promote Nissan Cyber Security Program adoption, policy enforcement, security advisory, security culture building and evangelize security best practices.
• 🏆 Received peer recognition via High Five Award in 2020

May 2017 – May 2019 · 2 yrs · Philips Innovation Campus, Bangalore

• Leadership role in promoting security value-add through engagements with Business Groups/Functions across Indian Subcontinent (ISC)
• Recruited to establish Business Engagement function for InfoSec to all Business Groups/Departments across Indian Subcontinent region.
• Serve as Regional Security Business Partner to businesses and establish relationship with key business stakeholders to engage them actively on security matters and drive compliance to InfoSec Management Framework - policies, procedures, guidelines & standards.
• Key Achievements:
• Established CISO presence across ISC region among key BGs/Depts and self as SPOC for InfoSec matters and promote compliance to security policies, standards and best practices through Business Engagement meetings.
• Created mindshare among employees and key business leaders about importance of cyber security by serving as SPOC for security and compliance related matters.
• Collaborated with other relevant CISO teams to improve security posture on specific projects as required.
• Promoted positive security culture among employees within ISC through various security awareness initiatives - introduced new hire induction, promoted compliance to online IS awareness trainings, envisioned & launched cyber security daily news roundup – collate real-world news/insights, populate & e-publish, etc
• Built CISO Ambassador Network across ISC to serve as last mile effective delivery of security messages to staff
• Actively engage with BG/Functions in Indian Subcontinent to drive compliance to Philips Security Policies, Standards & Best Practices through Deployment activities.
• Partner with businesses and handhold them in implementing/facilitating security initiatives as per goals.
• Reach out to business leadership teams to introduce CISO organization priorities, assess maturity levels, provide advisory to improve security posture and report status.

Jun 2015 – May 2017 · 1 yr 11 mos · Bangalore

• Reported to CEO
• Leadership role in driving Information Security program for ISGN covering US and India.
• Lead Governance, Risk & Compliance programs for ISO 27001:2013 ISMS and SSAE 16 Audit
• Successfully cleared ISO 27001 ISMS CAV Assessment by BSI & SSAE 16 by KPMG
• Drive Business Continuity Program covering SaaS applications, shared services & IT function
• Envision and strategize key security initiatives to improve information security posture enterprise-wide
• Lead policy governance program covering Information Security, Infrastructure Security, Application Security, Data Privacy, Business Continuity - develop, maintain and publish security policies, procedures, standards, guidelines and ensure enforcement
• Perform ongoing Risk Assessments, Control Effectiveness Tests highlight risks to IS Steering Committee, provide mitigation solutions and track them for closure
• Run Vulnerability Assessment & Penetration Testing (VAPT) Program through SMEs for key applications and IT network and ensure timely closure
• Drive Security Awareness, Education and Training programs on various security topics - policies, risks, threats, etc and advocate adoption of best practices to protect sensitive data
• Draft periodic awareness emails on security best practices, policy updates and handle security & BCP emergency/crisis communication across the company
• Oversee submission of information security, business continuity-related inputs for RFIs, RFPs to existing and potential clients
• Review security-related clauses on Master Service Agreements, Vendor Contracts and other legal documentation
• Liaison with internal and external stakeholders - clients, regulators for security audits, assessments & reviews and provide inputs as necessary, track audit findings and ensure timely closure.
• Investigate security incidents and preform root cause analysis, reporting, put in place measures to avoid recurrence
• Prepare Security Dashboards with KRI metrics for management reporting

