Summary
Overview
Work History
Education
Skills
Certification
Accomplishments
Other Attentive Domains
Other Information
Timeline
Generic

R. PRABHURAM

Chennai

Summary

A competent professional offering 20 years of experience in Information Technology Industry over 15 years of strong experience in Seasoned cybersecurity professional with extensive expertise across multiple security domains. Security architect & consulting including Application & Mobile Security, Cloud Security, Infrastructure Security, and IT GRC. Proven ability to lead and execute high-impact cybersecurity strategies, ensuring regulatory compliance (PCI DSS, ISO 27001:2022) and implementing best practices in Cyber Risk Management, Data Protection, Cybersecurity Incident Management – SIEM and DFIR. Expert in conducting Vulnerability Assessments & Penetration Testing (VA & PT), Red Teaming, and Threat Hunting using MITRE ATT&CK frameworks, managing IOCs & TTPs. Adept at managing Cyber Incident Response, Cyber Forensics, and Corporate Investigations, Honeypot technologies. Strong background in Corporate Brand Risk & Dark Web Management, ensuring business resilience against emerging threats.

Overview

23
23
years of professional experience
1
1
Certification

Work History

General Manager-Cybersecurity - CISO

Cholamandalam Investment & Finance Company Limited (CHOLA)
09.2018 - 01.2025
  • As a CISO managing Technology Risk & Governance, Cybersecurity Management
  • End to End cyber security Implementations and Management on technology & infrastructure stack
  • Involving various cyber security solutions deployment including “Cloud security, Technology Security, Vulnerability Management, Brand Risk Management, Privilege Access Management (PAM), Application security solutions, Web Application Firewall, Data Privacy Solutions, Endpoint security, Cyber Forensics and Honeypot Deployments
  • Directly involving RBI and other regulatory requirements & interactions
  • Cybersecurity incident management, DFIR
  • Endpoint security & Malware Engineering
  • Recurring Cyber maturity assessments with Big four audit houses
  • Cloud security & posture management
  • Implemented cybersecurity business cases in the SASE / CASB environment
  • Managing organizational brand & reputational risk management
  • Managing Organizational Cybersecurity Insurance & Management
  • Privilege Access Management - PAM
  • Policy and Artifacts management
  • Organization level cybersecurity awareness, Phishing Campaign
  • Third Party Risk Management and Vendor Governance, Escrow Management
  • Presenting Risk Dashboard and collaborate with the CXO executives & management stakeholders
  • Executing BCP / DR engagements
  • Cybersecurity crisis management plan & drill exercise - CCMP
  • Performing Vulnerability Assessment and Penetration Testing
  • Brand Risk & Dark Web Risk Management
  • Cybersecurity threat intelligence, Honeypot & IOC management
  • Threat Hunting, Red Teaming
  • Job Responsibilities Highlights

Manager - InfoSec Governance / Cyber Security Resilience Services

Hexaware Technologies
11.2015 - 03.2017
  • Application & Mobile Security Consulting for Internal and External Engagements
  • Secure Architecture Review, Application & Mobile Security Audit Assessments
  • Research & Modeling on SIEM vulnerabilities, Cyber Forensic POC & Internal Investigation
  • Threat Modelling for Web Applications, OCTAVE Risk Management for IT Infrastructure and Stakeholder management
  • Risk Management – End to End Implementations
  • Security Awareness Training for Internal / External Stakeholders
  • Infrastructure Security, SOC designing
  • Cloud Application Security
  • Compliance Implementation (PCI DSS, PA DSS, ISO 27001, SSAE16, SOX, Data Privacy)
  • Secure Framework Implementations (OWASP, SAMM, BSIMM, OCTAVE)
  • Mobile, Mobile Application Security & Threat Modeling
  • IOT Security Validations
  • Job Responsibilities Highlights

IT GRC –Risk and Compliance Consultant

HCL Technologies
12.2013 - 11.2015
  • SPOC for IT GRC, Risk and Compliance engagements.
  • Performing Application Security, Infrastructure security, IT Security internal and external audits
  • Mentoring Application Development team for Implementing and Managing Application Security
  • Preparing Threat Modeling, Security Framework for various Web Applications. (OWASP, SAMM)
  • Validating Application Security Test Executions, Secure Code Review and Consulting
  • Implementing and evaluating PCI DSS, SOX, ISO 27001 controls
  • Compliance Servers User ID Review & Validations Activity, Remediation Plan
  • Vulnerability Management and Compliance Evaluation for various Applications and Servers for a one of the biggest client environments
  • VA / PT Validations for PCI DSS, SOX, Safe harbor and PII scoped applications and Infrastructure
  • Managing Infrastructure Security and Security Operation Center. Developing and Consulting for Web Applications, Firewall, End Point Security, Application Monitoring and VA, PT tools Implementations
  • Coordinating SSAE16 Internal and External audits for (Application, Infrastructure) for organizations premium clients
  • Job Responsibilities Highlights

