Post Job Free
Sign in

Security Project Manager

Location:
Cary, NC
Posted:
January 07, 2013

Contact this candidate

Resume:

Aravindan Ganesan

Email: abqh6f@r.postjobfree.com

Address: *** ****** ***** *****

City: cary

State: NC

Zip: 27519

Country: USA

Phone: 978-***-****

Skill Level: Management

Salary Range: $125,000

Willing to Relocate

Primary Skills/Experience:

See Resume

Educational Background:

See Resume

Job History / Details:

Aravindan Ganesan CISM CISA PMP CRISC

abqh6f@r.postjobfree.com 978-***-****

Summary

* More than 15 years of IT Security, IT Management, PCI DSS Security, HIPAA, SOX 404, ISO 27001, Security Risk Management and Project Management, experience galvanizing teams in core initiatives while serving as a change agent for efficiency improvements with expertise in Platforms and Interface Management.

* Interfaced with CIOs, CISOs, CFOs, Senior VPs and Directors to determine business strategy and to allocate budget and resources and managed large team of professionals.

* Leader with proven track record of delivering technology solutions using multi-sites and cross-cultural teams.

* Demonstrated ability to identify gaps relating to key IT security processes and implemented industry best IT practices.

* Managed the implementation of IS Security programs in large enterprises

* Wide industry experience including HealthCare, Banking, Financial, Insurance, Retail, Telecommunications, Travel, Legal, IT Security, Manufacturing and Logistics.

* Effective at motivating and leading IT security and compliance professionals. Excellent presentation, communication and negotiation skills.

* Acted as an advisor and provided guidance on system and security architecture,policies & direction.

* Managed the resources and budget & identified the staffing requirements.

* Recruited and managed IT managers, systems, network and security professionals.

* Mentored and coached the managers and the team for technical and soft-skills.

* Proven track record of delivering technology solutions using multi-sites and cross-cultural teams.

Significant Achievements

* Managed large security, risk and compliance initiatives for PCI DSS,SOX-404 IT and HIPAA / HITECH, Privacy Act, FFIEC, Federal Trade Commission( FTC ),SAS/70 &ISO 27001

* Extensive experience in IT Security Program, Security Policies & Standards, Risk Management, IT Governance IT Compliance, Incident Management, Vendor Evaluation, Data Discovery & Classification.

* Implemented Enterprise Risk Management Framework; Organized and conducted enterprise-wide security risk assessments; Managed the implementation of large secured networks and systems.

* Established Security Committee & Change Control Committees. Created Security Incident Response Plan; Investigated security breaches;

* Collaborated with key business and IT leaders to develop security policies, configuration standards (NIST), guidelines and procedures to ensure the confidentiality, integrity, and availability based on frameworks: COSO, ISO 27001, ISMS, COBIT, OWASP, SANS, ITIL, 21 CFR Part 11.

* Provided on-going leadership to expand IT Security Posture for the company and implemented new technologies, tools and processes including web application security testing, WAF ( Web Application Firewall ), DLP ( Data Loss Prevention ), FIM ( File Integrity Monitoring ), Arc Sight ( Security Incident and Event Management ) and IDM.

* Conducted NERC CIP compliance for energy companies.

* Managed the implementation of BCP and DRP plans; Integrated security with SDLC Process.

* Program management, Project Prioritization and Team Selection.

* Extensive working experience with IT systems ( IBM Z O/S Mainframe, AS/400, SAP, PeopleSoft Unix, Windows, databases ( DB2,Oracle,SQL ) & network devices ( IDS / IPS / VPN / Firewall / Switches ))

* Vendor negotiation and leveraged global development and delivery models.

* Designed and implemented enterprise wide security solutions and reduced security, compliance and privacy risks; designed risk ranking methodologies; implemented risk based approaches.

* Provided on-going leadership to expand business opportunities beyond short term solutions.

* Managed the implementation of vulnerability and threat management ( Vulnerability scan and penetration testing &security patch management).

