Risk Management Information Security
Resume:
Jayanth Panuganti
Irvine, CA ***** *********@*****.***
Professional Summary
Senior IT Compliance and Risk Management professional with 20+ years of experience designing and operationalizing enterprise security and governance programs. Demonstrated expertise in aligning cybersecurity and compliance initiatives with regulatory frameworks (SOX ITGC, ISO 27001, NIST 800-171) and enterprise risk posture. Proven ability to architect and implement scalable controls across hybrid environments and drive alignment across technical, business, and legal stakeholders during audits, assessments, and risk mitigation efforts.
Key Highlights:
Designed and executed compliance frameworks across cloud (AWS, Azure) and on-premises systems
Directed internal audits, risk assessments, and remediation plans aligned with industry standards
Led third-party risk management and vendor security review processes for global environments
Extensive experience with GRC platforms, policy lifecycle management, and control automation
Professional Experience
OSI Digital/ Hyundai Capital America
Information Security Manager July 2020-Current
Support the implementation and maintenance of the GRC framework and risk management processes.
Implement Application security controls for loan processing applications integrated with external vendor applications
Monitor compliance with internal policies, external regulations, and industry standards.
Conduct risk assessments, control reviews, and document findings and remediation plans.
Collaborate with IT, security, legal, and business teams to manage and remediate identified risks.
Assist in audits and regulatory assessments, including preparing evidence and responses to findings.
Implement incident management procedures in maintaining Service Level Agreements (SLAs) for complex, mission-critical applications
Develop comprehensive budget plans for capital expenditure, and Operations expenses including Hardware, software licensing costs.
Maintain GRC platforms (RSA Archer, ServiceNow GRC) for tracking issues, risks, and controls.
Develop, manage, and maintain the IT compliance and risk management framework, policies, and procedures.
Manage and maintain enterprise compliance initiatives to meet and sustain regulatory and industry standards such as SOC 2, type 1 and reports, HIPAA, PCI DSS, GDPR, ISO 27001, and NIST 800-53, mitigating risk and strengthening organizational resilience.
Manage and mature the organization’s GRC platform (e.g., RSA Archer,) to track risks, controls, compliance status, and reporting.
Led a global cross-functional team of 6 security/compliance analysts and engineers across North America and APAC, to meet compliance requirements
Provide Information security recommendations, proof of concept services for startup companies
Provide oversight for the vendor risk management program, including third-party security assessments and due diligence reviews.
Create executive-level reports and dashboards to communicate the state of IT risk and compliance programs.
Collaborated with IT and compliance teams to embed security controls into the organizational change management lifecycle, supporting successful security audits and governance reviews
Prime Healthcare July 2016- June 2020
Security Governance Manager
Lead end-to-end management of security-related projects including risk assessments, audits, vulnerability management, IAM (identity and access management), and incident response preparedness.
Develop and maintain detailed Audit plans, timelines, resource assignments
Develop budget forecast plans for information security department capital and operational costs
Led customer-facing security audits, acting as the primary point of contact for external clients during compliance assessments
Collaborate with cybersecurity, IT, compliance, legal, and business stakeholders to define project scope and deliverables.
Track project performance using appropriate tools and techniques; report on key metrics and risk indicators.
Interfaced directly with enterprise customers during audit engagements to address security concerns, explain control frameworks, and demonstrate compliance posture
Identify project risks and mitigation strategies to ensure successful execution.
Coordinate vendor relationships and third-party assessments as needed.
Facilitate project meetings, documentation, and communication across teams.
St Joseph Health System March 2013-July 2016
Security Governance Manager
Led the development and implementation of enterprise-wide information security policies and standards programs aligned with industry’s best practices and regulatory requirements.
Tracked and managed security assessments, threat assessment program initiatives, and remediation progress to ensure risk reduction and compliance.
Designed and implemented an application security program, including the development of meaningful use metrics that were tracked, trended, and routinely reported to senior management and governance bodies.
Generate budget plans for security solutions deployed across enterprise for each business units
Collaborated with stakeholders and IT leadership to embed security requirements into all phases of system/software/hardware due diligence, acquisition, development, and deployment—ensuring requirements were addressed, architected, and documented from the outset.
Customized and managed the RSA Archer GRC platform to identify, track, and mitigate enterprise risk across multiple domains.
Led the design and deployment of secure external-facing web and mobile applications, ensuring alignment with organizational security architecture and compliance requirements.
Directed cybersecurity incident response efforts, including investigation, containment, remediation, and reporting to appropriate security governance teams with a focus on continuous improvement.
Delivered application security metrics and reports to senior executives to help monitor, assess, and enhance the organization’s application security posture.
