Kailash Chander

MBA, AWS, CISM, CISSP, CSM, ITIL, PMP

adi5w3@r.postjobfree.com 407-***-**** www.linkedin.com/in/KailashChanderInfoSecurity

Senior Cybersecurity Consultant and Executive Leader

Strategic and tactical servant security leader who works with boards of directors, executives, and enterprise department heads to develop the security footprint and helps companies get on a secure path to growth. Guides development and engineering teams by building secure development practices and by leading penetration tests. Provides management Cloud planning and transition assistance. Specializes in running impossible to manage programs and deliverables. Counsels startups with development planning and resources to help them build secure products while keeping their costs low. Develops and follows up on tactical level to complete open items.

Strategic enterprise security planning

Third party risk management (TPRM)

Security framework and gap assessment

Cloud security

Governance Risk and Compliance (SOC2, GDPR etc.)

Breach notification process management

Penetration testing and findings remediation

Threat and vulnerability plans

Compliance training

Security program management

Professional Experience

Cyber Security Consultant/Leader Apr 2018 – Current

Security, Privacy and Customer Engagement Manager, TruU.ai

Developed strategy to take TruU through multiple penetration tests fix findings. Led SOC2 Type II compliance report. Built customer engagement processes and project plans from ground up. Developed security white papers and other materials to help with new customer engagements efforts.

Objective and Results: Complete security review of TruU and find and fix security gaps.

1.Completed security gap assessment and created requirements of all open findings.

2.Developed program to track tasks to completion.

3.Got Pen Testing of digital and physical solution completed and fixed the findings.

4.Started Threat and Vulnerability Management (TVM) program in AWS.

5.Wrote many policies, processes and procedure documents

Objective and Results: Build a security, privacy and compliance program.

1.Started SOC2 Type II assessment, selected vendors, completed pre-audit and collected and submitted evidence to the vendor.

2.Started Risk Register and mitigation plan.

3.Started Third Party Risk Assessments program and evaluated vendors.

4.Presented security and compliance to the Board of Directors.

5.Established security operations including AWS alerting from ground up.

6.Completed first ever breach notification Tabletop exercises.

7.Started security and compliance training with KnowBe4.

8.Completed many Third-Party Risk Management (TPRM) assessments.

Objective and Results: Establish Customer Engagement and Consulting practice

1.Created customer engagement/PMO templates and other KPIs.

2.Worked with customers to make sure their implementation projects are successful.

3.Established customer engagement team.

Sr. Cybersecurity Project Manager/Consultant, PG&E, San Francisco, CA

Took over multiyear and multimillion failed effort to migrate from SiteMinder to Ping before I was brought on board. Hands on in one week and turned the program around in 3 months.

1.Restructured the delivery team by reassigning their priorities.

2.Designed brand new project success criteria tracking and KPI collection and reporting metrics.

3.Migrated 18 complex apps in 7 months compared to prior team migration of 7 apps in 30 months.

4.Optimized budget and personnel utilization.

5.Fixed long standing complex technical issues engaging 23 different teams.

6.Worked with Risk and Compliance teams to make sure privacy and security issues are closed.

7.Presented findings and status in front of executive management.

8.Guided Security team to make presentations for PGE Board of Directors requesting additional resources for IT security.

Data Privacy Officer, Stellar Aviation, Burlingame, CA

Led Stellar in achieving their security goals by starting a security program from ground up. Created and implemented many policies, programs and initiatives. Created security white papers.

Objective and Results: Complete security review of Stellar Aviation. Find and fix the gaps.

1.Completed security gap assessment and created requirements to fix all findings.

2.Assigned tasks to teams and their members; tracked them to completion.

3.Fixed hosted app security gaps.

4.Wrote many policies, processes, and procedure documents

Objective and Results: Build a security, privacy, and compliance program.

1.Started Risk Register and mitigation plan.

2.Established security operations including AWS alerting from ground up.

3.Started security and compliance training.

4.Completed many Third-Party Risk Assessments.

Sr. Cybersecurity Project Manager, Symantec, Sunnyvale, CA

Led international team to develop security maturity development processes and tools.

