Cyber Security Program Manager
Resume:
Hariram Hari, PMP
Plainsboro, New Jersey ***** • 609-***-****
www.linkedin.com/in/ramchari • US Citizen
Cyber Security / Cloud/ IT Program Manager
Data Center/Cloud Migration Cyber Security/Regulatory Compliance
Seasoned, versatile, and highly accomplished Technology Program/Project Management leader with 20+ years’ success delivering technology to enable business, IT, cloud, cyber security, risk management, and compliance solutions for global, industry-leading organizations; Demonstrated expertise leading enterprise-scale technology programs, projects, and initiatives, seamlessly managing internal, client, partner, and vendor teams / stakeholders as lead program manager and/or Project Manager. Areas of Expertise:
Cloud computing and Migration
Cloud Apps Migration
Risk Management / Mitigation
Security Controls & Audits
IT Infrastructure and Security
Vendor / Partner Relations
Technology Program Management
Data center/Cloud Governance
Identity Management Solutions
C-Level Advising & Liaising
RFP Responses & Proposals
Enterprise Cyber Security
SLA / Contract Management
Multimillion-Dollar Budgets
End to End Compliance LC
NIST 800-53, RMF 800-30, 800-53A
Team Building & Development
Project Mgmt through Gen AI/ML
Professional Experience
FORTIDM TECHNOLOGIES, Princeton, New Jersey
Executive Director & Principal Consultant – Cloud, Risk Management, Security & Compliance, 1/2007 to Present
Engage with diverse clients to deliver risk management, compliance, and data center to cloud migration
Following success establishing security consulting practice from scratch, serve in key solution consulting, development, and implementation roles for industry-leading clients in diverse sectors such as fortune 500 financial, pharma, big 4 consulting, healthcare, federal and local government etc. Play instrumental role in Datacenter migration, IT infrastructure, security and compliance solution and green field and brown field cloud implementation/migrations. Key Engagements:
Consultant-Client Identity and Access Management (CIAM) – Technical Project Manager –UBS Mar ’23 to current
Managed the delivery of the Next-Generation Client Authentication Platform (NGCAP) in a progressive, rolling wave approach, successfully migrating one million clients to the new NGCAP platform for web and mobile on a hybrid cloud infrastructure.
Established and executed Key Results and Key Deliverables, leveraging the Safe framework to drive outcome-based delivery, ensuring efficient project management and alignment with organizational objectives.
Orchestrated the delivery of the industry-leading Transmit authentication solution across diverse end-user categories (e.g., retail, institutional) and risk-based transactions, enhancing security and user experience.
Successfully implemented cloud and on-premises infrastructure changes, upgrades, and compliance remediation fixes, contributing to the seamless operation of the bank.
Fostered collaboration with business and IT platform teams, ensuring the synchronization of business requirements with UI and client authentication platform teams to deliver solutions effectively.
Elevated the client experience by significantly improving the Time to Market (TTM), thereby gaining the confidence of the business stakeholders.
Demonstrated strategic foresight in CIAM management by reducing overall infrastructure operational risks through the migration to Azure Cloud as the designated target state.
Consultant-Program Management Lead and SME– Cloud Apps Migration- UBS ’Jan 19 to Feb ‘23
Led and Directed global Application Development and Infrastructure teams in the successful migration of the Wealth Management Americas application to the Azure Cloud, ensuring seamless integration and operational efficiency.
Established Governance Framework for cloud services demand, orchestrating a methodical approach to drive business benefits during data center migration to the cloud. Overseeing both Lift & Shift and Green Field/Brown Field migrations.
Defined and delivered a comprehensive Service Catalog based on cloud demand, enhancing demand management and cloud governance. Collaborated with executive leadership in Infrastructure and Security Engineering to streamline processes.
Managed Scrum of Scrum Standups to implement a cloud-first strategy, utilizing Azure Migrate for the migration of on-premises enterprise services. Ensured effective communication and collaboration among cross-functional teams.
Reported to Global Executive Leadership on program progress and addressed blockers, translating technical details into business-friendly updates.