May 2013 – Jun 2015 · 2 yrs 1 mo · ITPL, Bangalore

• Reported to Head of Risk and Head - Information Security
• Key role in driving information security function across SG GSC
• Recruited to prep and roll out ISO 27001 ISMS across SG GSC Bangalore and be responsible to deliver the Group’s Information Security Program at organizational-level across 8 Business Lines covering 4500+ users.
• Member of core IS team set up to provide strategic direction to and operationalize Information Security function.
• Key role in improving company’s information security strategy, practices & effecting enterprise-wide culture change.
• Maintaining Security Compliance Framework as per SG Security policy & directives.
• Achievements:
• Revamped IAM Governance framework annual intervention schedule and rolled out enterprise-wide
• Implemented enhanced security controls project to secure sensitive data
• Improved processes for data leakage protection (DLP) for outbound emails
• Developed control framework for security health checks monitoring
• Raised visibility of information security function company-wide through Risk Culture program and revitalized Security Awareness Program
• Revised end user security documentation – policies, procedures, cheat sheets & induction ppts
• Performed gap analysis for ISMS implementation
• Migrated routine BAU activities to back-end process team
• Rolled out global risk mitigation initiatives and security projects
• Ran periodic User Access Review campaigns and ensured 100% compliance
• Drafted vendor risk management framework and controls
• Audit interface and coordination for all IS-related queries
• Completed Audit Remediations within agreed timelines
• Enhanced visibility of security performance by publishing new metrics in risk dashboard
• Conceptualized and launched "Risk News" quarterly newsletter of Risk Dept across the company
• Improved KRI parameters for enhanced reporting to global head quarters
• 🏆 Received Spot Award for promoting IS function and knowledge sharing initiatives.

Apr 2010 – May 2013 · 3 yrs 1 mo · ITPL, Bangalore

• Reported to: Country Head, Technicolor India and Director - Worldwide Content Anti-Piracy Office, USA
• Hired to set up Technicolor Security Office at Technicolor India and drive corporate security program covering information and physical security for all business units - Technicolor Digital Productions (Animation & Gaming), Technicolor Media Services, DreamWorks Dedicated Unit (DDU) and Moving Picture Company (MPC) covering 1300+ users.
• Convenor of Country Security Council set up to provide strategic direction to Information Security & Corporate Security function.
• Principal role in improving company’s security strategy, practices & effecting enterprise-wide culture change.
• Maintain security compliance framework as per Technicolor Global Security Policy and with client-specific requirements, CDSA, MPAA, SOX & other security standards.
• Key Achievements:
• Built Technicolor India's Information Security and Corporate Security Program from ground up to global standards fully aligned with the Group's Security Policy.
• Security Governance, Risk & Compliance program for Technicolor India
• Established Country Security Council - India for providing strategic direction & roadmap to the India Security Program
• Got Technicolor India Content Delivery Security Assessment (CDSA) certified for 3 consecutive years.
• Lead MPAA Site Security Survey audit interface and passed successfully
• Drive Risk Assessment Program for India
• Handled Internal & Statutory Audits for InfoSec incl SOX compliance
• Drafted and implemented site-specific policies, procedures & best practices covering information security, corporate security, BCM & safety programs
• Instrumental in raising visibility of security function across BUs - periodic security induction & awareness programs
• Started and served as Editor of "Technicolor India News" corporate newsletter of Technicolor India and ran it successfully as a monthly e-publication for 2 years.

Sep 2007 – Mar 2010 · 2 yrs 6 mos · Prestige Tech Park, Bangalore

• Reported to: Director - Information Security, Redwood Shores, USA and Managing Director - India
• Recruited to head Yodlee Security Office (YSO) at Yodlee India and be responsible to deliver Information Security & Business Continuity Program at organizational level for Bangalore office in line with corporate security policy.
• Revitalized Information Security function and commenced BAU operations.
• Established enterprise-wide Business Continuity Program and was responsible for maintaining BCM life-cycle
• Ensured end-user compliance to security policies & practices and maintain security compliance framework as per Yodlee Security Policy
• Handled multiple audits by different clients in BFSI domain covering InfoSec and BCM domains and ensure zero NCs.
• Part of team that helped achieve PCI DSS compliance for 2 consecutive years.
• Revived, revamped and served as Editor of "Yodlee Security News" monthly newsletter of Yodlee Security Office and ran it successfully as a monthly e-publication for 1.9 years.
• Started and served as Editor of "Yodlee India Voice" corporate newsletter of Yodlee India and ran it successfully as a monthly e-publication for 1 year.
• 🏆 Received Appreciation Note from Managing Director for PCI DSS Audit support and coordination leading to achieving PCI DSS compliance

