• Performing complete 360-degree checklist on application and infrastructure using Beyond Trust, Cortex, AWS Security Groups, NACLs, Palo Alto PRISMA Cloud for CSPM, Beyond Trust Integration, Cortex SIEM integration, VAPT, Fortanix KMS, Fortify SAST and Synopsys BlackDuck SCA and sensitive data discovery etc.• Performed risk assessment based on NIST-53 framework questionnaire. Also, conduct based on assessment on SaaS and PaaS using CSA’s Cloud control matrix. I developed a questionnaire for both PaaS and SaaS based on CCM Questionnaire.• Created a threat model based on the architecture diagram and use case of the application provided by the App Owner using Microsoft Threat Modeling tool based on STRIDE methodology.• Conducted detailed risk assessment on all cloud applications hosted in AWS, GCP and Azure based on NIST CSF framework within Wipro’s Tenant.• Received Iron man award from Wipro on Cloud Security consulting and services for helping and supporting teams in deploying applications by following strict timelines and delivery for deploying applications in Azure environment.

• Worked as a risk consultant for business applications and helped Wipro deploy 100+ applications in customer environments per week as part of cloud migration.• I created the Azure Landing Zone architecture for the Azure Migration project with close coordination with other cloud architects based on the Azure Cloud Adoption Framework (CAF). I was the person who signed off on the Hub and Spoke model regarding security, risk, and privacy requirements. • Supported and coordinated with project managers to create architecture models for cloud migration project. Also discussed with application owners were elaborate activities, for important decisions and trade-offs, thereby ensuring successful migration outcomes.• I was part of cloud security architecture team for almost 200+ applications and conducted security reviews on all applications planned for migration. I was instrumental in bringing the number of risks over 500 to 22 at the time of cloud migration completion. • I was also the primary contact for CSPM using Wiz.io. Also, I worked on SASE Solution (Prisma SASE) during the application and infrastructure governance.• Working as ITGC Test Lead for SOX Control Testing for the Germany region within the customer environment. SOX Audit conducted controls and attributes related to Username and Password Testing, Creation, Modification and Deletion (Onboarding, Offboarding and Modifications) of users’ accounts and program management.• Also supported the client on User access review for North America region. There were AS400 accounts which had to be removed as part of SOX Audits. The customer has a proprietary tool which helps in performing the User access review by sending reminders to the corresponding managers.• Received Victory league award from customer and Wipro for delivering SOX audits and reports to the customer. Also, supported audits with Deloitte as part of SOX audit with Manpower Group.

• I created the Azure Landing Zone architecture for the Azure Migration project with close coordination with other cloud architects based on the Azure Cloud Adoption Framework (CAF). I was the person who signed off on the Hub and Spoke model regarding security, risk, and privacy requirements. • I was part of cloud security architecture team for almost 200+ applications and conducted security reviews on all applications planned for migration. I was instrumental in bringing the number of risks over 500 to 22 at the time of cloud migration completion. • Acted as single-point of accountability for cloud-migration project throughout the lifecycle and support Security governance activities.• I was also part of the Change Advisory Board (CAB) and Architecture Review Board with the client when any security updates were critical.• I was also the primary contact for CSPM using Wiz.io. Also, I worked on SASE Solution (Prisma SASE) during the application and infrastructure governance.• Working as ITGC Test Lead for SOX Control Testing for the Germany region within the customer environment. SOX Audit conducted controls and attributes related to Username and Password Testing, Creation, Modification and Deletion (Onboarding, Offboarding and Modifications) of users’ accounts and program management.• Also supported the client on User access review for North America region. There were AS400 accounts which had to be removed as part of SOX Audits. The customer has a proprietary tool which helps in performing the User access review by sending reminders to the corresponding managers.• Received Victory league award from customer and Wipro for delivering SOX audits and reports to the customer. Also, supported audits with Deloitte as part of SOX audit with Manpower Group.

