Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Ritesh Chaudhary

IT Professional
Hyderabad

Summary

A total of 23 years of experience in Information Technology and Information Security & Risk Management specifically around IT Control design & Implementation, security operations, Audits, Regulatory Interaction, ISO 27001 Implementation and Business continuity. Managed teams and lead projects of varying sizes. Worked in Banking, Telecom , Outsourcing and Transport sectors.

Overview

27
27
years of professional experience
10
10
Certifications

Work History

Executive Director – Operational Risk (2nd Line ) – Information / Cyber Security

Wells Fargo
09.2022 - Current
  • Concurrently manage engagements including planning , identifying resources providing expert analysis and reporting for the following
  • Drive compliance to local/global cybersecurity policies as per the Risk Management Framework and regulatory requirements
  • Issue credible challenge & Point of view to first line on Control Design and Operation
  • Lead the team to Direct Independent Control Assessments for Cyber controls
  • Review KRI’s and KCI’s to ensure controls are operating as designed .
  • Publish Risk Memos & Risk Profile for the business .
  • Play an active role in Regional & Global Risk committees, to encourage informed and constructive debate and challenge on key risk issues, ensuring decisions are undertaken against a background of the agreed risk appetite.

Senior Manager- Technology Risk & Controls– Chief Controls Office

HSBC
07.2019 - 09.2022
  • Drive compliance to local/global cybersecurity policies as per the ORMF and regulatory requirements
  • Partnering with the Business areas to ensure identification of critical business processes, and to ensure that all key cybersecurity risks are managed appropriately
  • Interface with internal, external & regulatory auditors and manage deliverables as required
  • Review control assessments for Key controls with control owners/operators and second line.
  • Work with IT Architects to ensure cybersecurity requirements are embedded early on during design phase of solutions and projects.

Vice President - Cybersecurity & Technology Controls

JP Morgan Chase
04.2011 - 04.2019
  • Lead a team of diverse cyber and risk management individuals and enable them to deliver on their goals.
  • Drive compliance to local/global policies, regulatory requirements and best risk practices in the APAC region.
  • Assess Technology process & procedures, identify issues /Risks and track remediation.
  • Facilitate the implementation of control self-assessments (CSA) in APAC, provide QA and consulting for the controls.
  • Drive remediation of control breaks originating from scanning of code and infrastructure
  • Interface with internal, external & regulatory auditors and review all RFI responses before submission. Manage deliverables pertaining to regulatory reporting (MAS, HKMA, RBI, BNM etc) and remediation efforts.
  • Partner with security and data engineering teams to manage cross functional data security projects ie (Data Encryption, Advanced Endpoint Protection, DLP)
  • Implemented Information Security Management System framework (ISO27001) within various business units.
  • Generate & present Risk reports (key risk indicators for Infrastructure and operational risk) to the stakeholders.
  • Lead TPO (Third party oversight) audits on vendors and highlight issues to the stakeholders/ management.

Project Manager – IT Infrastructure & Security

NIIT Technologies
02.2010 - 03.2011
  • Company Overview: (Thrivent Financials)
  • Responsible for developing a sustainable Information Security Management System (Corporate ISMS) based on ISO 27001 for the client.
  • Creation of policies/procedures to align it to best industry norms of ISO 27001 and ITIL.
  • Liaise with Domain owners / control owners to select and design relevant control for Risk Mitigation.
  • Ensure client meets all compliance and regulatory requirements
  • Setup the Information Security Risk Management process for the client
  • Suggest improvements in existing security processes
  • Create security measurement matrixes
  • Development and roll out of Business Unit specific Continuity/Disaster Recovery framework

AVP Information Security

RBS (Royal Bank of Scotland Group)
07.2008 - 09.2009
  • As part of the group manufacturing within RBS, primary responsibilities were to Establish and manage enterprise-wide information-security program for the erstwhile ABN AMRO Central Enterprise Services Division and management of the Identity and access management team
  • Lead the drafting & implementation of Information Security Policies and Procedures.
  • Coordinate and conduct security management meetings.
  • Plan and coordinate internal and external audits.
  • Reporting of non-compliances to senior management.
  • Facilitate awareness training for management and employees.
  • Managing security Incidents
  • Vulnerability assessment using open tools (NESSUS, NMAP)
  • Design Firewall / IDS rules
  • Guidelines for server hardening and COE hardening (common operating environment)
  • Manage the antivirus deployment, patch management, penetration-tests & subsequent closures.
  • Provide consulting to IT on system & network architecture and application deployment.