Objective and Results: Increase security maturity of Symantec operations from 2 to 3.5-4.0

1. Established processes and teams to complete business analysis and find product gaps.

2. Drive the project to convert Symantec ATP product to EDR.

3. Complete POC on Security Automation and Orchestration Tool to increase response rate.

4. Provided guidance to technical teams in business and IT including SOC, Splunk, N/W etc.

Cybersecurity Consultant, Capgemini, Pleasanton, CA

Led customer engagements to complete security assessments and bring back failed security initiatives.

Objective and Results: To complete customer security assessments for company divestiture.

1. Worked with business leads to do risk assessment and recommended changes to fix the gaps.

2. Provided onshore analysis and support for ForeScout Decommissioning.

Objective and Results: Bring back failed Threat and Vulnerability Management (TVM) program back on track for merger.

1. Restructured team within a month to provide clear responsibilities and direction.

2. Re-invented identification and mitigation processes to fix the lagging issues.

3. Increased vulnerability fix rate from 5% to 95%.

Sr. Cybersecurity Consultant/Manager, Cyber Security, Wipro, Pleasanton, CA Sep 2015 – Jan 2018

Led most strategic security initiatives to develop and deploy security tools and technologies to grow IT business.

1.Integration of OIM with SailPoint in two different continents consolidating Identity Management for Visa.

2.Migration of SSO from CA SiteMinder to Oracle OAM for 300+ applications for Seagate.

3.Migration of legacy E-Matrix to Enovia 2013 with CATIA V6 co-existence with V5 for Honeywell.

4.AD migration for Mergers and Acquisitions for Honeywell.

5.Enterprise MS PKI design, build, install for Honeywell Automotive, Defense and HealthCare impacting 150,000 international users.

6.Migration of SHA-1 MS PKI to SHA-2 for Lam Research for 10,000+ users. Developed SOC/IRT plan.

Sr. Cybersecurity Project/Program Manager (Contract) Nov 2012 – Jun 2015

Ebay, San Jose, CA

1.Responsible for analysis, project mgmt., security strategy for Marketplace and Corp for InfoSec Data Activity monitoring program for all Oracle and Teradata databases.

2.Worked with onshore offshore teams including Red team to find security gaps and bugs for Oracle/TD.

3.Prioritize security log onboarding to Splunk based on threat matrix per Red Team and GRC PCI findings.

4.Present program facts and direction to executive management including CTO, CISO and VPs.

5.Obtain CAPEX and OPEX finance approvals from various departments for technology initiatives.

Cybersecurity Project/Program Management, HealthNet, Rancho Cordova, CA

1.Responsible for strategy, upgrade and setup of security programs for PUM, NAC, IAM and SIEM.

2.Led product selection workgroups for PUM and NAC. Re designed future state ideal IAM solution with single sign on to reorient enterprise security posture. Also looked at changes from IBM Tivoli to NetIQ.

3.Initiated all the above projects in a highly matrix environment with refined KPI tracking setup.

Sr. Cybersecurity Project Manager, Kaiser Permanente, Pleasanton, CA

1.Led brand new Cyber Threat Detection Center/Security Operations Center project from end to end to design, build and start operations managing physical, infrastructure and IT components.

2.Led teams to develop Charter, SOW, requirements, security design, use case and process development.

Sr. Project Manager, Bank of America, Los Angeles, CA

1.Successfully led program for Architecture and Shared Services (Info Management) consisting of infrastructure planning, application development with Architects, SAs, Modelers, Developers and Testers on a brand new US$35 million, 4 phase, 12 workstream program to convert BofA Home Loans and Legacy Asset Servicing Document Management and related reporting system, consolidating 34 different document repositories and 40+ SORs into one cloud-based IBM P8 Filenet system.

2.Conceived, planned and managed Arch and Shared Services CFPB cross functional GRC compliance reporting project with Onshore and Offshore Development team consisting of 4 different development environments with a budget of US$ 15 million.