Led a team of security engineers, implementing secure lifecycle and providing security services for Bristol Myers Squibb (BMS) including Project Security Review (PSR), Project Security demands (PSD), Security Risk Assessment (SRA), User Access Review (UAR) and Application Vulnerability Assessment (AVA) . Additional key responsibilities and accomplishments:  Successfully led the migration/conversion of 4000+ applications, from RSAM 8.0 to RSAM 9.2 version and automated GRC processes, enabling enhanced user experience and operational cost reduction. Provided RSAM GRC administration including maintenance, implementation, and change management. Served as the “go to person” for user support and training. Converted business requirements to technical design and worked with vendors to resolve issues and implement enhancements.  Performed security review for AWS and Azure based applications, ensuring security controls and policies are met, creating gap analysis reports, and providing recommendations for remediations.  Provided training and mentoring and created how-to documentation on AWS Security services and tools. Reviewed project security plans, security gap analysis, remediation reports, created monthly summary reports and facilitated architectural discussions and management review meetings.  Created best practices, procedures and standards related to information security domains such as audit and compliance, threat and vulnerability management, Identity Access Management, and cloud specific security policies. Performed vulnerability assessment and API security testing on 400+ applications/year.  Led project security demand, performing RFP and RFQ on all production applications, meeting strict SLAs. Automated quarterly user access review utilizing client proprietary tool for IAM to implement risk and RBAC model.

Provided application/infrastructure security consulting and management to support large-scale projects, including internal data center audits, vulnerability assessment/penetration testing and secure code reviews. List of clients/ business partners include: Ernst & Young, RBF, Knowledge Universe, OP-PATO and Polo, Melbourne WaterAdditional key responsibilities and accomplishments: Successfully performed secure code review for 500 applications, received CGI high performer award. As part of secure SDLC, collaborated with development teams to design security controls and cloud operation team to identify root cause and resolve production issues in a timely manner. Successfully performed SOX (Sarbanes-Oxley) internal audits on CGI internal finance applications, verified implemented controls and presented compliance reports to management to minimize external audit deviations found by Ernst & Young. Collaborated with business units to perform infrastructure vulnerability assessment utilizing Qualys Guard, generated reports and provided leadership with actionable recommendations for remediation. Managed Symantec Endpoint Protection solution for 100,000 endpoints, including incident management, vendor escalation, management reporting, and providing architecture improvement recommendations for efficient engine updates delivery and virus definitions. Received client recognitions which led to business growth. Performed secure code review of source codes utilizing Checkmarx with alignment to Secure SDLC process. Worked effectively with clients and project teams to ensure remediations are implemented and target go-live dates are met.

These were the tasks performed by me in TCS Chennai as Risk Manager for BFS Account(Deluxe Corporation).• Conducting Risk Awareness Session for the employees.• Overall BCP plan for the client.• Conducting Alternate Site testing.• BCP creation and Documenting.• Maintaining Monthly Risk Tracker and Closing the Issue.• Active Participation in Security Audits and Client audits.• Worked on User Access Management using Tivoli Identity Manager. Access was revoked whenever the user left the project or Organization from Tivoli Identity Manager or through Lotus Notes.• Knowledge about Firewalls, Routers, Patches, Switches, Antivirus update.• Conducting Component Level tests like – Fire drill, Transport Failure, Power failure, Structured Walk through test, Call Tree test, Desktop Failure test, etc.• Co-ordinate and organize periodic training for TCS team on compliance with Information Security policies.• Participating in IS Audit for other Clients in BFS2 based on Basel Requirements.• Worked on Audits related to HR Controls, Logical access Management, Physical access to members, BCP/DR test needs to be conducted annually. Verifying, if projects have completed the BCP Drill based on the Annual calendar of respective projects.• Also verified, if the projects have an asset register in place and also risk register is maintained.• Co-ordinate and assist in complying with the Information Security program committed to in the Master Service Agreement.• Performed Vulnerability Assessment using Nessus.• Create network & system hardening guidelines and procedures;• Create hardening solutions;• Update Information Security Reporting and KPIs.I worked as a Project Manager handling an account for General Motors in TCS, Chennai

Taking classes on Low Power Design and Testing of VLSI Circuits for ME VLSI Design Students Handling projects for last semester and setting up the VLSI Lab in Electronics and Communication Department.

Worked as Trainer on Mainframe and VLSI Design.