RAVINDRANATH RAO

Cell: 603-***-**** Email: adlan2@r.postjobfree.com

CAREER SUMMARY

IT Management professional with 20+ years of experience developing, leading and managing strategic programs globally. Wide ranging expertise in Enterprise Risk Management, IT Security, Cloud Security, Resiliency, Regulatory & Compliance audits, Vendor Contracts & Management, Enterprise Application & Network Architecture. Achieved strong business results by working closely with IT SLT and Business leadership teams. Strong strategic leader with excellent analytical, communication and presentation skills. Key areas of Expertise

• Risk Management

• IT Security & Governance

• Client/Vendor Contract

Negotiation

• Dev-Ops Engineering

• Project & Program

Management

• Resource Management

• Virtual / Offshore Resource

Management

• Cross Functional

• Oracle ERP & DB

• Team Leadership

& Mentoring

• Alliance Development

• SWOT Analysis

• BCP

• Disaster Recovery

• Crisis Management

• Enterprise Resiliency

• Controls & Authentication

• Vulnerability & Threat

Management

• Strategic Technology

Planning, Policies

• Business Process

• External Reporting

• Cloud Security, Cloud

Visibility & Monitoring

• Solutions Architect

• Change Management

• ISO,SOX,COBIT,FISMA

NIST,HIPPA,PII,HITRUST

• Data Protection/DLP

• ISO/ IE 27001-2013

PROFESSIONAL EXPERIENCE

Aastha Amdc LLC 2019 Jan – Present

Senior Project/Program Manager

Responsible for the IT Program & Project management & oversee all operational aspects of APPS interface, middleware, database, security,compliance & working with the project stake holders from initial setup, execution, control & closure of projects .

• Establish and execute security risk assessment program as an IT security program manager for client Healthcare in implementing Data encryption, Data masking, Audit vaulting in protecting PHI as part of HIPPA compliance.

• Responsible for project oversight, governance, and status reporting using the approved IT methodology

• Manage the cross-functional teams, stakeholders implementing the technology, which involves multiple components, interfaces and groups.

• Partnered with the development team on scenario design, engineering tradeoffs, release planning and high - quality, predictable delivery.

• Collaborated with technical teams to assess security state and provide security guidance

• Raise accountability; escalate issues in a timely manner and create and maintain detailed Project Plans.

• Monitored ongoing service management to ensure compliance with SLAs and performance commitments. Also participated with incident and problem management teams in resolving key issues.

• Define KPIs, establish and execute on plans for improving those KPIs.

• Develop and review processes, policies, procedures, and standards, guidelines to improve accuracy, agility and efficiency of operations.

•Establish and maintain a close working relationship with customer technical staff excellent working relationships with customer and all partners.

• Actively manage programs and/or project portfolio, provide consistent program status and progress against objectives.

Resume of Ravindranath Rao (2)

• Assist management to develop the strategy for the future direction of the Information Security Management System.

Open Text: 2018 May –Dec 2018

Senior Manager, Cloud security for Managed services, IT risk, Assurance and governance. Responsible for cloud customer and advice in the area of risk management, compliance framework with NIST, ISO 27000-2013,

•Advice internal team as part of the compliance & governance for financial and other customers related to GDPR, PCI DSS, GLBA and SOC.

Data Privacy and GDPR Compliance (DPIA and Privacy by Design)

•Created a road map to perform GDPR compliance. Provided guidance and advice to comply with US and European Privacy and GDPR requirements.

•Created privacy requirement questionnaire and DPIA process to Conduct data protection impact assessment, privacy security breach notification etc.

•Prepared companies to comply for with GDPR requirements including securing and protecting personal, privacy data and security breach notifications etc. Located personal data using data flow diagrams minimize the data and keep the data for shortest time.

•Identify privacy risks, assess the design of processes, test processes and related controls, detail exceptions, working with technology owners to identify solutions, promoting solutions to management, and overseeing remediation for compliance-related processes such as SOX 404, PCI, GDPR, or other state and federal regulatory and business client and contractual requirements. Created data privacy by design or data protection by design (ie.,locate, protect and compliant with GDPR ) and continuously reviewed and updated data protection measures.

•Created and conducted data protection impact assessment (DPIA) process to identify, understand and mitigate the risks while developing new solutions or software that involve personal data. Created security incident response plan and procedures to identify. ORACLE CORPORATION, Redwood Shores, CA 2013–Aug 2017 Senior Manager, Enterprise Risk & Security ( Apr 2013- Aug 2017) Responsible for Risk Management program resulting in development of consistent risk assessment processes based on ISO27001/2, NIST, DoD Cloud SRG, CSA, and risk remediation & tracking. Developed a comprehensive Risk Register (dashboard) that is presented quarterly in Board of Directors (BoD) meeting.

• Manage Information Security Risk Management and Business Resiliency teams. Provide strategic guidance and ensure the continued survival of the business through effective risk awareness and mitigation, as well as continuous improvement Oracle’s resiliency readiness.

• Current responsibilities include working with strategic IT partners on Anti-Virus, Vulnerability Mgmt, System hardening, and Cyber Defense. Interface with Security Operations Center (SOC) and Oracle ERP.

• Closely collaborate with Corporate Audit Service team in assessing Suppliers, Country locations, and Key business functions.

