Security Architect

Location:

Fountain Valley, CA

Posted:

May 18, 2025

Contact this candidate

Resume:

BENNY STEPHAN

Email: *****.**@*******.*** Mobile: +1-856-***-**** LinkedIn: www.linkedin.com/in/benny-stephan/

Location: Fountain Valley, CA Availability: Immediate Joiner Open to: All (Onsite/Remote/Hybrid)

SUMMARY

A technical professional with 15+ years of comprehensive experience in Information Security and IT Infrastructure. My expertise spans Information Security Governance, Risk Management and Compliance, Program Management, Incident and Change Management, Vulnerability Management, IT Infrastructure Management, Project Management, and Vendor Management.

I have successfully led IT Security and Infrastructure projects, steering initiatives that not only meet a wide array of objectives but also drive business transformation while upholding operational integrity. My skills extend to planning, designing, implementing, optimizing, transitioning, and managing solutions and services, safeguarding confidentiality, integrity, and availability of corporate assets across various sectors, including technology, automobile, staffing, legal, healthcare, manufacturing, oil and gas industry.

My commitment to continuous learning and embracing innovative systems and processes has significantly contributed to my professional development, alongside fruitful collaborations with industry-leading professionals and technologies. Actively seeking new opportunities, I am eager to contribute my skills to a dynamic organization and engage in meaningful collaborations.

AREA OF EXPERTISE

Information Security & GRC

Conducted Security Data Exchange Assessments, Vendor Risk Assessments, and Architecture Design Reviews for government and private entities.

Developed risk profiles, risk registers, and remediation plans based on NIST CSF and ISO 27001 frameworks.

Built risk response strategies (mitigate, avoid, transfer, accept), and calculated ROI via cost-benefit analysis.

Created internal audit documentation, coordinated with internal/external auditors, and reviewed SOC 2, pen test, and evidence reports.

Designed and enforced information security policies, procedures, and controls across cloud and on-prem environments.

Tools & Frameworks: ISO/IEC 27001, NIST (800-30, 800-34, 800-39, CSF 800-53), CIS Controls, COBIT 2019, HIPAA, GDPR, PCI DSS, ITGC, IT Act, CMMI.

Developed and reviewed gap analysis reports, remediation roadmaps, and weekly risk status updates.

Security Operations

Led SOC activities including real-time monitoring, incident triage, investigation, root cause analysis, containment, and recovery.

Developed and refined incident response workflows, including attack surface reduction, alert correlation, and forensic analysis.

Performed vulnerability scanning and implemented remediation plans using NIST CSF and CIS Controls.

Reviewed and responded to alerts in Microsoft 365 Defender, Microsoft Sentinel, and Trend Micro.

Configured policies to detect malware, ransomware, suspicious sign-ins, and data exfiltration attempts.

Tools & Platforms: SIEM, SOAR, XDR, Microsoft Defender 365, Microsoft Sentinel, Splunk, Nessus, Wireshark, IDS/IPS.

Threat Intelligence: Utilized STRIDE, MITRE ATT&CK, CVE Details, MISP, Virus Total, Talos Intelligence, and US-CERT feeds.

Conducted continuous Security Awareness Training and incident simulations to improve organizational readiness.

Security Engineering & Architecture

Designed Zero Trust Network Access (ZTNA) architecture, segmented VLANs, implemented firewall policies, and configured access controls.

Engineered cloud security architectures using Microsoft Azure, VMware, and Palo Alto firewalls.

Implemented Privileged Identity Management (PIM), MFA, and SAML SSO for SaaS integrations.

Reviewed Cisco Meraki and Palo Alto firewall configurations; enforced content filtering and web access controls.

IAM & Compliance: Configured identity governance, privileged role assignments, and security baselines in Azure AD.

Cryptography & Certificates: Managed TLS/SSL, IPSec, PKI, and encryption protocols including AES, RSA, SHA-2, and PGP.

Configuration Management: Developed baseline policies using Intune and Group Policy for Windows, macOS, iOS, and Android.

Application & Data Security

Integrated security in SDLC, performed secure code and configuration reviews, and enabled DLP in production environments.

Configured and monitored Microsoft Purview policies for email, document, and cloud data protection.

Applied Azure Information Protection (AIP) labels for automated classification and data governance.

Tools: Microsoft Intune, JAMF, BitLocker, File Vault, Azure Rights Management, Microsoft Purview, Symantec DLP.