Managed third-party vendor security assessments, including scoping, risk analysis, gap identification, remediation planning, and contract compliance.
Toyota Financial Services Torrance, CA Mar 2012 – Jan 2013
Technical Lead -Projects
Designed and executed a deployment plan for IBM QRadar SIEM to collect and normalize log data from diverse enterprise sources.
Led requirements gathering and implemented technical solutions to support compliance initiatives, including GRC and SOX mandates.
Architected and documented global information security control programs to meet evolving regulatory and organizational requirements.
Configured and optimized McAfee ePolicy Orchestrator (ePO) for enterprise vulnerability management and endpoint protection.
Provided advanced support and troubleshooting for McAfee Endpoint Encryption Level 3 issues across user endpoints.
Deployed cloud-based event log management solutions across multiple North American business units, ensuring scalable and compliant log retention.
Conducted internal and external application/system security risk assessments, delivering actionable mitigation strategies.
Evaluated and recommended cloud-based vulnerability management tools in alignment with security architecture and business needs.
Southern California Edison, La Palma CA Jan 2011 – Mar 2012
Technical Project Manager
Conduct internal assessments and provide comprehensive plan to secure enterprise data.
Conduct risk assessments, prioritize business needs and provide technical solutions to mitigate risks
Configure ArcSight security event log management system and extracted data from Windows, UNIX, and network devices to support compliance.
Configure McAfee ePO to support enterprise vulnerability management program
Conduct penetration testing and document results
Develop data identification and classification process for multiple teams.
Work with multiple vendor products and provide security requirements to meet enterprise and compliance needs.
Provide incident security operations support, generate initial assessment report for management
Brocade Communications, San Jose, CA May 2010 – Dec 2010
Senior Security Analyst
Work with a technical architecture team and provide security requirements for business applications
Work with an incident response team and document escalation process to protect enterprise data.
Conduct SOX ITGC reviews, documents issues, and mitigation plans.
Configure security polices for Mobile Iron Mobile Device management appliance to protect mobile user data.
Develop presentation and workflow process documents for management review
Manage multiple security projects simultaneously to support departmental goals.
Participate in campus wireless penetration testing review analysis.
Perform security risk assessment to support the enterprise governance.
Develop security awareness documentation for new hires
Amedisys Home Health Services, Baton Rouge, LA Jul 2009 – May 2010
Senior Security Analyst
Draft logical architectural models with a focus on establishing security standards.
Work with vendor products and provide recommendations to support the enterprise security policy.
Implement GRC solution to support home health care requirements
Participate in data protection and incident response teams and identify escalation process.
Review ITGC controls and support SOX compliance requirements.
Review Verify card holder data environment and provide protection controls to mitigate risk.
Configured ArcSight log management server to support incident management policy.
Project manager for the deployment of McAfee endpoint whole disk encryption software on 20,000 workstations.
Create security standards for infrastructure and applications.
Review enterprise authentication and authorization model and recommended layered security approach
Toyota Motor Sales, Torrance, CA Jan 2007 – Apr 2009
Senior Security Analyst
Conduct vulnerability assessments on operating systems (AIX, Linux, Windows, Cisco IOS), network infrastructure (firewalls, routers, and switches), and web-based applications.
Worked with (FIRM) Fundamental Information Risk Management program in evaluating enterprise risks
Worked on Risk management program, developed risk mitigation and escalation process.
Configure Source fire IDS devices and developed escalation process
Work with network and application administrators to support PCI compliance requirements.
Meet with vendors to identify products that best matched business and technical requirements.
Implement endpoint security solution to mitigate data leakage.
Develop security hardening techniques for web application infrastructure
ACC Capital Holding Corporation, Orange, CA Mar 2006 – Jan 2007
Senior Security Consultant
Jefferson Wells, Chicago, IL Jan 2006 – Mar 2006
Senior Security Analyst
Midwest ISO, Carmel, IN May 2005 – Dec 2005
Senior IT Security Consultant
State Farm Insurance, Bloomington, IL Mar 2002 – May 2005
Senior Security Administrator
General Electric, Southfield, MI Mar 1999 – Mar 2002
Network Administrator
Metamor Global Solutions, Ltd., India Mar 1997 – Feb 1999
Network Administrator
Accura Technologies, Ltd., India Nov 1994 – Feb 1997
Server Administrator
EDUCATION & CERTIFICATIONS
Bachelor of Engineering – Electronics & Communication Engineering; Poona University, India
Certified Information Systems Security Professional (CISSP)
Cisco Certified Network Professional (CCNP),
Microsoft Certified Systems Engineer (MCSE)
Contact this candidate