Sathesh Amarnath Thandapani

• Managed GRC metrics for Global Technology Business Controls in Banking sector as part of Special Access Governance Team.
• Assessed GIS exceptions through comprehensive risk evaluations.
• Conducted 360-degree due diligence on exceptions to identify associated risks and control effectiveness.
• Collaborated with stakeholders to gather business requirements and capture artifacts for informed decision-making.
• Challenged existing controls to enhance security measures and compliance.
• Supported Global Information Security policies by reviewing adherence to applicable laws, rules, and regulations.
• Facilitated internal and external audits by collecting data related to raised exceptions.
• Compiled detailed review summaries of raised exceptions for Band 2 approvers' acceptance or rejection decisions.

Monitored alerts from network security tools and Windows servers with SecureWorks XDR.

• Conducted trend analysis to enhance cloud security posture and suggested improvements.
• Managed MS Azure and Microsoft Cloud Azure Security (MCAS) alerts effectively.
• Prepared weekly and monthly reports, refining processes and performing gap analysis.
• Led SAC team to ensure timely updates for role-based access control and access management.
• Designed and implemented AWS Cloud Security Solution Architecture, including runbooks and SOPs.
• Monitored AWS services using Security Hub, Guard Duty, and WAF, addressing incidents promptly.
• Coordinated completion of internal and external security audits and assessments on schedule.

• Verified policies and procedures according to NIST standards.
• Presented Monthly Security Dashboard with patching updates and vulnerability status.
• Analyzed IT security and compliance tickets escalated in ServiceNow.
• Executed gap analysis and documented findings.
• Created and maintained Risk Register within the Risk Management Framework.
• Managed vulnerability remediation using Rapid7 VM.
• Conducted high-level architectural design assessments of IT security tools.
• Provided evidence for Client IT Security Questionnaire and GDPR requests.

Executed SOC operations for hybrid cloud platform using Splunk, Sophos AV, and Imperva.

• Conducted daily security status updates and health checks for stakeholders.
• Implemented NETIQ Identity Manager to enhance identity management and compliance.
• Managed application security reviews and IAM processes to safeguard access controls.
• Developed documentation for design architecture and standard operating procedures for security tools.
• Configured McAfee vulnerability management via API to identify weaknesses in applications.
• Designed and deployed Trend Micro Deep Security for ERP systems on AWS Cloud.
• Oversaw alert management for Alert Logic WAF, ensuring robust web security measures.

• Ensured global users of Maersk Drilling received uninterrupted access to IT resources and support.
• Assigned firewall, application, and device control policies alongside IPS rules.
• Generated vulnerability reports and escalated significant issues promptly.
• Participated in IT separation projects, including Active Directory migration and Mail365 implementation.
• Provided onsite support for troubleshooting, fault resolution, configuration, and installation of desktop software and hardware.
• Engaged in IT meetings for knowledge sharing and updates on current site issues.
• Updated team on upcoming process changes and solutions for network security threats and events.