Configured retention policies, litigation hold, content search, and mailbox audit in Microsoft 365 Compliance Center.

Implemented secure APIs and monitored encryption protocol configurations on SFTP and API endpoints.

Developed detailed data security reports including risk classification, access reviews, and risk mitigation actions.

IT Infrastructure

Designed and deployed infrastructure across multiple locations; configured DNS, DHCP, ADDS, and Group Policies.

Oversaw server upgrades, backup and disaster recovery plans, and AD site replication for domain controllers.

Managed endpoint security, system hardening, and lifecycle patching for Windows Server 2008, 2012, 2016.

Configured VMware environments with HA, DRS, and vMotion; performed P2V conversions and system restores.

Implemented and maintained Trend Micro AV, Duplicati backups, NAS/SAN storage, and Hyper-V/ESXi hosts.

Asset Management: Maintained inventory, tracked software/hardware lifecycle, enforced secure disposal policies.

IT Service Management

Launched and administered Spiceworks IT Helpdesk, implemented SLA-based ticketing, and set escalation metrics.

Reviewed KACE incident trends, patch compliance, and user-generated service requests.

Managed ITIL-aligned operations: incident, change, and configuration management

Tools: Jira, Manage Engine, Spiceworks, TCS iON, KACE.

Oversaw configuration drift and endpoint compliance using Microsoft Intune.

Project Management

Managed security remediation projects, policy implementations, software upgrades, and compliance audits.

Created Gantt charts, project roadmaps, and weekly status reports to track progress and risks.

Tools: Jira, Trello, Microsoft Planner; Methodologies: Agile, Scrum, Waterfall.

Delivered business-critical initiatives across IT, security, and compliance with defined KPIs.

Resource & Vendor Management

Led and mentored teams of implementation consultants, network/system admins, and helpdesk technicians.

Reviewed vendor deliverables, policies, and audits for alignment with enterprise security objectives.

Managed procurement and asset planning, optimized licensing and software utilization.

Coordinated ISMS and HIPAA audit readiness with external partners and service providers.

Leadership & Strategy

Reported directly to the CISO, CIO, and CFO, advising on organizational security posture and strategic planning.

Defined cybersecurity strategy across security operations, GRC, engineering, and end-user support.

Drove enterprise-wide implementation of ISO 27001 and CIS controls.

Aligned security roadmaps with business goals, compliance mandates, and budget constraints.

Facilitated stakeholder engagement, board-level reporting, and cross-department collaboration.

Achievements

PROFESSIONAL CERTIFICATIONS: Certified Information Security Manager (CISM), Cybersecurity Architect Expert, Security Administrator Associate, Microsoft 365 Certified: Fundamentals, EC-Council Certified Security Analyst, VMware Certified Professional - DCV, ITIL Foundation: IT Service Management.

TRAININGS: CISSP, Ethical Hacking, ISO 27001:2013 Lead Auditor, Microsoft Certified Solution Expert (MCSE), Microsoft Azure Administrator Associate, AWS Certified Solution Architect - Associate, Cisco Certified Network Associate (CCNA), Cisco Certified Network Professional (CCNP).

Education

Bachelor’s Degree, Information Technology

University of Mumbai

Work Experience

Information Security Architect April 2024 - Present

Hyundai AutoEver America Fountain Valley, CA

Hyundai AutoEver, a “mobility software provider” that reliably, efficiently, and innovatively supports software and infrastructure across in-car and out-car areas, builds a mobility software platform to flexibly connect hardware and software, and is creating new value for the upcoming mobility ecosystem.

Responsibilities & Key Achievements:

Conducting Security Data Exchange assessment, Security Architecture Design Assessment, and Vendor Risk Assessment of partners and vendors including private companies such as Northrop Grumman Corporation, Overseas Military Sales Corporation (OMSI), Deloitte and government agencies such as U.S. Department of Defense, and U.S. Department of Transportation (National Highway Traffic Safety Administration) for Hyundai Motor America (HMA), Genesis Motor America (GMA), and KIA.

Conducted security assessment triage to evaluate, categorize, and prioritize security risks, establishing the type and scope of assessments based on comprehensive risk analysis.

Reviewed the response provided by the partners and vendors in the security questionnaire.

Reviewed policies, procedures, SOC2 report and pen test report as part of various security assessments.

