Sign in

Information Security Manager

Frisco, Texas, United States
November 14, 2018

Contact this candidate


Jayaprakash Reddy Cheenepalli (JP), CISSP, CCSP, CISA, CISM, PMP, TOGAF 9(C), CRISC, CGEIT, CSM,

Certified RSA Archer Administrator, PAN-ACE 7.0

Contact: 480-***-**** / E-Mail:

Seasoned Information Security professional with over 20 years of commendable success seeking Senior Cloud security architect with a leading organization.

Profile Summary

I am a leader with a passion for developing and integrating security capabilities into Products, Cloud and Enterprise IT environments. Domain knowledge with skills to lead, plan and manage highly visible programs. Helping companies to meet compliance requirements, secure data and protect their brand.

Recognized for the ability to closely listen to customer needs and develop programs and expectations per their request. Formulating vision/ strategy that aligns with business objectives. Facilitating effective and productive communication among diverse project stakeholders. Strong organizational and planning skills, analytical decision maker with excellent problem-solving skills. Assess emerging technologies against security architecture to determine gaps and recommend remediation plan.

Proven expertise and success in a role leading and collaborating directly with senior management, delivery, practice development and thought leadership related to Information Security solution development, assessment, and implementation. Demonstrate a positive can-do attitude and brings that to light with teaming and partnering with global customers and peers. Very approachable, and open to new possibilities and different approaches and perspectives.

Provide senior security architectural leadership to all phases of the Cloud Program, including the Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS). Lead initiatives to share knowledge across security and technology teams. Identify, recommend, coordinate, and deliver timely knowledge to support teams regarding technologies, processes, or tools.

Technology savvy and can work with engineering teams to refine architectures and enable security capabilities. Use prior coding and system development experience to translate security controls into technical requirements. Comfortable reviewing code and scripting logic and making recommendations.

Organizational Experience

Since May 2017 with AmerisourceBergen, Frisco, TX, USA

Role: Enterprise Information Security Architect/Manager

Senior advanced security solution architecture skills with wide-ranging experience; Advanced knowledge within multiple architectural specialties. Able to share technology subject matter expertise with architects and other engineers across multiple organizations.

Design and development of the Azure and AWS security architectures for protecting PHI/PII/PCI/GDPR data deployed into different types of cloud and cloud/hybrid systems.

Expertise in designing and implementing fault-tolerant, scalable solution architectures at a global enterprise scale.

Firm understanding of the offerings within Amazon Web Services (AWS) and the Microsoft Azure platforms. Based on business requirements, design and implement cloud-native architectures and designs that will allow those requirements to be met with a minimal degree of risk to Organization and with appropriate security controls present.

Overall global enterprise cloud architecture and lead the security vision and strategy around cloud-based applications, across all types (including Infrastructure, Platform, and Software as a Service (IaaS/PaaS/SaaS).

Serve as an expert advisor in the development, implementation, and maintenance of a company-wide information security policy and control framework.

Solid understanding of frameworks such as TOGAF, NIST 800, and other relevant compliance standards such as PCI, HIPAA, GDPR, SOX and others that are required for Security Compliance and Information Security.

In-depth and demonstrated knowledge of enterprise security solutions such as SIEM, DLP, Vulnerability Management, Scanning, IDS/IPS, Secure DNS, Next Generation Firewalls, Sand-boxing, Wireless Intrusion Detection, Multi-Factor Authentication, Mobile Device Management, Endpoint Protection, and Network Access Control.

Provide hands-on support as well as coaching and mentoring to IT team members.

Proven expertise and success in a role leading and collaborating directly with senior management, delivery, practice development and thought leadership related to Information Security solution development, assessment and implementation.

Provide advice on security best practices, and guide the development and infrastructure teams in developing, adopting, and enforcing security and access policies appropriate to the security needs of the business.

Proven expertise in Cloud Security, Mobile Security, Cyber Security, Cyber threat management, Cyber intelligence collection and Vulnerability assessment, vulnerability scanning, threat management, security assessment, patch management, and event-log management.

Represents Security Platform in development and implementation of the overall global enterprise cloud architecture.

Acts as the ambassador and senior technical representative for Enterprise Security while engaging with other senior technical leaders throughout the organization in design and implementation of cloud and cloud/hybrid-based implementations and solutions.

Works with Engineering, Infrastructure Services, and Application Development organizations to choose appropriate technology solutions and facilitates complete integration into the company environments.

Develops standards in partnership with Engineering, Infrastructure Services, and Application Development.

Leads initiatives designed to share knowledge across Security Platforms and/or Technology teams. Identifies, recommends, coordinates, deliver timely knowledge to support teams regarding technologies, processes or tools.

Develops and executes strategies to increase Cloud Security knowledge throughout the enterprise.

Proven expertise with deployment orchestration, automation, and security configuration management (Jenkins, Puppet, etc).

In-depth and demonstrated knowledge of service-oriented architecture for cloud-based services.

Proven expertise with cloud security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies.

In-depth knowledge of threat modeling and design reviews to assess security implications and requirements for the introduction of new technologies.

Expertise in representing technical viewpoints to diverse audiences and in making timely and prudent technical risk decisions.

Working knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (SAML, OAuth, OpenID, etc).

Proven expertise with assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and processes (secure software development (Application Security), data protection, cryptography, key management, identity and access management (IAM).

Proven expertise with enterprise architecture and working as part of a cross-functional team to implement solutions.