AVP Information Security & BCP

ExlService.com
04.2006 - 06.2008
  • Establish and manage enterprise-wide information-security and Business continuity program for 9 sites in four locations.
  • Lead the drafting & implementation of Information Security & Business continuity Policies and Procedures.
  • Recommend and review security requirements for all systems on the network( server / network hardening)
  • Participation in appropriate change planning meetings and preparation of necessary documentation for appropriate change authorizations.
  • Vulnerability assessment using open tools (NESSUS, NMAP)
  • Design the firewall rules .
  • Interact with clients to gather requirements and develop effective solutions.
  • Risk Management.
  • Reporting on the non-compliance to Senior Management.
  • Planning and conducting security Audits (ISO 27001, SOX, SAS70, Client Specific)
  • Managing security Incidents.
  • Planning of Business continuity drills
  • Manage vendors, negotiate Contracts and discuss SLA.
  • Provide project leadership, budgets, forecasting, headcount, resource allocation, deployment, move planning, recruiting, team building
  • Mentor and train others in information security in addition to training for other technical groups.
  • Develop curricula and facilitate awareness training (Information protection consciousness) for management and employees
  • Achievements:
  • 1. Implementation of ISO 27001.
  • 2. Crisis Management Team trained fully to handle major crisis.
  • 3. Established Pandemic framework.

Security Specialist -SOC

Equant (Orange Business Services)
12.2004 - 04.2006
  • Lead a team security Engineers in 24x7 environment.
  • Act as a point of contact for any security incident in the company worldwide.
  • Deploy and manage Firewalls, IDS, NetForensics.
  • Review, recommend and implement security requirements for all systems on the network.
  • Create and maintain security documentation.
  • Participation in appropriate change planning meetings and preparation of necessary documentation for appropriate change authorizations.
  • Vulnerability assessment using open tools (NESSUS, NMAP)
  • Auditing the network & system infrastructure.
  • Handling hacking and spam issues.
  • Monitoring CERT advisories and other security alerts to monitor current threats.
  • Working with external partners for installation and monitoring of extranets.
  • Develop tools and processes for Network Security planning.
  • Liaising with Diff departments and external agencies for any security Incident.

Network / Security Administrator

SBS Transit
01.2001 - 12.2004
  • Responsible for Cisco routing and switching hardware including Installing, configuring, maintaining and troubleshooting Cisco routers (2500, 2600, 3600, 4000, 7500) and Cisco switches (catalyst models 2900XL, 6500).
  • Configuration and deployment of network security Infrastructure (Firewall , IDS , Antivirus)
  • 24x7 supervision of the LAN and Wan infrastructure.
  • Installed and implemented IBM cluster for the purpose of Network File Server. Interacted with different departments for creating shared directories for storing critical operational documents. granting Security permissions as discussed with the data owners. Back up of the shared directories using Brightstor, Arcserve products
  • Implemented and maintained the DHCP, WINS and DNS servers on Windows 2000 server.
  • Deployed Enterprise Antivirus (McAfee) on a 1000 + systems with varied platforms.
  • Utilized standard network monitoring tools including CISCO works and Solarwinds for network traffic monitoring and server availability
  • Liaising with telecom providers for installation and troubleshooting of Leased lines Infrastructure and ISDN infrastructure
  • Implemented CISCO PPTP for remote offices
  • Testing of network Infrastructure for North East Line ( Mass Rapid Transport project )

Customer Support Engineer

HBS Systems
09.2000 - 12.2000
  • Maintenance of all servers (Software & Hardware).
  • Configured and Maintained RAID Systems in multi-vendor environment ( NT, Solaris).
  • Configured Cisco switches and Routers for WAN, VLAN and Micro-segmentation, including PIX firewall 506.
  • Backup and monitoring of the AS400 System
  • Upgrading Various systems to Win NT 4.0
  • Maintaining the Lotus Domino Server and the lotus notes clients
  • Installed and configured hardware and software on Compaq Proliant CL380.
  • Local and Multicast Ghosting on Network with Norton Ghost Enterprise version 6.0 & up.