Analysed SFTP server endpoints, API endpoints, and other data exchange methods highlighting the use of protocols such as TLS1.3, TLS1.2, and TLS1.1, or SSH or other protocols, cipher suites including key exchange algorithm, encryption algorithm, hashing algorithm, with their respective key size, password forward secrecy supported, as well as identifying open ports.

Developed various security assessment reports highlighting the project description, inherent risk, data classification, findings, observations, recommendations, current risk posture, and residual risk.

Developed risk acceptance report for business units to accept the findings(risks) reported in the security assessment report and for not completing the assessment before going live with the project.

Reviewed policies, procedures, and evidence as part of the internal audit and external requirement.

Facilitated meetings with internal and external auditors, and key stakeholders within the organization.

Cyber Security Architect Mar 2023 - Feb 2024

Trinity Envision Business Services Spring, TX

Led security gap analysis and remediation initiatives for end client; identified and prioritized critical security objectives. Analysed scope of work, stakeholder goals, and conducted gap analysis using NIST CSF. Formulated infosec processes, policies, risk registers, incident response strategies, and cost analysis. Communicated findings in security analysis report, developed security roadmap, and implemented security controls.

Responsibilities & Key Achievements:

Reviewed scope of work to understand business requirements and deliverables.

Conducted interviews with key stakeholders to understand organizational objectives such as complying with regulatory and legal requirements, industry standards, reduce cost, protect company reputation and brand.

Conducted gap analysis to identify, assess, categorize, prioritize, respond, and monitor risks using NIST CSF.

Developed risk register with risk ID, risk ranking, impact, likelihood, risk value both qualitative analysis using heat map and quantitative analysis to derive dollar value, risk owner, prevention, and contingency plan.

Developed risk action plan with risk response options such as mitigate, accept, avoid, transfer and share.

Conducted cost benefit analysis to understand return on security investment by calculating the loss before implementing the control, loss after implementing the control, and cost of countermeasures.

Reviewed observations and recommendations from previous security assessment report and VAPT report.

Developed risk profile to show client’s current security state and defined desired security state using NIST CSF.

Developed gap analysis report (initial draft and final report), communicated, and shared with client.

Developed roadmap with recommendations for future security initiatives and improvements.

Developed Remediation project plan and implemented security controls as part of risk mitigation.

Developed weekly status report to communicate progress of ongoing activities and milestones achieved.

Drafted and Reviewed IT Infra and Security policies and procedures.

Evaluated and proposed security solutions and controls after proof-of-concept testing.

Conducted internal testing before deploying to pilot users and subsequently across the entire organization.

Reviewed Zero Trust Network Access (ZTNA) architecture, security rules and configuration on Cisco Meraki firewalls, switches, and access points.

Enforced PIM, Multi-factor Authentication, SSPR and SAML SSO for 3rd party apps in Microsoft Azure AD.

Configured policies to monitor, detect and respond to risky sign ins and risky users in Microsoft Azure AD.

Configured IT Infra and Security configuration and compliance policies in Intune for Windows, iOS, and Android.

Implemented Endpoint, Network, Cloud security, Email, Application, and Information security controls.

Configured policies to monitor, detect and respond to risky sign ins and risky users in Microsoft Azure AD.

Configured IT Infra and Security configuration and compliance policies in Intune for Windows, iOS, and Android.

Implemented Endpoint security, Network Security, Cloud security, email security, application security and Information security controls.

Configured Anti-spam, Anti-malware, Anti-phishing policies, safe links, and safe attachments email threat policies.

Configured retention policies and litigation hold for MS Exchange, SharePoint, One Drive and Microsoft Teams.

Performed content search and mailbox search in Microsoft Purview compliance portal.

Configured Azure information protection labels and policies to discover, classify, protect, and govern emails, documents, and sensitive information using Azure Rights Management.

Configured DLP policies to protect sensitive information, monitored alerts and violations in Microsoft Purview.

Configured policy to protect data from being uploaded to personal instances of your corporate applications.

Configured access policy to block download, cut, copy and print corporate data on non-compliant endpoints.

Configured endpoint security policies such as Microsoft defender firewall policy, Microsoft defender Antivirus policy, EDR policy and Attack surface reduction policy for Windows, macOS, iOS and Android devices.

Configured policy to block access to unsanctioned risky cloud apps and enabled data exfiltration policy.

Reviewed asset inventory, patching, and incidents in KACE IT Helpdesk.

