Sriram Sivakumar
Regional Information Security Officer
Dongaon,MH
Summary
A competent professional 19 years experience in Information Technology Risk management & Cyber Security Management and passionate in aligning security architecture plans and processes with security standards and business goals. Results-driven IT professional with notable success in planning, analysis and implementation of security initiatives. Demonstrated skills identifying business risks and compliance issues and designing proactive solutions. Background designing and implementing layered network security approaches.
Overview
20
20
years of professional experience
11
11
Certifications
Work History
Regional Information Security officer
Vistra
09.2021 - Current
- Focal point for Information Security and managing GRC activities within the APAC region.
- Drive the region’s alignment to Group Information Security and Business Continuity Policy & Standards.
- Support and undertake Internal, External, and Supplier audits for the region.
- Proactively monitor, report, and support the business in managing information security risks.
- Support Penetration Testing, Vulnerability Scanning, Incident management and Phishing exercises for the regions assets and tracking to closure any issues.
- Support Business Continuity / Disaster Recovery activity for the region.
- Lead Group activities in development of policies, processes, tools, and templates to efficiently deliver information security and ISO27001:2022 certification.
- Support the Head of Information and Cyber-Security in operating and maintaining the Information Security Framework and the Vistra Information Security Group that oversees it.
- Provide security and risk consultancy on a range of IT and business projects, Application risk assessments and ensuring they are delivered with effective information security in mind.
- Support and coordinate requests for both internal and external IT audits and in requests for proposals (RFPs) and provide Third Party Risk management support.
- Support cyber-security training and awareness within the region to increase staff security awareness.
- Lead Data Classification, EU AI, Privacy, NIST CSF 2.0 and DORA project globally.
- Worked on key Regulatory requirements related to financial sector and Data Protection covering Hong Kong, Singapore, India, China, Malaysia and other APAC countries.
Regional Information Security officer
First Abu Dhabi Bank
07.2019 - 09.2021
- Achieve and Maintain Security Standards compliance for Hong Kong branch by implementing Information Security Management system across the organization; Implement Security controls, reduce operational risk and adhere to the company policies.
- Conduct Technology Risk assessment, RCSA and Third part risk assessments.
- Work with the business in requirement collections to make necessary changes to the security to safely deliver business needs.
- Responsible for establishing, update and review SOPs for International location security activities.
- Responsible for performing vulnerability assessments and manage PT assessments.
- Handle Security incidents and support the CSIRT Team.
- Monitor Data leakage prevention alerts and coordinate with the respective SPOCS.
- Act as the Business continuity coordinator for the branch and perform BIA and BCP activities.
- Assist and provide support in acquiring information, preserving evidence as deemed necessary by the Information security manager.
- Vulnerability management done using Nessus application (Tenable) and work with IT team on patch management.
- Data Protection officer for the branch and conduct Privacy assessments and awareness sessions.
- Perform SIEM management using Archsight application and report the high and critical cyber security incidents.
- Coordinate with IT and business teams to ensure patch update, upgrade, certificate expiry of the appliances is tracked.
- Impart security awareness and conduct trainings for the branch.
- Review change requests and firewall changes.
- Provide Vendor risk management support.
- Review BRDs, solution design, concept design and any other requirements from business and IT.
- Ensure HKMA, PDPA and GDPR regulatory compliance relevant to information security across the organization.
- Established and implemented continuous compliance of MAS TRM Guidelines, HKMA TM-G-1, TM-G-2, OR-2, SA-2, SFC.
- Implementing security policy and intelligence of security solutions to fulfill the C-RAF requirements, including End Point Protection, DLP, APT and Application Whitelisting etc.
- Report risk trends, major cybers risks, compliance status to senior management.
- Manage security technical projects in translating requirements into system specifications, implementation designs, configurations, and systems change accordingly.
- Executing several internal, branch level, corporate level security audits as per the audit charter.
Cyber Security Project manager- Technology Risk, Governance and Compliance (VP)
Standard Chartered
07.2016 - 06.2019
- Proactively drive transformation and remediation agenda; implement IT controls, reduce operational risk and optimizing service stability, eradicate obsolescence risks and deliver projects to the highest possible standards.
- Lead Governance team to ensure all the key controls and governance is in place for all the BAU tasks performed by the project team under GRC.
- Managed Global Obsolescence project and helped the bank eradicating the obsolete and end of life cycle products across all the domains.
- Involved in the Product Risk Calculator project to generate risk scores for all the assets in the bank.
- Handled Cyber Security projects.
- Seek & Destroy SPOC for India Region. This is a multiphase programme to remove or replace critical EOS Products within ITO enabling us to achieve business efficiency (saves), identified from data center space/OS/Software / hardware equipment related to licensing and support efforts.
- Identification of risk and compliance issues and indicators.
- Conducted various scans and was part complete vulnerability lifecycle processes.
- IT Governance, Risk and Compliance product implementation. Auditing various aspects of the IT infrastructure and reporting.
- Advising IT and business teams on secure technical solutions for the bank.
- Eradicate, Reduce and Automate (ERA) platform SPOC and project coordinator.
- Defining application security requirements for new products and applications for the bank.
- Ensure RBI, HKMA and MAS regulatory compliance relevant to information security across the organization.
Information Security and Risk manager
Cognizant Technologies Solutions
05.2014 - 06.2016
- ISO 27001 based internal audit of the various branches, offshore vendors and banking process.
- Information Security Risk Assessment for new Applications and Projects.
- Understand complex systems and dependencies between upstream and downstream systems.
- Handling of high & critical priority requests and following up with the Engineers towards resolution.
- Involved in Analyzing, Tracking and Reporting the Incident and Outage Trends.
