RAMKUMAR SUNDARARAMAN

A Security Professional with more than 15 years of experience spanning across IT security, Security operations
(SOC), Governance, Compliance, Architecture and IT Risk management.

Summary:

❖ Solid understanding of information security technology processes.

❖ Hands on experience in conducting vulnerability assessments and penetration testing, designing /

implementing the security policy.
❖ Experience in IS consulting i.e., Assessment, solution architecture, implementation and management of
Information security policy design.
❖ Conducting effective reviews of other IT projects to ensure that the solution proposed complies with published
Standards, ensuring that the overall risk level of the infrastructure is at least maintained if not reduced.
❖ Experience with implementation of regulatory and contractual frameworks like PCI-DSS and ISO 27001:2013.

❖ Present the management playbook with the security posture, project status, and budget and resource
utilization, tracking on a periodic basis.
❖ Handling the Due diligence audits from the clients on request.

❖ Good domain knowledge in Cards, Banking & Telecom.

❖ Have good problem-solving skills and knowledge of network routing & switching protocols, and experience in
one or more best-of-breed next gen Firewall/UTM (Palo-alto), IPS/IDS, SIEM (Exabeam), Advanced Threat
Prevention platforms/security products from various vendors such as crowd strike, Check Point, Cisco, Palo
Alto, Imperva, Websense, IronPort, bluecoat. Working familiarity with Linux and Windows OS.

Experience Summary:

Total Experience 15+ years

Team Management Experience 8+ years

Experience:
May 2013 – October 2021
Riministreet India Operations Pvt. Ltd.
Sr. Security Architect

● Threat and Cyber Security Management.

❖ Analyse security advisories from threat Intelligence feeds (IBM X-Force, US-CERT, SANS etc) ... and
Security Forums/Blogs.
❖ Collect IOCs and Assess applicability.

❖ Do Risk/Impact assessment.

❖ Notify Threats/Vulnerabilities to respective teams.

❖ Recommend the remediation and track until closure.

❖ Monitor Internet Presence of the Organization.

❖ Monitor Phishing emails and take necessary action to mitigate.

● Information security RISK assessment

❖ Do vulnerability/Threat RSIK assessment.

.
 ❖ Highlight any Security RISK as part CAB (Change Authorization Board) discussions.

❖ Highlight the design/Build level RISKs as part of new service/Application/process Introduction.

❖ Follow NIST SP 800-53 RISK Framework to Identify, Assess, Mitigate and Monitor the RISKs.

❖ Track the RISK register and escalate to Management for any non-remediated RISK.

❖ Recommend modification/addition/creation of Security policies.

● Information security compliance tasks

❖ Involve in Internal and External Audits and Regulatory requirements.

❖ Remediation of Highlighted Audit observation/Noncompliance.

❖ High light the residual RISKs to Management.

❖ Work closely with HR/Legal Team on any non-compliance incidents.

❖ Make Security Assurance programs to make sure employees to read and accept the Information Security
Policies.

● Information Security awareness program

❖ Conduct security awareness training sessions with different business teams.

❖ Track and work on Improvement plan on Security awareness training program.

❖ Prepare security awareness training documents/online materials for new Joiners.

❖ Periodically send communication email to all employees on any Major Cyber Threats and Latest
awareness news.
❖ Conduct Security awareness road shows and events.

● Involve in POCs for IT security tool implementation

❖ Gather Business requirements for security tool/Products.

❖ Setting up success criteria and use cases.

❖ Evaluate Industries Top players’ product for a specific requirement.

❖ Do due diligence and Plan for POC requirements.

❖ Setting up POC.

❖ Report to Management on POC results for recommendation.