Project Lead – Information Security and Process

Global Analytics India Pvt Ltd.
07.2012 - 12.2013
  • Provided SPOC for Application and Mobile Security, PCI DSS, PA DSS, ISO 27001and Data Protection engagements
  • Conducted Vulnerability Analysis and Penetration Testing for various Compliance Scoped Web Applications
  • Implemented OCTAVE Risk Assessment methodology for PCI DSS environment and its stakeholders
  • End to End Application Security Deployments (Web Application Framework, Threat Modeling, Secure Code Review, Security Testing, Postproduction Issues, Application Security SLA dashboard monitoring, Controlling Zero Day Attacks, Incident Monitoring and Post Incident Management)
  • Implemented Incident Management (SIEM) Tools for Organizations SOC
  • End to End PCI DSS, PA DSS deployments and Gap Analysis, Documentations. Handling Internal and External Compliance audit engagements
  • Implementing and Managing ISO 27001 compliances and mentoring for various stake holders
  • Expertise in UK Data Protection, Safeharbor Regulatory
  • Cloud Security – Implementation of Compliance management and Data protection
  • Security Incident Management – SIEM tool implementation for various compliance monitoring SOC activities
  • Involved Data Protection, Fraud Management engagements across the organization to maintain UK – DPA 1988 act and other consumer acts (OCC, OFT)
  • Implemented End to End Business Continuity Management for Two locations
  • Application Big Data Security Analytics Compliance / Security for Data Protection Requirements
  • Data Center Audit (Green Data Center / Energy Audit)
  • Job Responsibilities Highlights

Project Lead

Financial Software & Systems Pvt Ltd.
04.2007 - 10.2011
  • Managing Application Security by using various security frameworks (OWASP, SAMM, BSIMM)
  • Web Application & Infrastructure Risk Assessments, Gap Analysis and Threat Modeling (OWASP, STRIDE)
  • SPOC for Application Security Testing, PA DSS, PCI DSS evaluation activities
  • End to End Web Application Security & Risk Assessment Implementation for a major banking application
  • Reviewing Security Architecture, Policies and Procedures and enhancements
  • Performing Security Testing – Designing security functional scenarios, preparing security test cases & executing, Performing secure code review
  • Providing Security Consulting for – Security Architecture, Security Road map for various project teams and stake holders
  • End to End PA DSS (Application Security) Implementation for Organizations flagship product “Debit Card Reconciliation” this product had been implemented for various domestic and international banking sectors which includes – Domestic & International banking sectors
  • Involved ISO 27001, ISO 9001 Internal and External Audits
  • End to End PCI DSS Implementation for Payment Gateway for ACI Switch engagement and conducted risk assessment for different compliance environment including Windows, Unix servers and Storage, Patch Management and Anti-Virus areas
  • Handled multiple scoped PCI DSS environments
  • Managed 23 members team
  • Job Responsibilities Highlights

Senior Engineer

T&B International
10.2006 - 04.2007
  • ATM, POS device security testing
  • ATM PIN Pad security testing according VISA, MASTER CARD specifications
  • Encryption testing for ATM and Bank Host communications
  • E-Commerce security testing for “Saudi Arabian Airlines – Web, Kiosk boarding”
  • Data flow testing for various Web Portal ERP Applications (MS – Navision, SAP)
  • Security testing for online shopping of ATM parts and products
  • End to End ATM machine and software testing (Including Hardware and Software communications, Firmware testing, Encryption testing, Message format testing)
  • Job Responsibilities Highlights

Senior Engineer (Core Banking Solutions – Repco Core Banking Solution, Bankone)

Thesys Technologies
07.2005 - 08.2006
  • Core banking application testing – Retail Banking
  • Security Testing in the Banking Client environment
  • Involved Bank Data center and EOD validations
  • Core banking application configuration
  • Job Responsibilities Highlights

Senior Engineer

Guenter Software (I) Pvt Ltd.
11.2001 - 07.2005


  • Job Responsibilities Including "Software code review and testing"
  • Software build and deployments in the EU client regions
  • Software document preparation
  • Client support