Reviewed incidents and recommendations in Microsoft 365 Defender and Microsoft Sentinel.

Conducted cost analysis of Microsoft Azure and helped client reduce operational cost.

Lead - IT Security May 2021 - Feb 2023

Tata Business Hub Dallas, TX

Led IT Security projects and directed team of security analyst steer various security initiatives to meet a wide array of business objectives to deliver value. Evaluated costs of security measures, managed risks, handled vulnerabilities and incidents. Provided security training, interfaced with business and external partners for infosec requirements and audits. Developed comprehensive risk mitigation plans; implemented and monitored security controls; enforced data protection and compliance standards across platforms.

Responsibilities & Key Achievements:

Reported directly to the Chief Information Security Officer (CISO), providing regular updates on cybersecurity posture, risk management activities, incident handling, and strategic initiatives across Security Operations, GRC, Security Engineering & Architecture, and Application & Data Security.

Provided both strategic leadership and hands-on expertise across core cybersecurity functions, actively collaborating with team members while guiding execution and decision-making.

Actively engaged and Managed SOC activities, incident detection, investigation, and response efforts. Directed SOC teams in monitoring, detection, and incident response, assigning responsibilities based on severity and expertise.

Contributed and Directed initiatives around governance, development and maintenance of security policies, standards, and procedures, risk assessments, regulatory compliance, audits, and enterprise-wide security awareness training while coordinating efforts across GRC functions.

Actively participated and Led Security Engineering & Architecture functions including Security Architecture, Cloud Security, Network Security, Endpoint Security, and Identity and Access Management (IAM) to design secure network and cloud architectures and implement security controls.

Performed risk assessment, categorized, and prioritized risks. Developed action plans to mitigate, transfer, avoid, and accept risks.

Acted as lead liaison for internal and external audits such as ISMS audit, ISNP audit, IFC ITGC audit, Cloud security audit with IT companies, Banks, and Insurance companies.

Performed vulnerability scanning and management of systems and software. Developed mitigation and remediation action plan. Recommended and implemented security controls as per NIST CSF and CIS Controls.

Developed, implemented, logged, and monitored processes, procedures, policies and controls across various environments and attack vectors.

Performed incident management activities to monitor, detect, analyse, investigate and reproduce incidents, contain affected systems, eradicate attacker presence, sanitize, and recover systems.

Conducted internal testing before deploying to pilot users and subsequently across the entire organization.

Implemented Endpoint, Network, Cloud security, Email, Application, and Information security controls.

Configured Anti-spam, Anti-malware, Anti-phishing policies, safe links, and safe attachments email threat policies.

Configured retention policies and litigation hold for MS Exchange, SharePoint, One Drive and Microsoft Teams.

Performed content search and mailbox search in Microsoft Purview compliance portal.

Configured Azure information protection labels and policies to discover, classify, protect, and govern emails, documents, and sensitive information using Azure Rights Management.

Configured DLP policies to protect sensitive information, monitored alerts and violations in Microsoft Purview.

Configured policy to protect sensitive and corporate data from being uploaded to personal instances.

Configured web filtering, content filtering, identifiers, exceptions in Microsoft Defender 365 and NetSkope SWG.

Enforced PIM, Multi-factor Authentication, SSPR and SAML SSO for 3rd party apps in Microsoft Azure AD.

Configured policies to monitor, detect and respond to risky sign ins and risky users in Microsoft Azure AD.

Reviewed existing identities and admin role assignments in Privileged identity management in Azure AD IAM.

Assigned and Revoked admin role assignments in Privileged identity management in Microsoft Azure AD IAM.

Configured policies to monitor, detect and respond to risky sign ins and risky users in Microsoft Azure AD.

Configured policies to detect multiple failed user login attempts, logon from outdated browser and more.

Configured device restriction policies, disk encryption policies, System update policies, and compliance policies.

Configured endpoint security policies such as Microsoft defender firewall policy, Microsoft defender Antivirus policy, EDR policy and ASR policy for Windows, macOS, iOS and Android devices.

Configured policy to monitor and detect malwares and ransomwares, mass file and suspicious email deletion.

Configured policies to block access to unsanctioned risky cloud apps and enabled data exfiltration policy.

Configured client app access policy to block download, cut, copy print corporate data on non-compliant endpoints.

Performed internal audit of user accounts, groups, licenses, and cleanup in Microsoft Exchange Online.