Jan 2006 – Present · 20 yrs 4 mos · Bangalore

• I believe in learning and sharing knowledge through speaking opportunities in professional security conferences, academic institutions and in-house corporate events.
• I avail these speaking engagements in my personal capacity and as such all views I express are personal and do not reflect my employers'.
• I'm selective in my choice of events where I'm invited to speak and my services, in the spirit of giving back to my industry/society are pro bono.
• A few of the notable events where I was a featured Speaker / Moderator / Host:
• 1. Center of Excellence for Innovation, Incubation and Entrepreneurship, GITAM University, Bangalore - Jan 2019
• Topic: "Importance of Stringent Cyber Security Measures for SMEs".
• 2. Big Cyber Security Show and Awards, The Leela Mumbai - Sep 2018
• Panel Moderator on "Cyber Hygiene in Today's Threatscape" with panelists from leading companies.
• Fireside chat host on "Insider Threat Management Program".
• 3. REVA Academy for Corporate Excellence (RACE), REVA University, Bangalore - Sep 2018 & Feb 2019
• Topic: "Building a Successful Cyber Security Career"
• 4. Overseas Security Advisory Council (OSAC) Meet, Vivanta by Taj, Bangalore - Aug 2018
• Topic: "Physical Security Meets Cyber Security - Convergence is the Way Forward"
• 5. National Privacy Summit, ISC2 Bangalore Chapter, Radisson, Bangalore - Aug 2018
• Topic: "Building a Culture of Privacy"
• 6. In-house Talk at Concentrix, Bangalore - Aug 2017
• Topic: "Building an Enterprise Information Security Program"
• 7. Institute for Development and Research in Banking Technology (IDRBT), Hyderabad - 2013, 2014, 2015
• Addressed sessions on Cyber Fraud / Cyber Crimes / Cyber Risks & Threats to participants for 3 consecutive years.
• 8. Overseas Security Advisory Council (OSAC) Meet, Microsoft Campus, Hyderabad - 2006
• Delivered a talk on "Understanding Cyber Crimes"

Jan 2006 – Aug 2007 · 1 yr 7 mos · Bangalore

• Reported to: Managing Director - South India
• Recruited to spearhead the setting up of Cyber Security Division as a distinct service vertical for G4S Security Services, India across NAMESA region.
• Scope of position is expansive and includes team direction in various facets of Information Security – ISO 27001 Audits, Risk Assessments & Gap Analysis, P&E Security Reviews, Info Security Awareness Training & Course Design, Security Policy Review, Consulting & documentation, Cyber Crime Investigation liaison with cyber crime police, etc
• Responsible for running the division as a profit center in tandem with other IT Security SBUs
• Represented the company on Cyber Security initiatives in various industry events and client meetings

Jan 2006 – Jan 2006 · 0 mo · Bengaluru, Karnataka, India

• Cyber Crimes - A Primer on Internet Threats and Email Abuses was published by Viva Books, New Delhi in 2006 with republications in 2010 and 2013.
• The book was a hit with non-IT people interested to learn about cyber crimes and to safeguard themselves from becoming victim when online.
• Book Reviews:
• Financial Express
• https://www.financialexpress.com/archive/do-you-have-a-cyber-shield/58869/
• The Hindu Business Line
• https://www.thehindubusinessline.com/todays-paper/tp-eworld/Why-most-e-government-projects-fail/article20233199.ece
• The book is designated as a reference book for PG-level degrees in many universities across the world and stocked in libraries of leading universities. Also, cited by research scholars in their research papers.

May 2005 – Jan 2006 · 8 mos · Bangalore

• Reported to: Senior Director - Engineering, India and Data Center Manager, Portland, USA
• Was site lead for Nike, Australia handling email gateway to monitor and prevent malware and spam.
• During my tenure I wrote my 2nd book titled Cyber Crimes - A Primer on Internet Threats and Email Abuses and got it published by Viva Books, New Delhi.
• Job Roles: Internet Security Gateway Administrator, Process Trainer, Documentation Specialist

Jan 2004 – Apr 2005 · 1 yr 3 mos · Babukhan Millennium Center, Hyderabad

• First point of contact for all Security-related issues of members.
• Technical support for providing security solutions
• Process Trainer
• Documentation specialist

Jul 2003 – Dec 2003 · 5 mos · Hyderabad, Telangana, India

• I lived my dream as a full-time writer and got my 1st book - Career Excellence published in two volumes in both paperback and hardbound editions by Atlantic Publishers, New Delhi.
• Super proud to have authored a 2-volume book when I was just 24!
• https://www.amazon.com/Career-Excellence-Pt-Ram-Kumar/dp/8126904917

Jan 2003 – Jun 2003 · 5 mos · Cyber Gateway, Hyderabad

• Customer Support for Banking products & services