Education

MBA - Systems

Alagappa University

MSC - Information Security & Cyber Forensics

Madras University

B.Sc. - Mathematics

Madurai Kamaraj University

Skills

  • Held a CISO role in one of the prime NBFC in India, responsible for overseeing the organization’s information & cyber security strategy and execution Worked closely with senior management and C-suite executives to align security initiatives with business priorities
  • Seasoned cybersecurity professional with extensive expertise across multiple security domains, Security Architect - including Application & Mobile Security, Cloud Security, Infrastructure Security, and IT GRC Proven ability to lead and execute high-impact cybersecurity strategies, ensuring regulatory compliance (PCI DSS, ISO 27001:2022) and implementing best practices in Cyber Risk Management, Data Protection, Cybersecurity Incident Management – SIEM and DFIR
  • Expert in conducting Vulnerability Assessments & Penetration Testing (VA & PT), Red Teaming, and Threat Hunting using MITRE ATT&CK frameworks, managing IOCs & TTPs Adept at managing Cyber Incident Response, Cyber Forensics, and Corporate Investigations, Honeypot technologies Strong background in Corporate Brand Risk & Dark Web Management, ensuring business resilience against emerging threats
  • Proficient in modern security architectures, including SASE/CASB, and well-versed in Offensive Security methodologies to proactively safeguard digital assets
  • Skilled in evaluating and managing third-party risks
  • Regulatory cyber drills and crisis management simulations exercises
  • Team Management, Regulatory Management

Certification

  • ISMS / ISO 27001 Lead Auditor (IRCA Approved)
  • ISACA – CISM – Certified Information Security Manager
  • IAPP – CIPM – Certified Information Privacy Manager
  • Blockchain Council – Certified Blockchain Expert
  • Belkasoft Forensics – Android & iOS Forensics
  • Corporate Incident Investigations - Belkasoft
  • Practical Threat Hunting – Applied Network Defense
  • Adversary Emulation & Threat Hunting Detection Engineering
  • Certified Threat Hunter – Mosse Institute (In Process)
  • CRTP – Certified Red Team Professional (In Process)
  • RED TEAM Operator: Malware Development Essentials
  • Malware Analysis
  • DGCA Approved – Remote Pilot Certification for Medium UAS


Preceding Certifications


  • Certified Ethical Hacker – CEH
  • EC Council Security Analyst – ECSA
  • Cisco Certified Network Professional – CCNA
  • Certified Payment Card Industry Secure Implementer – CPISI
  • BCMS Implementation – BS 25999
  • IT Infrastructure Library – ITIL V.3
  • Diploma in Cyber Forensic Investigator

Accomplishments

  • Successfully Implemented end to end Application & Mobile Security for numerous BFSI entities
  • Implemented multiple PCI DSS & PA DS engagements (Product Security)
  • Implemented Three end-to-end ISO 27001 implementation & certified
  • Hands-on experience in conducting 200+ vulnerability assessments and penetration tests, including web, mobile, infrastructure, and cloud assets
  • Implemented Organization level Risk Management
  • Deployed Cloud Security Across the Organization
  • Organized Cyber Forensics and Investigations based on the critical cyber incidents
  • Implemented End to End Business Continuity & DR
  • Implemented SIEM solutions for various compliances
  • Implemented Organization owned IT GRC tool in a client environment
  • Performed Red Team & Threat Hunting engagements
  • Implemented end to end “Privilege Access Management Solutions, Dark Web Brand Risk Monitoring Solutions, Cloud & Data Security Solutions
  • Deployed Honeypot & Threat Intelligence Across the Organization
  • Positioned “DFIR Process, Cyber Forensic Solutions

Other Attentive Domains

  • Cyber Forensic
  • OT, IOT Cybersecurity
  • Data Privacy
  • Malware Engineering & Research
  • AI in Cyber Security Engineering
  • Threat Intelligence & Threat Hunting

Other Information

Country Visited: United States of America, Singapore, Malaysia, United Kingdom, Thailand, Russia.

Timeline

General Manager-Cybersecurity - CISO

Cholamandalam Investment & Finance Company Limited (CHOLA)
09.2018 - 01.2025

Manager - InfoSec Governance / Cyber Security Resilience Services

Hexaware Technologies
11.2015 - 03.2017

IT GRC –Risk and Compliance Consultant

HCL Technologies
12.2013 - 11.2015

Project Lead – Information Security and Process

Global Analytics India Pvt Ltd.
07.2012 - 12.2013

Project Lead

Financial Software & Systems Pvt Ltd.
04.2007 - 10.2011

Senior Engineer

T&B International
10.2006 - 04.2007

Senior Engineer (Core Banking Solutions – Repco Core Banking Solution, Bankone)

Thesys Technologies
07.2005 - 08.2006

Senior Engineer

Guenter Software (I) Pvt Ltd.
11.2001 - 07.2005

B.Sc. - Mathematics

Madurai Kamaraj University

MBA - Systems

Alagappa University

MSC - Information Security & Cyber Forensics

Madras University
R. PRABHURAM