Designed network architecture to setup new offices. Configured Palo Alto firewalls, switches, wireless controllers, and access points.

Engineered and enforced Zero Trust Network Access (ZTNA) architecture with granular, identity-based access controls, segmentation, and least-privilege principles to prevent lateral movement across environments.

Designed and implemented secure network segmentation and routing architectures using IP networking principles, with robust access control policies, including intra-zone, inter-zone, and DMZ firewall rules for internal, external, and partner-facing applications.

Built and maintained DMZ zones to securely host critical services like web servers, application servers, and SFTP, ensuring external accessibility with a minimal attack surface.

Collaborated with application owners to design and troubleshoot firewall rule exceptions and NAT translations for key business systems such as ERP, CRM, and cloud services (e.g., AWS, Azure).

Developed and enforced network security policies, conducted firewall audits, and optimized rule sets to reduce risk and improve traffic flow efficiency.

Implemented and supported site-to-site IPSec VPNs for secure communication with remote offices and third-party vendors, and SSL-based remote access VPNs with identity integration for employees and contractors.

Configured and maintained Palo Alto firewalls in High Availability (HA) mode (Active/Passive) to ensure seamless failover and minimal service interruption.

Deployed and managed Panorama for centralized policy administration, log aggregation, and unified configuration across multiple firewall deployments.

Implemented bandwidth allocation and QoS policies to prioritize business-critical applications (VoIP, video conferencing, SaaS), and applied traffic shaping and rate-limiting to manage congestion and optimize performance.

Enforced Web Content Filtering using URL filtering categories to block non-business or malicious websites and reduce attack surface.

Leveraged App-ID for Application Control to allow, restrict, or monitor usage of applications like Dropbox, Zoom, and BitTorrent, enhancing visibility and minimizing shadow IT.

Applied User-ID based role-based access control (RBAC) by integrating firewall policies with Active Directory for differentiated access across departments.

Enforced Threat Prevention profiles, including Antivirus, Anti-Spyware, Vulnerability Protection, DNS Sinkhole, and File Blocking to proactively block known threats.

Implemented granular data movement controls using data filtering profiles to prevent unauthorized uploads to personal cloud/email, restrict sensitive file downloads, and block risky file types (e.g., .exe, .zip) across network boundaries to protect PII and critical data.

Sr. Manager - IT Infrastructure May 2016 - Apr 2021

Intelliswift Software Inc Newark, CA

Promoted to Senior Manager - IT Infrastructure; steered IT Security and IT Infrastructure initiatives across 7 offices in the US and India. Led a team of System Administrators, Network Security Engineers, and Security Analyst; Evaluated, Designed, implemented, and optimized IT Infrastructure and security solutions, controls, policies, processes, and procedures to manage risks; handled vulnerabilities and incidents. Worked closely with business leaders, stakeholders, 3rd parties to facilitate various technical and security requirements.

Responsibilities & Key Achievements:

Reported directly to the Chief Financial Officer (CFO), providing regular updates on IT infrastructure performance, cybersecurity posture, risk management activities, incident response, and strategic security initiatives.

Oversaw the organization’s IT Infrastructure and IT Service Management, ensuring high availability, secure configurations, and timely support for business-critical systems and end users.

Provided both strategic leadership and hands-on expertise across key cybersecurity functions, collaborating closely with cross-functional teams while guiding project execution, policy enforcement, and technical decision-making.

Managed and actively participated in Security Operations Center (SOC) activities, including real-time threat monitoring, incident detection, investigation, and response; assigned incident handling responsibilities based on severity and team expertise.

Led and contributed to Governance, Risk & Compliance (GRC) initiatives, including the development and maintenance of security policies, standards, and procedures; conducted risk assessments, ensured regulatory compliance, supported audits, and coordinated security awareness training programs.

Directed and engaged in Security Engineering & Architecture, including Cloud Security, Network Security, Endpoint Security, and Identity and Access Management (IAM); played a key role in designing secure network and cloud environments and implementing robust security controls.

Collaborated with business leaders, HR, and procurement team to gather hardware, software, and other requirements for new and existing employees.

Facilitated daily stand-ups within team and stakeholder meetings. Delivered project deliverables within approved timelines and budget. Monitored and tracked KPIs and Key results to measure various project status.

Configured and managed endpoints, servers, virtual machines, firewalls, switches, wireless controllers, Microsoft 365, NAS storage solution, Duplicati Backup solution, Trend Micro AV and more.