T M Ajith Kumar Email and Phone Number

GRC (Governance, Risk, Compliance) & Service Delivery• Published the project plan and established partnering for implementation of RBAC and GRC solutions – OpenIAM etc.• Established KPIs for the project delivery within agreed time, scope and cost.• Worked closely with Infra team within 1st and 2nd Line of Defense (LOD) to ensure the IT General Controls (ITGC), financial, operational, compliance is commensurate with defined risk appetite and tolerances. • Leading corrective action plans for mitigating audit observations and execute security project to refine process.• Conducting routine Risk and Control Self-Assessment (RCSA) to identify and evaluate the effectiveness of key operation risk, policies/ processes, reporting/control monitoring requirements ensuring continuous improvement risk management. Documenting exception and acceptances via RACI model. • Lead/Support Business Continuity / Disaster Recovery–documentation, runbook, preparedness, mock testing collaborating with business. This also involved extensive study on BCP, DR and IR readiness at the global level.• Conducting global supplier (Third party) criticality review, KYC, Onboarding, Due Diligence (SDD, EDD, ODD) and sustainability of annual reviewing via Coupa tool.• Executed global cloud governance check (basing STAR framework) and published the report (against IDAM cloud security) with observations and for process improvement.

• Managing a security team (25+) and overseeing their career growth, grooming, performance evaluations and attrition.• Engaging with stakeholders and clients to comprehend the scope of work, while conducting a thorough bottom-up analysis to determine the FTE capacity and establish delivery expectations through internal upskilling or by recruiting.• Resource management based on the bandwidth and workflow analysis, ensuring appropriate skilled resources are aligned to deliver departmental objectives.• Driving corrective action plans for mitigating audit observations and execute security project plan to refine process.• Refining the IS policy and standards across the Secondary Controls (Audit & Compliance).• Worked within 1st Line of defense (FLOD) to develop policies and procedures against the NIST-CSF at enterprise and divisional levels.• Performed periodic Risk and Control Self-Assessment (RCSA) to validate the IT General Controls (ITGC), regulatory compliance requirements, policies, procedures and exceptions.• Overseen the objectives, strategies of more than 55 clients and their alignment with IBM's business goals. • Delivered a comprehensive technical remediation analysis, defect prevention measures and identifying opportunities to reduce risk via developing the program (RCA) to fix the root cause.• Overseeing periodic review of existing compliance activities and security controls (Control Points: QEV, CBN, PRIV, SHID, PAR), documenting gaps (threat letter) etc. and hunting for service improvements opportunities.• Lead the security programs and project plan, transitions (Bigfix, Ansible, subsystem migration). • Lead NJR (New Joiner Readiness) certification and required risk, compliance-based training sessions.• Assured the dissemination of best practices within the pool through Tech Talks and group discussions.• Applied problem solving techniques to diagnose problem and develop action plans to overcome undesirable situations.

Project: The Royal Bank of Scotland• Managed a team of 14+ members, which encompasses performance management, KPIs, and defining objectives etc. Providing regular coaching and feedback for their growth, also for expanding team’s capabilities.• Contributed subject matter expertise in logical access management, information security, issue & risk management, as well as audit readiness and compliance.• Published scorecards on a monthly basis according to the timelines set by leadership, focusing on effective performance management inclusive of recognizing and rewarding high achievers.• Published “Time and Material” data for client invoicing.• Transition engagement with RBS stakeholders and providing security recommendation during onboarding of new platform/application systems to Wipro, ensuring compliance with IT security policies and group standards.• Performed periodic compliance review to existing procedures/processes, document and address the identified risk.• Ensured all requests and changes are conducted in accordance with agreed service standards [SLA] and Key Metrics formulation, adhering to the defined procedure and approved security matrix (RBAC).• Maintaining the security domain administration of the Bank’s databases and application systems.• Ensuring DR/BCP readiness are maintained at alternative site.

Project: The Royal Bank of Scotland Group • Domain & SSO activities – Creating user, generic account e.g., admin, Kiosk, service and AD functional groups. • Performed user/identity access management via Microsoft Exchange Server 2007 and share drive access (clustered and non-clustered drives) adhering to RBAC instruction.

Application Security Request Management (ASRM) - Security Operations• Lead the team as senior technician and ensured the assigned requests are conducted within SLA, adhering to approved procedure and security matrices.• Defined steps involved in capturing the required field in ticket logs and documentation.• Reviewing security-related access rights and administer access to the Bank’s databases and application systems.• Performed access administration operation for ID/profile creation/modification/deletion, password resets/ unlock/ session clearing and user list generation – Data Set.• Defining, modification of the security matrix as per new requirements.• Handling 760+ application (Mainframe, Citrix and console based) by using the ticketing tool (Remedy ARC, BMC, SNOW) and incident Management (L2 Support).

Project: Netgear Project Handling escalation calls and providing resolution while maintaining the AHT.Guiding and training team as senior technician and conducting mock call to the new joiners. Demonstrated the ability to communicate technical assistance in an accessible manner to non-technical client.Researching, diagnosing, troubleshooting Netgear SOHO wired/wireless router, wireless adapter, storage devices.Enforcing the defined standard process via co-ordinate work between teams across geographies.