Summary
Overview
Work History
Certification
Timeline
DOMAIN EXPERTISE
Generic

Sri Tejasvi Srungaram

Hyderabad

Summary

A results-driven Cyber security professional with extensive experience into Security Architecture, Solutioning, Consulting, Governance, Risk & Compliance. Individual with exceptional communication, planning and organizing skills along with mentoring, team management skills. Seeking a cyber security Leader role, where I can use my extensive expertise to assist the cyber security team. 16 years of experience in various cyber security domains which includes leadership and team management.

Overview

17
17
years of professional experience
1
1
Certification

Work History

Expert Consulting Manager – Information Protection (Security Architecture)

CGI
08.2023 - Current
  • Develop and present compelling proposals, including RFI/RFP responses
  • Drive Solution architecture and proposal strategies for large scale cyber security projects to win new business.
  • Develop Security Architecture & Risk Assessment frameworks
  • Partnering with Business as a Key Security advisor to Senior stakeholder groups
  • Designing and Articulating the Security aspects of complex designs into security requirements to ensure compliance with standards.
  • Developing and maintaining re usable security architecture and design patterns for consumption.
  • Developing vendor agnostic security solution architecture with technology reference architecture aligned to various best practices.
  • Developed security patterns, framework, approach and methodology in the Enterprise Security Architecture Discipline.
  • Engaged in grooming security analysts and solution architects, Security architects to bring in holistic perspective in every solution delivery.
  • Investigation and tracking of incidents and breaches
  • Perform Security assessments of technical controls, information security policies and procedures across projects and business areas.
  • Review application & Network Architecture designs and perform threat assessments.
  • Analyse and discuss risk mitigation techniques based on trust boundaries, interactions, distinct workload areas with appropriate controls and risk profile.
  • Work closely with Information protection team, manage key risks associated with critical project and present it to Enterprise CISO team.
  • Perform GAP analysis, provide security and privacy recommendations to mitigate risk.
  • Identify control deficiencies and make appropriate recommendations.
  • Review and approval of application/infrastructure changes across on-prem, cloud environments with respect to security.
  • Proactively identify gaps or conflicts in existing processes and work to develop solutions with cross functional teams.
  • Engage with Infrastructure and/or Architect Teams to assess the security risk of proposed projects and system/application modifications.
  • To develop security policy and procedures along with control artefacts that includes guidance on various security architecture patterns
  • To evaluate Vendor Security products (DLP etc) and do RFI/RFP and ensure implementation of the solutions mapping to CGI requirements.
  • KEY PROJECTS
  • Securely design data lake solutions , Threat Modelling
  • DLP, SIEM, UEBA & MIP
  • Marine Cyber Security Solutioning
  • Security operations setup for global clients using Sentinel, ELK

Manager – Cyber Security Practice

Wipro
01.2022 - 08.2023
  • Lead Cyber Security engagements for clients, providing strategic direction and ensuring alignment with their business and security goals.
  • Lead the development of Cyber Security solutions tailored to client needs, aligning with emerging threats
  • Review and provide security posture for all changes across network, application and infrastructure.
  • Review cloud security architecture and consult with business and technology teams to address security issues.
  • Provide technical guidance and collective understanding of data flows and security issues across on-prem, cloud and vendor environments.
  • Identify & Manage Security Risks across mission critical information assets.
  • Assess data and security risks associated with identity & access management, encryption protocols, application, network & infra security and
  • Automate process to proactively reduce security gaps for all aspects of the cloud services and orchestration, continuous compliance.
  • Reviews solution architecture, identify close security loopholes, enforce authentication, authorization policies, monitoring and security compliance.
  • To securely design Internet, Extranet patterns of connectivity to cloud solutions, key vendors, partners.
  • To assess cloud security best practices and controls for AWS and Azure.
  • To review and identify security posture of API endpoints and ensure secure integration with backend components.
  • To assess identity & access management patterns for internal and external connectivity to various cloud and on-prem integrations.
  • To review and maintain security architecture patterns that are used to create secure architecture solutions for new business applications and technologies.
  • KEY PROJECTS
  • Design review and security assessments of
  • Rehosting Identity services (IAM FSSO and staff platform components) in AWS EKS environment.
  • Migrating to 3rd party SaaS solutions
  • Secure connectivity and migration of Email DLP solution from on-prem to Azure cloud.
  • Secure integration of micro services with 3rd party applications.
  • Secure PIN creation, management, transitioning & storage for ATM card services
  • API endpoint security and integration
  • Secure data integration between Enterprise cloud platforms and on-prem systems via Oracle integration cloud.
  • AWS Accounts, VPC and AWS Services.
  • Security posture of Azure services & Network connectivity.
  • Secure migration of on-prem code repositories to 3rd party vendor solutions hosted on cloud (GitLab)
  • Encryption Key management.