Maintains security by monitoring and ensuring compliance with standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs.

Strong hands-on experience with Docker and Kubernetes.

March 2016 – April 2017 with Amkor Technologies, Phoenix, AZ, USA

Role: Senior Information Security Architect

Develops and drives implementation of the Information Security strategy.

Accountable for ensuring effective architecture governance, policy, process, and guidance is in place to inform and mandate repeatable, secure IT design and engineering practices.

Experience in evaluating current-state related to IT Security for enterprise organizations and have developed the architecture to ensure appropriate security requirements.

Architecting secure service design, identify the appropriate threat and attack vectors and communicate the need and relevance of security controls whilst balancing capability against security value.

Define logging aggregation, alerting, patching, backup and restoration capabilities for Systems, and the corporate network.

Experience with network and server security, including Next-Generation Firewalls, VPN, Anti-Malware, Patch Management, PKI, Certificate Management.

Compare and evaluate various private, public cloud technologies and tools from technical, functional and financial feasibility.

Assists with maintenance of IT General Controls SOX and Payment Card Industry (PCI) Data Security Standard (DSS) compliance efforts.

Able to automate/script daily tasks through PowerShell or equivalent.

Programming experience with Java, C/C++, etc.

June 2014 – February 2016 with Reliance Jio Infocomm, India

Role: Director, Cloud Security

Promote security culture and drive continuous security improvements. Ensure technical and operational security controls are incorporated into new systems and applications through participation in planning groups and the review of new systems, installations, and other major changes.

Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from laws, standards, and regulations.

Monitors compliance with the organization's information security policies and procedures among employees, contractors, partners, and other third parties; resolves potential issues as needed.

Maintain a superior knowledge of the cybersecurity capabilities of operating systems, networking devices, control systems, and vendor offerings.

Maintain a working knowledge of applicable cybersecurity standards involving critical infrastructure, including those relating to process networks.

November 2007 – May 2014 with American Express, Phoenix, AZ, USA

Role: Information Security Architect/ Manager

Consulting experience in the areas of Information Security, Risk Management, Governance, Security Policy Assurance, and Compliance.

Leadership and strategic direction for the function, ranging from planning and budgeting to motivational and promotional activities expounding the value of information security.

Periodically reports progress to management and assesses and measures results related to Information Security activities.

Interact with business partners to better understand their objectives and help them understand industry technical landscapes.

Make recommendations to management on enhancements to existing and new security hardware, software or related tools. Assist in evaluating, planning, configuration, and implementation of new/existing security applications/tools.

Establishes and enforces the Security Model, technologies and standards for system architects and designers.

Works with the Lines of Service solution architects, network & application specialists and technical subject matter specialists to integrate security controls into a cohesive architecture that sufficiently mitigates risk to the Firm.

Expertise in designing and implementing scalable solution architectures that perform at a global enterprise scale.

March 2003 – October 2007 with Albertsons, Boise, ID, USA

Role: Information Security Lead/Consultant/Manager/Architect

Assess emerging technologies against security architecture to determine where they fill gaps, overlap with existing solutions or extend capabilities.

Serve as the information security subject matter expert; provide advisory and consulting services as needed

Review existing and proposed architectures, identify security design gaps, and recommend changes or enhancements.

Develops and implements a framework for security processes, roles, and responsibilities throughout the organization.

Proven track record developing information security policies and standards, control design and development, implementation and automation of controls to support auditing of the overall security program and Information Systems Management Systems.

Advising leadership on Information Security issues, systems, processes, products, and services.

Provide expertise and leadership in relevant risk committees as appropriate on behalf of IT Risk and Information Security.

April 2000 – February 2003 with GE Healthcare, Paris

Role: Information Security Engineer/Lead/Consultant

Evaluate solution architecture using architecture frameworks, principles, models, patterns and standards like TOGAF to provide recommendations on solution architecture, implementation approach and deployment options.

Conducts reviews, and analyses organizational needs and goals to develop and implement applications.

Defines application components, platforms, interfaces, and development tools. Directs mapping activities on specific technology platforms.

Create program specifications and development of several programs for a critical EURO conversion.

Develops application architecture and blueprints aimed at reflecting enterprise business logic.

Leads information security training strategy for employees, contractors, partners, and other third parties as appropriate.

December 1997 - March 2000 with Wipro Technologies, India

Role: Software Engineer

Create program specifications and the development of several programs for a critical EURO conversion.

Develops application architecture and blueprints aimed at reflecting enterprise business logic.

Academic Details

BTech (Computer Science & Engineering) from Sri Venkateswara University, Tirupati

Executive MBA from Karnataka State Open University

Maters in Computer Science from University of Illinois at Chicago, currently studying


Received awards from ISE® North America Leadership Summit. The awards recognize the information security executives and their teams who demonstrate outstanding leadership in risk management, data asset protection, regulatory compliance, privacy, and network security. Please refer URL for details:

Received a true-blue award for the exceptional support to AWS, Azure (IaaS, PaaS and SaaS) services.

Received going above and beyond award for architecting data protection (Masking, Encryption and Key Management) solutions.

Received going above and beyond award for securing the O365 environment.

Received Star Award Certificate for my outstanding performance and lasting contributions to eGRC Applications

Received Award of Excellence certificate for putting in exceptional efforts to complete the Organization Realignment Project on time at a high Level of Quality

Received Award Certificate for my outstanding performance and lasting contributions to Legacy Financial Applications

Contact this candidate