Facilitated Executive Level Meetings to proactively resolve issues, ensuring the achievement of program objectives on a periodic basis.
Demonstrated Strong Project Management Skills in a delivery-focused environment, overseeing multiple vendors and geographically dispersed virtual teams.
Proficient in Azure DevOps SDLC and CICD pipelines, mapping data center infrastructure to cloud services using tools such as ADO, JIRA, GitLab, ARM templates, etc.
Identified and Addressed Gaps in Azure services specific to the financial services industry, collaborating with vendors to proactively resolve challenges.
Conducted Technical Risk Assessments presented to the Risk Board for approval, enabling the adoption of cloud services.
Solid understanding of Azure network, landing zone, ExpressRoute, security, high availability, site redundancy, and cross-region considerations, Azure PaaS, application migration, Monitoring, Logging, service curation etc.
Consulting-M&A TSA Lead – Cotiviti/HMS/Gainwell/PricewaterhouseCoopers (PwC), Jan 22 to Apr 22
Led the Transition Service Agreement (TSA) stream in the context of entity separation of our client from its parent. Responsible for
Infrastructure and Service expiration tracking, service transition planning and execution
Escalation of issues and resolving to avoid IT services gap while active separation of entities.
Reporting to executive leadership on the progress, issue closure and decisions on the data center consolidation
Consultant - Project Manager – Cyber/Enterprise Risk, US Courts (AREP), Oct 2020 to April 2021
Oversight/Accountable for the delivery of the below services
NIST CSF framework that assists in delivering contextual data/ KPI metrics to identify the leading and lagging indicators of security posture.
Log reviews and identify the KPIs (based on the operational context of AREP) to fine tune the score card metrics.
Assisted Compliance aspects of IT security Audit Requirements. Delivered the following during audit process.
Provided evidence for IT security controls implemented to meet the Score card KPI.
Documented recommendations for remediation to fix the existing vulnerability.
Managed the review of the IT security controls implementation details, system vulnerability etc.
At the outset, we reviewed the 54 controls listed in multiple categories supplied in the RFP addendum and gathered detailed evidence needed and also provided procedure to complete the score card of the Judiciary Information Security Framework (JISF)
Documentation- Assisted with court security documentation as directed and provided to the court unit as needed.
Enterprise Security Tool Management- Assisted in providing court unit-wide solutions and support with nationally provided security tools and will collaborate with the local court unit on solutions that will benefit the district.
Report Generation through Splunk Automation was delivered in a variety of formats. In addition, deficiencies in log management and auditing were identified by assessing a snapshot of the current implementation and comparing it to industry standard framework best practices.
Consultant – Risk Governance & Controls, PepsiCo. / PricewaterhouseCoopers (PwC), ’Jun 18 to Dec 18– Serving as cyber security and risk management subject-matter expert (SME), directed development and implementation of comprehensive risk governance framework.
Authored risk governance charter in alignment with enterprise risk tolerance threshold and security program priorities; established risk governance committee and sub-committee.
Advised on major risks and produced executive summary, informed by threat vector modeling.
Created risk appetite and tolerance threshold exercise for 300+ IT/OT security staff.
Directed IT/OT Security Controls Refresh Team, responsible for development of NIST-compliant process / security controls for all IT processes.
Program Manager – Global Compliance / Data Center Cloud Migration, AON, Inc., Jan 17 to ’June 18: Directed program management / compliance SME stakeholder committee for migration of applications from 25 data centers in North America, EMEA, and APAC to co-located cloud, Rackspace, and Azure.
Led migration compliance program spanning goal, roadmap, compliance gate, risk control self-assessment (RCSA) program dashboard, and steering committee / executive management team report development.
Transition Services Agreement between Buyer and Seller during the separation in the context of M&A
Oversaw vendor auditor partners, including PwC and Deloitte, in PCI DSS, HIPAA, SOX, EU GDPR, and SOC1/2 compliance audits, using COSO 2013 framework; developed and introduced metrics-based compliance reporting for pre- / post-migration statuses.
