SurjithKumar

IT Governance.

Policy Exception Management

Deferred Remediation Dates Program Management.

Application Security.

Qualys Vulnerability Management.

BISO/BCM functions and questionnaires.

Deal with the independent testing team’s queries.

Threat Modeling and Insider Threat Management.

• Led enterprise-wide cybersecurity policy exception management, overseeing risk-based reviews, mitigation strategies, and approvals in alignment with governance and business risk tolerance.
• Provided senior-level review and validation of complex, high-risk exception requests, ensuring completeness, accuracy, and defensible risk assessments prior to executive approval.
• Drove exception governance workflows, coordinating cross-functional stakeholders across business units to enforce escalation thresholds and risk response decisions.
• Established and maintained authoritative records of policy exceptions, risk justifications, mitigation plans, and approvals to support regulatory, audit, and compliance requirements.
• Monitored active and extended exceptions, holding stakeholders accountable for mitigation execution, renewal justification, and timely closure of residual risk.
• Produced executive-level dashboards and reporting on exception trends, enterprise risk exposure, and control gaps to inform cybersecurity leadership decision-making.
• Analyzed recurring exception patterns to influence cybersecurity policy enhancements, control improvements, and risk-reduction initiatives.
• Served as a subject matter expert for cybersecurity policy exceptions, supporting internal and external audits, and mentoring junior team members on governance processes.

• Deployed to Wells Fargo as Contractor.

• Conducted application security assessments and vulnerability scans with enterprise application and Infrastructure testers.
• Collaborated with development teams to implement secure coding practices resulting in the reduction of high-risk vulnerabilities.
• Collaborated with development teams to perform secure code reviews and provide actionable recommendations.
• Developed and implemented secure coding guidelines and standards, significantly improving the overall application security posture.
• Create and implement policies, procedures, training and communication of the new policies and procedures.
• Ensure that IT computers and supporting infrastructures are validated and qualified according to IT policies, procedures, and standards.
• Apply the concepts of Enterprise Risk Management to help identify, assess, mitigate, and proactively consider emerging risks.
• Analyzed new and repetitive events, incidents, and problems within the technology environment to find common underlying root causes.
• Managed changes to applications including bug fixes, patches, release, and Service Pack updates.
• Regular check on the Qualys identified vulnerabilities and performed the impact analysis on the assets affected and framed remediation plan with IT teams.
• Performed architecture review for all the IT software components usage restrictions.

• Collaborate with security engineers and SOC managers to provide situational awareness via detection, containment, and remediation of threats to networks, web apps, and systems.
• Used Splunk to verify/manage security assessments and pinpoint flaws.
• Monitor network activity, evaluate escalated security alerts, as well as coordinate response, containment, eradication, and recovery measures.
• Coordinate SIEM development plans in collaboration with in-house technical teams.
• Protect significant and confidential data, along with business systems.
• Guarantee tracking, documentation, closure, and post-incident reporting are completed to enable experts to make policy changes for optimizing security operations.
• Follow the company's response plan when notifying cyber defenders of event history, status, and potential impact for further action.
• Evaluate sufficient system authentication, authorization, and access control methods created by SOC executives.
• Lead and train junior analysts to ensure personnel possess the necessary security awareness, knowledge, and skills to execute relevant tasks.

Job Responsibilities – ITSM (Incident, Change and Problem Management)

• Create a daily report for client meeting in all areas of the services provided.
• Key owner for all the critical outage communications.
• Creating problem record, validating the severity of a problem record by investigating the business impact to the customer.
• Monitoring task Id & queue preparing daily, weekly & monthly report including the service availability & sending Executive alert in case of a severity 1, 2, and 3 situations.
• Problem detection and reporting Logging, categorization and prioritizing of Problems. Involve in research for the root-causes of Incidents and thus ensures the enduring elimination of interruptions.
• Monitoring alerts in SCOM console and assign incidents to the respective teams for health checks based on the severity.
• Performing Device checks every morning which includes exchange disk space and share drive space and perform cleanup activities.
• Active directory operations
• Trouble shooting issues within TMG and provide\restrict access to different roles and responsibilities.
• Prepare weekly SLA report, change report, Problem Report before end of the week and submit to Senior IT Management Team.
• Attend weekly call with Senior IT Management team and explain the uptime and downtime. Also update the Senior IT Management team of the Service Available time and the workarounds on the repeated incidents.
• Work in emergency situations related to downtimes, Application and system upgrades and critical incidents and 24x7 availability over phone and in person.
• Coordinate to find out the root cause of a problem & preventative action for the issues reported and documenting all problem record.
• Post Implementation review based on the changes done in production environment.
• Work with Technology team on the RCA’s and update the client on weekly Wellness call. Also work with Technology team to prepare the resolution document and update in the Master Record database.
• Work with Configuration Management team to analyze the test results before pushing the security patches and updates to client PC’s.
• Ensure that each release package consists of a set of related assets and service components that are compatible with each other.
• Ensure that all release and deployment packages can be tracked, installed, tested, verified, and/or uninstalled or backed out, if appropriate.
• Record and manage deviations, risks, issues related to the new or changed service and take necessary corrective action.
• Play a Vital role in CAB (Change Advisory Board) in IT Infrastructure Domain.
• Involved in designing and deployment of ITIL framework process in our IT Service Delivery with new set functional activity which reduced the escalations.