Manager – Information Security Group

Infosys
10.2018 - 12.2021
  • Technology Risk Assessments in the areas of Cyber and Information Security, Technology Change Management, Third Party Risk Management, Asset Management, Incident Management.
  • Manage relationships with external security service providers and vendors, ensuring their services meet the quality and compliance standards.
  • Lead Cyber Security engagements for clients, providing strategic direction and ensuring alignment with their business and security goals.
  • Overseeing Risk assessment for Clients and ensuring the implementation of security controls that meet the industry standards.
  • Mentor and develop internal cyber security teams on various engagements
  • Lead the development of Cyber Security solutions tailored to client needs, aligning with emerging threats
  • Provide oversight with respect to management of security and technology risks
  • Establish and maintain relationships with all business stakeholders and technical teams to ensure alignment between Risk management strategy, business requirements, and development activities
  • To design, manage and support security incident management program across client environments.
  • To do physical security audits of IT, facilities across sites and generate security plan reports which includes observations and recommendations.
  • Develop and Implement security standards, procedures and guidelines for multiple platforms, systems and environments
  • Ensure that necessary security due diligence/risk assessment of vendor/third-party portfolio is maintained
  • Design and Implementation of Risk Assessment Methodology, Risk Assessment/Due Diligence Questionnaires, templates designing etc.
  • Develop a risk-based process for vendor risk management that includes assessment and treatment of risks.
  • Review security architecture of new application/projects and network connectivity between client and Infosys sites.
  • To ensure compliance across employees, vendors etc.
  • Verify and review Firewall configuration, Internet, Intranet, Extranet and Remote connectivity, conduct security Architecture reviews, network zone validation with respect to data sensitivity.
  • To review the network architecture of Vendor solutions and ensure secure connectivity and integration as per standards
  • To ensure that platforms/solutions are securely architected, designed, built/configured, tested, and deployed as per defined policies, standards, and industry good practices.
  • To review and design secure cloud migrations, critical on prem change, Identify & Manage Security Risks.
  • Ensure Contractual compliance & Security control effectiveness.
  • Manage Vulnerability Assessments/ Penetration testing across network, application and infrastructure.
  • Lead the client security teams, interact with client CISO teams and discuss on various security issues.
  • Designing, implementing, and maintaining security protocols, policies, plans to cover all possible security threats.
  • Integration of elements with SIEM and its management.
  • To support PCIDSS, ISO270001, HIPAA requirements of clients and ensure implementation of the same.
  • To perform Risk assessments and security tests, designing countermeasures to eliminate as many potential risks as possible.
  • KEY PROJECTS
  • Designed, implemented, and managed a new Cyber Security Framework for 10+ clients within CIS Engagement
  • New acquisitions were vetted through a full assessment process prior to on-boarding using industry standards. Minimized acquisition risk based on assessment methodology and remediation processes.
  • Designed, implemented and managed Information Security Program for a large Telecom, banking and health industry clients.
  • Designed Security control requirements for 40 Offshore Development Centres covering physical, endpoint and Network Security Architecture solutioning of Remote Access
  • To design physical, logical and network controls for Offshore deployments
  • Designed, implemented and managed Crown jewel risk management framework for critical assets across organization.
  • Technology and Process lift and shift of applications to Infosys Deployed ODC Controls as per the Client requirements.
  • Performed application assessments which are getting transitioned and identify any risks
  • Have deployed close to 20 Offshore development centres within India by doing site inspection of facilities and IT infrastructure, periodic security audits of the same.
  • To design Remote connectivity models and implement securely
  • To perform security architecture reviews between Client and Infosys connectivity (Site to Site VPN)

Risk Analyst – Global Compliance

Franklin Templeton
03.2018 - 09.2018
  • To implement Franklin Templeton Information security policy for its subsidiary and respective line of businesses.
  • To monitor compliance by designing and implementing various key risk indicators across various functions, report the overall status to chief privacy and compliance officer.
  • To perform Information Security reviews of Critical Infrastructure and Assets
  • To perform Privileged Access management reviews by identifying all Privileged access ensuring the Just in time and just enough access implementation and review of the same.
  • To perform technical assessments and assess Encryption mechanisms of Data in transit and Data at rest
  • To assist Global Privacy Risk and Compliance officer on various Security, regulatory and compliance initiatives