Conducted applicability exercise using FISMA NIST 800-53 controls mapped with rest of the industry standards to meet the federal government guidelines
Advised application teams on cloud deployment best practices on cloud compliance and governance for computer, network, and storage; consulted on identity and access management (IAM) strategies.
Partnered with enterprise-wide stakeholders and decision-makers on go-no-go decision making on enterprise applications migration.
Slashed access review and attestation process time by 40%+ resulting in fast tracking data center migration
Senior Technology Program Manager, Synacor, Inc., Jan 16 to Dec 17: Spearheaded full-scale security, privacy, and compliance assessments / audits for client infrastructure and application environment during major M&A integration initiative, informing issue / risk remediation strategies for on-premises and cloud platforms.
Led scoping and road mapping for cyber security assessment and remediation services, developing solution which saved client 30% in TCO for high-availability enterprise / cloud monitoring solution.
Forged auditing team to conduct SSAE 16 SOC1, SOC2, and SOC3 attestation; FISMA; FedRamp cloud compliance; HIPAA / HITRUST; and SOX Section 404 audits.
Conducted GDPR legislation applicability and privacy impact analysis, data categorization, and anonymization.
Established infrastructure monitoring team and practice.
Orchestrated pilot program implementation for 200 global users.
Delivered information assurance, risk management / advisory services, penetration testing, vulnerability analysis, phishing and diagnostic testing, identity and access management for Oracle roles, secure application development, and cloud services integration.
Played integral role in Synacor’s win of $100M contract with AT&T, the company’s largest contract ever won.
Delivered ELK stack SIEM with custom parsers for security devices saving several thousand dollars
Technology Program Manager – Information Security & Risk Management, Erie Insurance Group, April 14 to Dec 15: Established and managed $6M information security program to deliver comprehensive enterprise risk management.
Championed, designed, architected, and stood up an end-to-end information security strategy and program—using NIST 800-53 and Top 20 CSC Controls—featuring infrastructure security, third-party risk management (TPRM), mainframe security, enterprise data governance, and secure software development life cycle (SecSDLC) methodology (in CI/CD mode) using Waterfall and Agile. Reported to CIO.
Managed 3 project managers and cross-functional team of 45.
Delivered 50% improvement to enterprise security posture and rolled out key solutions to diverse business units, including Procurement Management, Claims, Billing, Policy Management Systems (PMS), and Legal.
Leveraged Prosci ADKAR model as integral part of Organizational Change Management (OCM) framework.
Rolled out IAM, governance, access management and certification, PIM/PAM, SOD and RBAC, and cloud PKI solutions; overhauled operational security MSSP and drove improved vendor value / service delivery.
Advised on best-practice disaster recovery (DR) / business continuity planning (BCP) strategies and controls.
Partnered with master data management (MDM) team on data classification, ownership, and labeling.
Delivered Federation, SSO, and agent / customer identity design using Tivoli enterprise meta directory, synchronized from Active Directory and MDM.
Sr. Project Manager, New York City Department IT and Telecommunications (DOITT), May 13 to Mar 14: Selected to lead enterprise-scale Microsoft Dynamics Azure CRM project implementation following 7 years’ success managing enterprise-wide IT security programs and infrastructure / data center projects.
Directed “build-it-back” program and implemented DR business solutions following Super Storm Sandy, leading Agile / iterative solutions in MS Dynamics Azure CRM; developed user stories, story points, project estimates, release plans, backlog priorities, budgets, burn rate analyses, and EVM reporting in JIRA.
Developed standard operating procedures (SOPs), quality compliance, and business operationalization solutions from the ground up.
Dramatically simplified business processes to deliver relief to New York city residents during Super Storm Sandy; secured lightning-fast approval from Comptroller to integrate ePayment system with CRM platform and FMS3.
Provided oversight on FISMA controls assessment (800-53/800-53A) for the $60 mil federal block grant program
Managed rapid deployment of diverse CRM modules, including Construction & Inspection, Project Management, RFI, and Choose Your Own Contractor, as well as compliant program withdrawal processes.
Program Manager – IT Security, New York City Department IT and Telecommunications (DOITT), Jun 10 to Mar 13: Directed $11M IT security program and launch of complete IAM solution.