* Managed Several Key Security Projects : Network Segmentation; Business Continuity Plan and Discovery Recovery Plan; Identity and Access Management( IAM ); Vulnerability and Threat management; Security Patch Management; Security Configuration Standards; Encryption and Key Management; Data Loss Prevention; File Integrity Monitoring ;Integration of Security into SDLC Process; Web Application Security Testing; Web Application Firewall; FireEye.

* Organized and managed manual and static code review and dynamic web application security testing and recommended solutions.

* Created third party vendor management programs and conducted third party risk assessments.

* Executed timely performance appraisals, and coached and mentored IT security and compliance professionals.

* Trained and mentored IT security and compliance professionals; Designed security awareness training programs;

* Managed complex and large IT security projects with budgets ranging from $500K to $24M and resources from 5 to 40 professionals.

Professional Experience

Egrove Systems Oct 2007 to Till Date

Principal Security and Compliance / Director - Security and Compliance

Managed the design and development of enterprise IT Security Architecture. Managed and delivered IT security and compliance initiatives of PCI DSS, SOX Audit, Enterprise Risk Management (IT Governance), and HIPAA Compliance, SAS/70 and ISO 27001 -Information Security Management Systems (ISMS) frameworks

Client Companies:

Finance and HealthCare: Transunion ( PCI DSS Security and Compliance )

Retail Sector: TJMAXX ( PCI DSS Security Compliance and FFIEC Security )

Travel: Carlson Wagonlit Travels (Enterprise Security and PCI DSS Security and Compliance )

Health Care System: Siemens HealthCare Systems ( PCI DSS Security, SAP System Security & Tokenization )

Health Care System: Blue Cross Blue Shield ( Web Application, PCI DSS Security & HIPAA Security )

Banking Sector: World Bank ( PeopleSoft Application and HIPAA Security)

Banking Sector: Wells Fargo / Wachovia Bank ( PCI DSS, Enterprise Security and Web Application Security)

Finance and Healthcare: Principal Finance, Bank and HealthCare ( PCI DSS, IBM Z O/S Security and Enterprise Risk Management)

IT Security: EMC / RSA Security ( Governance and Enterprise Security Risk Management ( GRC ) )

Energy Sector: Xcel Energy (NERC CIP Compliance)

Legal and Storage Service: Iron Mountain/Stratify ( SAS/70 and ISO 27001 and PCI DSS Security )

Security Architecture: Worked as an advisor for creating road map and strategy for Security and compliance. Managed the creation and implementation of IT security architecture and systems, security policies, configuration standards and guidelines. Created and managed information security processes and security control standards for technology and application development.

PCI DSS Security Compliance Projects:

Worked as a program manager and created a road map for entire PCI DSS compliance program and managed more than 20 resources (security managers, project manager and security architects etc.,) with the project cost of more than $24 Million dollars. Managed entire global PCI DSS compliance programs for USA, Europe, Asia and Latin America. Provided architecture guidance for security and direction. Defined global PCI compliance roadmap. Managed the implementation of security solutions (IBM Z O/S Mega Crypt encryption, key management, data loss prevention (DLP) and file integrity monitoring and IDM) and safeguarded the credit card data Private Identifiable Information (PII), & company confidential information. Designed and implemented enterprise wide security solutions and reduced security, compliance and privacy risks. Managed the implementation of enterprise-wide security policies & processes relating to FFIEC.

Managed and Implemented Several Key Security Projects: Network Segmentation; Tokenization; Identity and Access Management ( IDM and IAM ) ( CA and Tivoli ); Web application security ; SIEM /ArcSight Implementation ; Security Configuration Standards; Encryption and Key Management; Data Loss Prevention; File Integrity Monitoring; Fire Eye (Tool for preventing of zero-day and APT attacks)

Web Application Security: Established security risk assessment framework and processes and integrated security into SDLC process. Managed the implementation of web application firewall (WAF), manual and static code review and dynamic web application security testing tools (Web-Inspect, Fortify, Vera code). Conducted training for programmers on secure coding practices and new SDL process. Managed and reviewed web application security test results and provided practical recommendations based on OWASP and SANS. Established threat modeling process (DREAD and CVSS) and risk ranking methodologies to prioritize and rank the security risks.