Assistant Manager – Risk & Compliance

Wells Fargo
08.2015 - 03.2018
  • To enhance the transitioning risk management program by way of redesigning the Project management methodology and develop tools, processes, procedures.
  • Perform Technology Assessments of new applications during transitions and arrive at the overall risk with respect to confidentiality, Integrity and availability.
  • To closely work with global risk management leaders and align the offshore risk management frameworks accordingly.
  • To manage key migrations pertaining to vendors and legacy projects, help project identify key security risks and make decisions accordingly.
  • To design, develop frameworks, guidance for Risk assessments which caters diverse lines of business across technology and other units.
  • To manage overall governance with respect to project and transitioning teams and have a frequent cadence with leadership to discuss on challenges and opportunities.
  • To ensure control effectiveness across infrastructure, transitioning applications, user access etc.
  • To design and develop process for managing control exceptions across platform
  • To frequently connect with business teams and provide guidance and awareness on Information security practices.
  • To participate in delivery leadership connects and highlight any gaps and report on non-compliance
  • Conduct risk assessment for all information assets
  • Work with management to prioritize risks based on appropriate risk management methodology
  • Provide remediation recommendations and suggest alternate solutions to resolve gaps against policies and standards
  • To review Privilege Identity management/Privilege access management practices and identify gaps and suggest remediation

Technical Associate – Information Security, Operational Risk & Compliance

Bank of America
08.2009 - 08.2015
  • To assess applications with respect to the Information classification and certify compliance accordingly.
  • To work with global groups and design the application assessment process and integrate with automated workflow using tools.
  • To perform offsite audits across payment channels for various branches and report on non-compliance to senior management
  • To do risk governance by way of managing issues across existing audit and policy processes.
  • To ensure effectiveness of Internal controls across several financial applications and business processes
  • To periodically assess and report exceptions of wholesale banking payment channels
  • To perform offsite audits across payment channels for various branches and report on non-compliance to senior management
  • To do risk governance by way of managing issues across existing audit and policy processes.
  • To ensure effectiveness of Internal controls across several financial applications and business processes

Certification

  • CISSP – Certified Information System Security Professional
  • Advance Cyber Security Executive Program - National Institute of Technology Rourkela
  • Applied Cybersecurity Essentials Hybrid Intensive- Purdue University Applied Cyber Security Essentials Managers – Purdue University Vendor Risk Management Expert - One Trust

Timeline

Expert Consulting Manager – Information Protection (Security Architecture)

CGI
08.2023 - Current

Manager – Cyber Security Practice

Wipro
01.2022 - 08.2023

Manager – Information Security Group

Infosys
10.2018 - 12.2021

Risk Analyst – Global Compliance

Franklin Templeton
03.2018 - 09.2018

Assistant Manager – Risk & Compliance

Wells Fargo
08.2015 - 03.2018

Technical Associate – Information Security, Operational Risk & Compliance

Bank of America
08.2009 - 08.2015

DOMAIN EXPERTISE

  • ISO 27001, PCI DSS, NIST, HIPAA etc.
  • Cloud Security, Application Security, Infrastructure Security, Network Security, Identity & Access Management, Audit, Governance, Risk & Compliance, Security Operations
  • Hire & manage local security teams pertaining to Application security, Cloud Security and other security domains as needed. Work on Projects associated with all Security Domains

Similar Profiles

  • ABDOUL AHAD MBAYEABDOUL AHAD MBAYE

    Senior Security Analyst – Security Architecture and Consulting at ACI WORLDWIDESenior Security Analyst – Security Architecture and Consulting at ACI WORLDWIDE

  • Dean TurturiciDean Turturici

    Manager of Information Security Engineering and Architecture at Wawa, IncManager of Information Security Engineering and Architecture at Wawa, Inc

  • Mehtab ShaikhMehtab Shaikh

    Global Senior Manager IT Infra, Information Security & Global Architecture at DHL Freight ForwardingGlobal Senior Manager IT Infra, Information Security & Global Architecture at DHL Freight Forwarding

  • Sohaib MahmoodSohaib Mahmood

    Director Data Protection & Security Architecture at CGIDirector Data Protection & Security Architecture at CGI

CREATE PROFILE
Sri Tejasvi Srungaram