P.C.S.RAVI SHANKAR

• Established the Control Management Office (CMO) within the Data Engineering organization to embed structured risk governance across all service lines.
• Hired, mentored, and trained a new control team, embedding knowledge of the Risk Management Framework (RMF), control testing, and regulatory compliance best practices.
• Functioned as the Federated Control Owner for 50+ controls, ensuring continuous monitoring, evidence capture, and regulatory compliance across Data Engineering platforms.
• Implemented service line-level control monitoring dashboards to proactively detect control design and operational gaps, enabling early remediation, and stronger assurance.
• Faced with global regulators and auditors (PRA, RBI, HKMA, internal, and external audit teams), we successfully demonstrated control, operational effectiveness, and risk mitigation outcomes.
• Partnered with engineering and cybersecurity teams to define and track remediation plans, ensuring timely closure of issues, and uplift of control maturity.
• Standardized governance processes across service lines, ensuring consistency, accountability, and traceability across distributed control environments.
• Instilled a proactive risk culture by guiding engineering leads on evidence-based reporting and continuous improvement, reducing external audit observations, and increasing self-identified issues.
• Developed control scorecards and regulatory dashboards tracking 50+ risk indicators, enhancing transparency, and reducing manual reporting by 40%.
• Automated control testing and evidence generation, cutting compliance reporting effort by 45%, and accelerating audit readiness cycles.
• Mentored over 20 global control professionals, improving certification rates and leadership pipeline strength across India, China, Poland, and the U.S.
• Established the Risk & Control Management function from inception for the Data Technology & Services organization, designing the governance structure, control ownership model, and global engagement processes.
• Partnered across all levels, from the Data CIO, GDAO leadership, and senior executives to analysts, to map service ownership, application inventories, and risk accountability across global businesses.
• Educated senior leadership and engineering teams on control governance, Risk Management Framework (RMF), and regulatory readiness, fostering a culture of proactive risk ownership.
• Redesigned the control model by segregating Data Control Design from Technology, Cybersecurity, and Operational Controls, to establish clear accountability and effective oversight.
• Formed and co-chaired governance forums overseeing Data Control Design, Tech, and Cyber Controls, aligning with global risk appetite and 2LOD (Enterprise Risk Management) expectations.
• Implemented the enterprise Data Risk Control Framework, securing board endorsement, and achieving 100% audit compliance in the initial assessment cycle.
• Directed RCSAs (Risk & Control Self-Assessments) and TCSAs (Technology Control Self-Assessments), remediating key gaps, and improving enterprise control coverage.
• Partnered with 2LOD, Data Control Owners, and federated tech teams to co-design risk mitigation controls, and define key control indicators (KCIs).
• Supported the CIO in major regulatory audits (OCC, PRA, HKMA, CBRICS, ECB), creating remediation plans that reduced control gaps, and improved audit readiness.
• Achieved an 80% increase in management self-identified issues, and a 20% reduction in audit findings, evidencing improved control maturity and self-assurance.
• Double-hatted as CCO for Architecture and Cyber Controls (Access Management, Data Security, Network Security), working with control owners to uplift design, and secure governance approvals.
• Led regional data risk adoption programs across Asia (India, China, Hong Kong, Indonesia, Malaysia, Singapore, Sri Lanka, Bangladesh, Taiwan, and Australia), ensuring consistent data control implementation across markets.

• Directed a 24x7 global security operations team of 25+ analysts, ensuring 99.99% uptime for enterprise security toolsets, and uninterrupted global protection coverage.
• Spearheaded global migration of IAM and security processes from the UK/Singapore to India; built a 25-member high-performance team, and executed knowledge transfer programs, achieving zero service disruption.
• Implemented CyberArk-based PAM solution across three global regions, migrating over 10,000 privileged accounts, and automating credential lifecycle management, boosting audit compliance by 40%.
• Deployed an enterprise-wide security technology stack (Skybox, Symantec CCS, Lumension, Nessus, MVM), strengthening firewall governance and endpoint protection across 10,000+ assets.
• Built real-time IAM dashboards to track privileged access and remediation, improving audit traceability, and reducing compliance reporting effort by 30%.
• Partnered with compliance and audit teams to close security gaps, achieving a 25% year-over-year improvement in IAM audit scores and full policy compliance within 18 months.
• Introduced LEAN-based process optimization and talent development programs, improving team productivity by 20% and achieving top-quartile staff retention (95%) across Security Engineering.

• Exhibited leadership skills in managing a team of 15+ IAM professionals, partnering, and collaborating with multiple business teams and leaders to deliver IAM goals.
• Administered Identity Access Management (IAM) functions of Identity Access Lifecycle Management, Identity Governance & Compliance, Directory Services, Privileged Access Management, and Data Protection.
• Enhanced Enterprise Access Management strategy, capabilities, and services operating out of India.
• Collaborated with cross-functional teams to drive project success and alignment.
• Implemented strategic improvements, resulting in increased productivity across departments.

Client - JPMorgan Chase:

• Liaised for all the control and technology risk management, including audit, policy, standards, and security exceptions.
• Managed System business continuity and contingency planning, regular, and effective business performance monitoring, and reporting.
• Boosted cybersecurity awareness among employees through effective training sessions and workshops.
• Analyzed security logs and reports to identify patterns and prevent future incidents.
• Assisted in the development of incident response plans to streamline organizational response to breaches.

• Administered 150 + Users’ Workstations/daemon Mailing servers
• Administered network infrastructure to ensure optimal performance and reliability.
• Streamlined user account management processes to enhance operational efficiency.
• Developed and maintained documentation for system configurations and processes.

• Rendered 2nd and 3rd line support and troubleshooting across networks, hardware and software
• Diagnosed and resolved technical issues for diverse client systems, enhancing operational efficiency.
• Conducted regular maintenance and troubleshooting on equipment, ensuring optimal performance.