IT Security Governance / Enterprise Risk Assessment: Worked as a team lead and created enterprise wide security risk assessments with the project cost of more than $22 Million dollars. Developed IT Security Governance and Enterprise Risk Management Framework for the company. Managed and tracked the enterprise security risk, threat, vulnerability and security issues and status of remediation plans. Prepared high level/dash board reports and presented them to senior management.

IT Security Risk Assessment: Managed and conducted a security risk assessment to identify the security issues. Created risk management strategies and risk-based approach for prioritizing the security issues and resolved them.

HIPAA Security: Managed the team of IT security professionals and implemented security controls required for HIPAA Act.

SIEM- Event Correlation / Log Management / Incident Response Plan: Managed the implementation of ArcSight and Splunk (SIEM) event correlation tools and implemented incident response plan and procedures.

Vulnerability and Threat Management: Streamlined and consolidated the processes relating to vulnerability scans, penetration testing, security patches. Introduced risk-based approach and risk ranking tools (CVSS) for addressing the security issues.

Keane Inc., Boston, Massachusetts

Senior IT Audit Manager Mar 2005 to Sep 2007

Project Manager - Security and Compliance Aug 2004 to Mar 2005

Managed security and compliance team and implemented IT Security programs for the entire corporation, including locations in Europe, Asia, Australia, Canada and USA.

Security Committee: Formed Security Committee with the help of CIO to review and approve system, security architecture, risk management process, security policies, configuration standards &procedures and prioritize the security risks and resources.

SOX 404-IT Compliance: Audited and tested controls for AS/400, SAP, PeopleSoft, JD Edwards, Oracle, DB2, MS/SQL, Infinium, AIX6000, UNIX (Sun Solaris), IT security, systems, & applications.

Business Continuity and Discovery Recovery Plan: Managed business continuity and disaster recovery project, conducted business impact analysis and identified RPO and RTO and coordinated with various teams and implemented them.

ISO 27001 Security Certifications:

Managed the process of implementation of ISMS framework and security controls and obtained certifications for numerous locations including Australia, USA and India.

iBasis, Burlington, Massachusetts April 2001 to Aug 2004

International Project Manager (Security and Compliance)

Project managed the implementation of global data centers in Europe, Asia and Americas.

Global IT Security: Project managed the design and deployment of IT Security systems (Firewall, router, switches, IDS/IPS & VPN) across the globe (Paris, Amsterdam, London, Hong Kong, Tokyo, Frankfurt and Singapore)

CISP (PCI-DSS Security Compliance) Security: Implemented secured systems and processes to secure the credit card transactions based on CISP (PCI -DSS Security Compliance) security programs.

Web Application Security: Managed the development and implementation of web & ecommerce security.

AT&T Wireless, Pittsburgh, Pennsylvania Mar 2000 to April 2001

Lead Network and Security Consultant/Project Manager

Designed and managed the implementation of Layer 3 network for AT & T wireless for 90 locations in USA (Team Size: 20 Network Engineers/Analyst)

Al Futtaim Pvt., Ltd, Dubai, UAE Mar 1996 to Mar 2000

Network Manager / Controller

Managed team of network and security professionals and designed and implemented network systems for 120 locations in UAE. Migrated applications from legacy IBM AS/400 systems to SAP R/3 System.

Philips India Ltd Mar 1995 to Mar 1996

Assistant Automation Manager

Managed team of application developer and network engineers to manage seven IBM AS/400 and JD Edwards ERP applications and implemented remote system & networks using VSAT terminals.

Education / Certifications

* MBA - Technology Management (expected : 2013)

* B.E, Anna University, Madras, India

* Project Management and Supervisory Certification ( Penn State University, Pittsburgh, PA )

* CISM - Certified Information Security Manager-ISACA

* PMP- Project Management Professional - PMI

* CISA-Certified Information System Auditor -ISACA

* CRISC- Certified in Risk and Information Systems-ISACA

* CCDA and CCNA - Cisco Certifications

Certification in Progress:

* CISSP Certified Information Systems Security Professional

Training Courses

* CISSP Certification Course - IT Security Course - ISC2

* CPISM - Training on Certified PCI Security Manager

Immigration Status: US Citizen



Contact this candidate