- Involved in RCA of Outages and Incidents and Proposing Performance Improvements.
- Technology Risk Management.
- Explaining the external risk posed by corporate governance to stakeholders.
- Creating business continuity plans to limit risks.
- Information Security Risk Management – Develop, design and project Risk Posture of Bank.
- Technical Vulnerability Management.
- Security Incident Management.
- Work with various business teams and the IT teams to perform Risk analysis of new projects.
Project Manager-Risk Function
United Leos
01.2014 - 05.2014
- Designing and implementing an overall risk management process for the organization, which includes an analysis of the financial impact on the company when risks occur.
- Performing a risk assessment: Analyzing current risks and identifying potential risks that are affecting the company.
- Performing a risk evaluation: Evaluating the company’s previous handling of risks, and comparing potential risks with criteria set out by the company such as costs and legal requirements.
- Establishing the level of risk the company are willing to take.
- Preparing risk management and insurance budgets.
- Risk reporting tailored to the relevant audience. (Educating the board of directors about the most significant risks to the business; ensuring business heads understand the risks that might affect their departments; ensuring individuals understand their own accountability for individual risks).
Incident Manager CIS
Ramp Group of technologies
05.2013 - 01.2014
- Participate in review of functional specifications and technical designs with respective teams and provide inputs as needed.
- Send communications and open bridge calls during Sev 1 incidents.
- Worked with Engineering and solution delivery team to design a POC (Proof of concept) on new Cloud computing features.
- Expertise to onboard new application to Azure.
- Worked in Agile projects and well versed with monthly sprint releases.
- Provided Tier 3 Break fix and helped Support operations Team in resolving the incidents, identifying the Root Cause and worked with problem management team.
- Designed process flows for the incident management team.
Operations Support Specialist
Expedia
09.2012 - 03.2013
- The Operations Specialist (Ops Support) resource is part of the DBM Development and Operations team reports to the Operations Manager.
- The Operations Specialist is responsible for list pulls and file loads to ExactTarget, troubleshooting campaign failures at ExactTarget, and deployment and maintenance of ETM campaigns in production.
Major Incident Manager
Microsoft
07.2011 - 08.2012
- To ensure an effective communication system across the business/organization during a major incident.
- To ensure that an appropriate Incident Manager/Major Incident Team/Management Group are in place to manage a major incident.
- To ensure that there are in place appropriate arrangements to ensure that major incidents are notified promptly to appropriate management and technical groups, so that the appropriate resources are made available.
- To conduct major incident investigations and timely updates and to contribute to the business/organization’s knowledge of the causes of incidents.
- To conduct a review of each major incident once service has been restored and, in line with problem management, to look at root cause and options for a permanent solution to prevent the same major incident happening again.
Major Incident Manager
HCL Technologies
06.2005 - 01.2011
- Chair Incident Management bridge calls.
- Classify incidents on the basis of Severity & Coordinate and manage the incident in its entire life-cycle. Set incident priorities and choose escalation procedures in the due care of incidents.
- Escalate to and include Global Incident Management Head in a timely manner based on the judgment of criticality of an event.
- Manage provider, customer and internal organizational interfaces.
- Track and monitor higher severity incidents, organizing conference calls, business update calls and related activities to facilitate the incident in a timely fashion.
- Analyzing and making reports for incidents, events and problems.
- Perform Root Cause Analysis and Investigation and follow-up for permanent fix of the problem.
- Follow-up on tickets being raised regularly for re-occurring incidents. Ensuring that the fix is implemented in the production. Follow ups on the outcomes of the CR implemented.
- Handover incidents to Problem Management with clear status & ownership.
- Identify and organize resources, regardless of their position, to participate in conference calls.
- Proactively review incident data to generate higher quality input for Problem Management and detect patterns.
Education
Bachelor of Engineering - Electrical and Electronics
Sri Chandrasekharendra Sarawathi Viswa Mahavidvayala (Deemed University)
06.2001 - 4 2005
HSC - undefined
Sethu Bhaskara matriculation higher secondary school
06.1999 - 4 2001
SSLC- X - undefined
KVHVF
06.1998 - 4 1999
Skills
Risk Management
Information and Cyber Security
Vulnerability assessment
Endpoint security
Data protection
Security awareness training
Compliance management
Network security
Privacy regulations
Disaster recovery
Cloud security
Business continuity planning
Problem-solving
Excellent communication
Decision-making
Effective communication
Certification
CISSP
Overview
19, Information Technology Risk management, Cyber Security Management, Auditing various aspects of IT infrastructure and reporting, Gap analysis of security processes & standards, Security Incident management & Reporting, Risk, compliance and regulatory functions at banks
Timeline
Regional Information Security officer
Vistra
09.2021 - Current
Regional Information Security officer
First Abu Dhabi Bank
07.2019 - 09.2021
Cyber Security Project manager- Technology Risk, Governance and Compliance (VP)
Standard Chartered
07.2016 - 06.2019
Information Security and Risk manager
Cognizant Technologies Solutions
05.2014 - 06.2016
Project Manager-Risk Function
United Leos
01.2014 - 05.2014
Incident Manager CIS
Ramp Group of technologies
05.2013 - 01.2014
Operations Support Specialist
Expedia
09.2012 - 03.2013
Major Incident Manager
Microsoft
07.2011 - 08.2012
Major Incident Manager
HCL Technologies
06.2005 - 01.2011
Bachelor of Engineering - Electrical and Electronics
Sri Chandrasekharendra Sarawathi Viswa Mahavidvayala (Deemed University)
06.2001 - 4 2005
HSC - undefined
Sethu Bhaskara matriculation higher secondary school
06.1999 - 4 2001
SSLC- X - undefined
KVHVF
06.1998 - 4 1999