System Administrator

ZAP Infotech
06.2000 - 09.2000
  • Provided overall support to users. Duties included LAN support, network support and maintenance. Created user accounts, right and profiles.
  • Configured Laptops with Windows 95-98 and Windows NT 4.0 (PCMCIA, RAS)
  • Upgraded NT 4.0 servers and workstations to Service Packs 4 & 5. Installed NT Options Pack 4.0 and upgraded servers to IIS 4.0.

System Administrator

Param Infotechnologies
01.1999 - 05.2000
  • Cisco routers & switch configuration ,Network support and maintenance.
  • Unix /Wintel Server Administration.

Education

Bachelor of Arts -

Delhi University
New Delhi, India
01.1998

Skills

  • Security Metrics & Governance
  • Security Program Management
  • Crisis Management
  • Stakeholder Management

Certification

CISSP - Certified Information Systems Security Professional

Timeline

Executive Director – Operational Risk (2nd Line ) – Information / Cyber Security

Wells Fargo
09.2022 - Current

Senior Manager- Technology Risk & Controls– Chief Controls Office

HSBC
07.2019 - 09.2022

Vice President - Cybersecurity & Technology Controls

JP Morgan Chase
04.2011 - 04.2019

Project Manager – IT Infrastructure & Security

NIIT Technologies
02.2010 - 03.2011

AVP Information Security

RBS (Royal Bank of Scotland Group)
07.2008 - 09.2009

AVP Information Security & BCP

ExlService.com
04.2006 - 06.2008

Security Specialist -SOC

Equant (Orange Business Services)
12.2004 - 04.2006

Network / Security Administrator

SBS Transit
01.2001 - 12.2004

Customer Support Engineer

HBS Systems
09.2000 - 12.2000

System Administrator

ZAP Infotech
06.2000 - 09.2000

System Administrator

Param Infotechnologies
01.1999 - 05.2000

Bachelor of Arts -

Delhi University

Similar Profiles

  • PATRICIA M. SCHERER

    PATRICIA M. SCHERERPATRICIA M. SCHERER

    Regional Bank Private Banker II at Wells Fargo Bank / Wells Fargo AdvisorsRegional Bank Private Banker II at Wells Fargo Bank / Wells Fargo Advisors

  • Andrew S. Hollenbach

    Andrew S. HollenbachAndrew S. Hollenbach

    Collateral Valuation Analysis at Wells Fargo Home Mortgage and Wells Fargo Bank NACollateral Valuation Analysis at Wells Fargo Home Mortgage and Wells Fargo Bank NA

  • Laxmikanth Chittampally

    Laxmikanth ChittampallyLaxmikanth Chittampally

    Senior Operational Processor at Wells Fargo India Solution PVT Ltd, Wells FargoSenior Operational Processor at Wells Fargo India Solution PVT Ltd, Wells Fargo

  • Mayank Oberoi

    Mayank OberoiMayank Oberoi

    Financial Accounting Associate/ Alteryx SME at Wells Fargo International Solutions Private LTD (Wells Fargo)Financial Accounting Associate/ Alteryx SME at Wells Fargo International Solutions Private LTD (Wells Fargo)

  • Nithin Sara

    Nithin SaraNithin Sara

    Sr. Product Engineer at TECHMAHINDRA LTDSr. Product Engineer at TECHMAHINDRA LTD

CREATE PROFILE
Ritesh ChaudharyIT Professional