ORACLE CORPORATION

Manager, Enterprise Risk & Security (Apr 2006 – March 2013) 2006– 2013

• Established Risk Assessment processes, based on ISO 27001/2, CSA & NIST CSF. Conducted Risk and Compliance Assessments of third Party service providers to identify and mitigate risks prior to formal contractual engagement.

• Developed comprehensive Information Security Requirements from existing corporate security polices

• Provided strategic guidance on Application security. Instrumental in deploying Oracle security products like ASO/TDE for data encryption, Data masking, DB Vault and Audit Vault across R12 ERP apps on a 5 million dollar project.

• Core member of IT contract negotiation team. Successfully negotiated a multi-year Infrastructure Services contract and Application Managed Services contracts with two large strategic IT partners.

• Successfully managed global Web Application vulnerability assessment program to identify and remediate Web App vulnerabilities based on OWASP. Program led to “Zero” major incidents of breach or compromise.

• Successfully integrated “Enterprise Security Application Framework” into existing SDLC processes, enabling teams to focus on building secure applications.

Resume of Ravindranath Rao (3)

• Represented eBiz organization in ITIL and IT activities in the areas of Configuration & Change management. Lead the team in defining Business Continuity and DR strategy for business platforms

• Key member of several key IT initiatives providing technical, security guidance and delivering on-time solutions in to secure company's bottom line. Achieved estimated annual IT cost savings of $2M - $3M.

• Collaborated with key business and IT leaders to develop security policies, configuration standards (NIST), guidelines and procedures to ensure the confidentiality, integrity, and availability based on frameworks: COSO, ISO 27001, ISMS, COBIT, OWASP, SANS, ITIL, 21 CFR Part 11.

• Managed large security, risk and compliance initiatives for PCI DSS, SOX Audit, Enterprise Risk Management (IT Governance), HIPAA Compliance, FISMA, SAS/70/SCO 1& 3 and ISO 27001 –Information Security Management Systems (ISMS) frameworks

• Created third party vendor management programs and conducted third party risk assessments. Managed and Implemented Several Key IT Security Projects:

• Provided on-going leadership to expand IT security posture and implemented new technologies,tools and processes including Network Segmentation, Business Continuity & Discovery Recovery Plan; Arc Sight, Splunk (SIEM); Identity and Access Management(IAM), Vulnerability and Threat management; Security Patch Management, Security Configuration Standards, Encryption and Key Management, Data Loss Prevention; File Integrity Monitoring; Integration of Security into SDLC Process; Web Application Security Testing; Web Application Firewall, FireEye.

Gap Assessment & SOX IT Audit, HIPAA, PCI DSS, ISO 27001, SAS70/ SOC 1, 2 and 3 Audit:

• Managed and conduct several gap assessments (SOX 404, PCI DSS, HIPAA, SOC 1-3), evaluated design, and operational effectiveness of policies, processes, standards and controls. Key Risk Indicators (KRIs) and Security Metrics for Enterprise Risk Committee

• Created key risk indicators (KRIs) and security metrics for “Enterprise Risk Committee” in order to identify the security threats based on five key categories (enterprise systems applications, internal network, and perimeter network and endpoint systems)

Oracle Advanced Product Services, Nashua, NH 2001–2006 Team Lead/Advisory Principal Support Engineer (Feb 2001- March 2006)

• Directed HRMS, Payroll, Benefits Upgrade (Fidelity Inc.) & CRM implementations at Xerox and Ikon. Led 6 associates in implementing CRM application for Xerox account.

• Assisted in interviewing candidates for advanced product services and conducted trend analysis

• Published metric and exceptions reports identifying root cause and providing guidance to upper management on future deployment strategies. Troubleshot technical issues with RDBMS and Oracle E-business.

• Managed upgrade and implementation of Fidelity Inc. Resolved reactive, functional, and technical issues including HRMS APIs, performance tuning, forms, XML, and tech-stacks. Applied Database application patches, Security patches as APPSDBA/DBA. Mentored new fidelity support team members. 1993 –2000 Several roles as Oracle Developer, Senior Business Analyst and Programmer Analyst EDUCATION

• 1991-92 MBA Jackson State University MS, USA

• 1984-87 CWA, Cost Accounting Institute of Cost & Works Accounting, India

• 1979-83 B.S. Accounting & Administration Bangalore University, India Key Certifications & Training

• CISSP (Computer Information System Security Professional (ISC2)

• IT Lead Auditor IRCA Certified ISO/IEC 27001:2013

• CEH (Certified Ethical Hacking)

• Project Management Professional, Project Management Institute (PMI).

• Devops Certified from DASA,Agile, Scrum methodology

• ITIL Foundation V2 Certificate, CSME.

• Oracle Certified Professional (OCP DBA – SQL & PLSQL), Oracle 12c,11g,10g

• MS Office, MS Project Project, Primavera, RSA Archer, Oracle projects, AWS, Tableau

• OS Windows, Linux, Solaris

• Big Data from MIT Digital Programs

• Cybersecurity: Technology, Application & Policy from MIT Digital Programs Resume of Ravindranath Rao (4)

• Attended Cloud security course i.e, (CCSP)with ISC2. Org for 40 CPE credit hours.

• Certified Advanced Cloud Security Auditing for CSA STAR from CSA

Contact this candidate