June 2011 – July 2012

Verizon Data Services India Pvt. Ltd.
Sr. Specialist

❖ Provide Awareness sessions for the new joiners in the organization

❖ Conduct investigations for any violations of the organizational policy

❖ Develop Process & Improve Process on Continual Basis

❖ Present Metrics to Senior Management and Appraise the Management about the Organization’s
Compliance Status on Continual basis
❖ Perform Root Cause Analysis on Non-Compliance Issues and Appraise the relevant stake holders

.
 ❖ Assure the Non-Compliances are Addressed & Remediated within Stipulated Timelines & within the
scope of Acceptable Risk Levels
❖ Conduct Audits on Software Applications in Various Environments, Ascertain & Assure Compliance

June 2007 - March 2011

FAIRCOM (FZE)
Manager Information Security

❖ Participated in defining, documenting, and maintaining security policies and procedures for the
company and to provide assurance towards successful implementation of these policies and
procedures in various environments such as Development/Testing /Production
❖ Identify associated threats in the information assets, systems and facilities that support the Company
and conducts periodic Information Security risk.
❖ Identify Vulnerabilities, Analyse and proposing treatment. Communicate on security related risks to
the organization.
❖ Developed a Security System with procedural, physical and logical controls to manage the risks.
Participate in conducting internal Penetration Tests and generate reports, ensuring proper response
to the findings.
❖ Monitoring compliance with IT Security policies and procedures, and escalating problems to
appropriate line management.
❖ Participated in evaluation of the vendors and provide security consultancy for the new projects to be
implemented.
❖ Initiating, facilitating, and promoting activities to foster IT Security awareness within the organization.

❖ Internal Audit / Assurance: Conduct security reviews and prepare reports (Root Cause / Risk analysis
& Trends) to assess the effectiveness of security controls deployed for managing various control
areas (Access Control, Network & Perimeter, Application Development, Operating Systems, Legal &
Technical Compliance and Change Management) and provide Assurance by follow-ups towards
Closure of issues.
❖ Participate in Change Control Board meetings to assess the changes to the environment from
Information Security Perspective.
❖ Leading a team and provide guidance to the team in the role of a Subject Matter Expert

Nov 2005 - April 2007

Ramco Systems & JKCS
Security Consultant

❖ Perform Vulnerability Assessment and Penetration testing evaluating existing and future technology
projects to ensure the applications met the exact level of security requirements.
❖ Review the security settings pertaining to Application administration and operations procedures and
related controls.
❖ Evaluate, Recommend and Implement reasonable security controls and or procedures to mitigate
identified threats.
❖ Review the user access management and related controls.

❖ Review of audit trail requirements and existing auditing controls within the application.

❖ Highlight the areas of weaknesses and recommend areas of improvement.

❖ Validate any security and privacy dependencies that the application has on components and
processes in the existing infrastructure.
.
 ❖ Ensure that the risks to the business and infrastructure are properly identified, quantified and
communicated.
❖ Participated in major IT projects and provide InfoSec related input thereby ensuring that the proposed
solutions mitigate identified business risks and allow the business to operate efficiently.
❖ Review IT projects and ensure it Complies with published Standards, ensuring that the overall risk
level of the infrastructure is at least maintained if not reduced.
❖ Conduct incident investigations and forensic analysis of impacted systems.

❖ Develop technical IS Security standards and guidelines on which other IT teams can develop
solutions.
❖ Perform incident investigation of security violations and exceptions at the request of Human
Resources and other departments.
❖ Research and monitor security exploits and vulnerabilities applicable to the environment

❖ Perform security reviews, evaluations, risk assessments, and monitoring on a regular basis to ensure
security exceptions and violations are identified and addressed in a timely manner.

Previous Experience:

Magnumopus Info solutions Technical Manager (Sept 2003- Aug 2005)

SmartIMinds Technologies pvt. ltd Sr.Software Engineer (Oct 2001- Aug 2003)
Shonkh Technologies Ltd. Software Engineer (Sept 1999- Sept 2001)

Education:

Bachelor of Arts, Corporate Secretary ship

University of Madras, Madras, India

Professional Certifications:

● Certified Scrum Master (CSM)

● Certified Ethical Hacker (CEH)

Contact Details:

Email: ramkumar.vs@gmail.com
Mobile: +91 8861897756