Working in close collaboration with CISO, managed IT security, IAM, multi-site infrastructure, third-party risk management, vendor risk management, SAML/SSO, and federation programs.
Defined all aspects of IAM roadmap, requirements, implementation plan, monitoring processes, compliance controls, data quality guidelines, and non-compliance remediation plans for 65+ city agencies.
Pioneered NYC.ID architecture vision, including reference / process models for high-availability service, federation, AD connector upgrade, and data synchronization across 65+ agencies.
Spearheaded data center consolidation, including capacity, demand, scope, and change management; led transition from engineering to operations, stakeholder communications, issue / risk analysis, and budget / EVM management.
Routinely presented portfolio status of key initiatives and operational metrics to CISO and Deputy Mayor.
Senior Technical Project Manager, New York City Department IT and Telecommunications (DOITT), Jan 07 to Jun 10: Assumed responsibility for $60M in NYCServ2 application and infrastructure stabilization projects.
Managed large-scale development and data center projects, including data center consolidation and all-layer IaaS / PaaS / SaaS solutions; led scope, capacity, demand, change, issue, risk, and stakeholder communications management from concept to implementation, utilizing ITIL best practices.
Mitigated critical PCI DSS security hold in $7B NYCServ2 payment system, saving millions in penalties.
Repaired at-risk relations between IT and Finance while consolidating / centralizing IT functions and infrastructure.
Additional Experience:
Senior Technical Project Manager (Global) Pharma CRO, Jan 2005 to Dec 2006 Dendrite International, Bedminster, NJ
Lead Project Manager (Global) – SOX, Jan 2002 to Dec 2004 KPMG/Baxter Healthcare, Deerfield, IL
Product Manager / Architect – ERP / SCM, Jan 2004 to Dec 2004 Orion System Integrators, Edison, NJ
Manufacturing controls Lead Developer, 1998 to 2000 Rockwell Software, Milwaukee, Wisconsin
Manufacturing Process Control Engineer, 1992 to 1998 Madras Refineries, Ltd., Chennai, India
Education and Credentials
Master of Science in Chemical Engineering Indian Institute of Technology (IIT), Madras, India
Computer-Aided Process Control & Mathematical Modeling Specialization
*PMI Certified PMP *PMI Certified AI in Project Management
* Security + Comptia
Technical Proficiency Highlights
Cloud Computing & Governance: Cloud Deployment Models, Cloud Transition & Governance, ID Federation (SAML, Auth)
Cyber Security: Application Security (OWASP), Network Security, Operational Security, End Point Protection, Defense in Depth, ID&AM (Transmit Security), Federation, Encryption, PKI, RBAC, Penetration Testing, Open Source Intelligence, SIEM, HIDS, NIDS, DLP, Phishing & Social Engineering
Data center migration: Applications, network appliances (CISCO, Palo Alto), Vmware, FirewallsCisco ASA, Gateways(Apigee, API Management), WAF (Akamai),storage etc.
ERM/Compliance: PCI DSS, SOX, FISMA NIST 800-53, 800-30, NIST, COSO 2013, HIPAA, SOC1/2, FedRamp
Global IT Program Management: CMMI, ITIL, Zachman, TOGAF Framework, IEEE 12207, ISO 15288, SWEBOK, SDLC (Waterfall, RUP, Agile, Scrum, Lean, Kaizen, Time Boxed), Change / Risk Management, DR / BCP
My V-blog References of cyber security SIEM and automation that I managed as security product manager.
1.Demo of vulnerability alert to kick start a scanning of the device in tennable.io and capture the incidents and events in AVONE elastic while updating the asset management database with the newly found vulnerabilities in real time. https://www.youtube.com/watch?v=7VqaTfEb9eM
2.Overview-SIEM SOAR Integration - This video gives an overview of the SOAR integration of AVONE Elastic. https://www.youtube.com/watch?v=P54Fm6nXaHM
3.User Entity Behavior Analytics - this video gives an overview of the User behavior analytics and shows how insider threat was identified using AVONE SIEM https://www.youtube.com/watch?v=8sO2_9CsJJs
Contact this candidate