Tools/Applications: MS Office, MS Project, Outlook, SharePoint, Clarity, PDWare SQL Server, SQLPlex,

BA/Project Lead, Customer Applications, Las Vegas Sands Corp, Las Vegas, NV Mar 2011 - Jun 2012

1.Timelox System debugging and upgrade bringing open door calls down from 38,000 to 18,000 and reducing offline doors. Worked with an offshore vendor development team to redesign application features.

2.Conexus call Center recording system debugging to avoid $500,000 in cost of new installation.

3.Developed Hotsos database strategic BI Data Warehouse for performance reporting. Analyzed implantation of Hotsos handheld devices for Engineering, Housekeeping and hotel managers.

4.Xtend call transfer system debugging and analyzed Avaya wakeup upgrade option.

5.BarTech system debugging to increase customer satisfaction.

6.Developed/debugged low cost sql server-based DB to run casino operations during LMS upgrade.

7.Debugged Valet application to connect iPods with wireless systems running Windows applications.

Tools/Applications: MS Office, MS Project, Outlook, Timelox, Conexus, Xtend, Hotsos, BarTech, SQL

Service/Design/Project Engineer/Manager, Various Employers in 3 continents Sep 1996 - Aug 2010

Clients and Domains

●Clients: Adtalem/Devry University, BMW, Bank of America, Chrysler, Cognizant, DHL, DHS/FEMA, eBay, Ford, GM, Gilead, HealthNet, Honeywell, Kaiser Permanente, Mercedes Benz, PG&E, PwC, Sands/Venetian, Stanley Black and Decker, Stellar Aviation, Symantec, Union Bank/MUFG, USPS, Wipro, Visa, Volkswagen.

●Business Domains: App dev, Automotive, Aviation, Banking/Finance, Casino gaming, ecommerce, Education, Government, Healthcare, IT Management, Manufacturing, Package handling, Public Utility.

●IT Domains: Application Development, Compliance, Data activity monitoring, Document Management, End-Point Detection and Response (EDR), Governance, Identity and Access Mgmt., LMS, IT Operations, PDM, PLM, PKI, PMO, Privilege Access Mgmt., Risk Mgmt., SaaS, SIEM, Service and Security Mgmt, TVM.

Technologies

1.AWS: IAM, CI/CD, CLI, CloudWatch, EBS, EC2, IAM, Route 53, SSM, S3, VPC

2.CAD/CAM: AutoCAD, Cadkey, CNC, FactoryCAD, Inventor, Unigraphics, CATIA, Enovia, Productstream

3.ERP/Reporting: SAP WM (Warehouse Management), Glovia, Crystal Reports

4.Development Methodologies: Agile, Waterfall, Hybrid

5.Identity Mgmt: AD, OAM, OAAM, OIM, SailPoint, Ping Federate/Access

6.OS/Server Mgmt: Windows, Linux, Virtual Box, Citrix. RDP, Putty, MobaXterm

7.Prog. Lang./DB: DB2, MS Access, Oracle, Objective C, SQLPlex, SQL Server, VB, XCode.

8.Project Mgmt.: Clarity, Daptiv, HP PPM, Jira/Confluence, JustInMind, Nexus, MS Office, MS Project, MS Visio, Primavera, SAP, SharePoint

9.QC/Others: HPQC (Quality Center 11), .Net, iShare ET

10.Security: Archer, CyberArk, Cybersponse, ForeScout, Imperva, ServiceNow, Splunk, Symantec, MS PKI

Education and Certifications

1.Bachelor of Science in Mechanical Engineering (BSME)

2.Master of Business Administration in Information Technology (M.B.A. I.T.)

3.Currently AWS Practitioner Certified

4.Currently Certified Information Security Manager (CISM)

5.Currently Certified Information System Security Professional (CISSP)

6.Currently Certified Scrum Master (CSM)

7.Currently Certified Information Technology Infrastructure Library ITIL V3

8.Currently Certified Project Management Professional (PMP)

Hobbies

1.Martial Arts student and instructor

2.Fixing and designing new mechanical things. Figuring out unsolvable problems.

Contact this candidate