Home

Saravana kumar Murugesan - Cyeber security Manager

[email protected]

Location: Houston, Texas, USA

Relocation:

Visa: H1B

Resume file: Sarav Murugesan _ CyberSecurity_1763048959355.docx Please check the file(s) for viruses. Files are checked manually and then made available for download.

Saravana Kumar Murugesan (SARAV) Email: [email protected] LinkedIn Current Location: Austin, TX Mob: +1 480 740 4355 Results-driven Senior Manager of Information Security with a strong background in customer security, seeking a challenging role to apply my expertise in implementing robust security programs and measures. Committed to safeguarding customer data and enhancing information security, I aim to contribute to an organization s success by ensuring the highest protection and compliance standards. SUMMARY OF QUALIFICATION 20 years of overall IT experience, with 18 years focusing on IT Audit Programs, Global IT Governance, Information Risk, Compliance (GRC), Enterprise Security, and Project Management. Performed over 100 Internal Audits for customers and ensured no significant non-confirmatory was observed in External Audit. Leveraged AI-driven analytics within OneTrust to enhance Third-Party Exchange reviews, enabling predictive vendor risk scoring and identifying compliance trend patterns for early risk mitigation and smarter vendor decision-making Applied generative AI technologies, Microsoft Copilot, to draft and review control documentation and audit narratives, improving quality and reducing documentation preparation time by 40% for ISO 27001, SOC 2, and internal audits. Utilized Wiz's AI-powered risk engine and Security Graph to proactively identify high-risk cloud misconfigurations and anomalous exposures, enabling early remediation of threats before exploitation Managed the team size of a minimum of 7 to a maximum of 27 people directly rolling up to me across the globe Build and implement process improvement, project management, and compliance programs using ISO 27001:2022, NIST 800-53, ITIL, ISAE3402 & SOC 2 reports, PCI DSS, HIPAA, and COBIT frameworks. Supported SOX 404 compliance by maintaining and testing ITGC (IT General Controls) for systems impacting financial reporting. Implemented access review processes and automated control monitoring in alignment with SOX IT security requirements. Address CAR Corrective Action plans on schedules, collaborating with the respective stakeholders and tracking until closure. Analyse the COSO framework, EU DPA, FEDRAMP, FISMA, US Gov Cloud data center guidelines, and reporting structure based on the Geo and state as applicable during audit programs. Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance metrics, incident management, vulnerability management, and data protection. Create, prioritize, plan, and execute risk and control assessment roadmaps through collaboration with technology, cybersecurity, the second line of defence, and internal audit. This includes the ongoing resequencing of projects and assessments in the portfolio roadmap as priorities shift. Develop and implement effective policies and practices to protect sensitive data, ensure information security, and comply with relevant legislation and legal interpretation. Manage relationships with security, technology, and business stakeholders to identify and communicate security risks and mitigation approaches. CERTIFICATIONS Lead Auditor ISO 9001:2008 CISA Certified Information Systems Auditor Lead Auditor ISO/IEC 27001:2005 CISM Certified Information Systems Manager Lead Auditor Transition Program - ISO / IEC 27001:2022 CPISI - Certified Payment card Industry Security implementer - CPISI Lead Auditor ISO 20001:2005 CEH- Certified Ethical Hacker version 7 Lead Auditor BS 25999:2007 CLIP - Certified Lead implementer Professional (ISO/IEC 27001:2013) Lead Auditor ISO 19011:2002 ITIL Foundation Risk Management [Workshop - Training] Third-Party Risk Management Professional - OneTrust CISSP (Studying)Targeted Dec 2025 Tech Risk & Compliance - OneTrust MEMBER OF THE SECURITY ORGANISATIONS EDUCATION DETAILS MBA Systems; BBA Administration; DECE Diploma in Electronics & Communication Engineering TOOLING & OS: Tools & Technologies Azure Storage Explorer, OnePDM , ADO Azure CSI Visual Studio (TFS), MS Dynamics 365, ProductsWeb, KVM Rartian, Jarvis, ICM, Putty, PowerBI , SQL Server, Powershell, MWatch, COSMOs DB, Kusto, SharePoint, ServiceNow,Wiz, Microsoft ORB (Fabric) & MSViso Security Tools Arcsight, Qualys, SAP GRC , SAP Ariba, Open NMS, HP Open View, Jumpbox, Nessus, Nmap, BackTrack, Archer, Netstumbler,IBM Appscan, SAINT, OneTrust ,Cybsafe, Acunetix & Metasploit CONTRIBUTIONS & ACHIEVEMENTS Invited to discuss active Compliance with the US Department Federal Bureau of Investigation with the Special agent through the Seattle / Austin Cybersecurity Meet on potential threats and active laws. Active speaker on Compliance Management Programs held on the corporate level and training in onboarding employees to the organization. Awarded Master Mind for bringing up potential Risks and impacts for the Banking Project on the BCP and Risk Management Program Awarded Best Performer for the Quarter (3 Times Received) Was chosen among the CISO organization for the successful audit and Compliance Programs of SOC 2 Implementation, HIPAA assessment & Vendor Risk Management, Onboarding Program A Team Award received for successful recertification Audit for compliance across projects for the organization. PROFESSIONAL EXPERIENCE Xerox Corporation, Austin TX Jul 2022 Present Sr. Manager, IM Security - North America Customer obsession by delivering security projects that met and exceeded customer expectations. Demonstrated ownership by leading the design and implementation of security solutions for complex projects, ensuring the protection of sensitive data. Collaborated with cross-functional teams to identify security requirements, integrate security controls into project plans, and ensure secure software development practices. Developed and built the process from scratch on the Risk Register Program and integrated the process for the entire organization under the umbrella of Global Security Services Conducted security risk assessments and developed risk mitigation strategies, addressing potential vulnerabilities and ensuring proactive security measures. Streamlined the TPRM process for vendor onboarding, introduced the reassessment process for critical and high-risk vendors, implemented it across the organization, and headed the process for the entire organization. Perform Internal audits, support the Soc2 audits, and perform gap assessment. Privacy and Security control implementation, testing and evaluation, and POAM management. Managed and streamlined the SAP GRC tool, ensuring compliance with internal security controls, minimizing operational risks, and enhancing automated risk mitigation workflows in alignment with corporate governance standards Developed and maintained POAMs and coordinated remediation activities with the stakeholders. Identified IT Security and Privacy Weaknesses, Developed a Corrective Action Plan Led incident response efforts, coordinating timely and effective responses to security incidents and minimizing the impact on project timelines. Conducted security audits and compliance assessments, ensuring adherence to industry standards and regulatory requirements. Proficient in developing and implementing comprehensive security programs by industry standards and regulatory requirements. Excellent leadership skills and proven ability to influence and collaborate effectively with cross-functional teams. Exceptional problem-solving and decision-making abilities, with a focus on delivering customer-centric solutions. Support developing and maintaining cybersecurity policies, Standards, and guidelines in alignment with applicable laws, common security frameworks, and leading practices. Mindtree (Acquired by LTI), Washington, USA Sep 2016 Jul 2022 Cyber Security Senior Manager Proven track record of successfully leading and delivering complex security projects on time and within budget. Strong leadership skills with the ability to effectively collaborate with cross-functional teams, stakeholders, and executives. Excellent problem-solving and communication skills, with the ability to translate technical concepts into business terms. Spearheaded developing and implementing a comprehensive customer security program, ensuring compliance with industry standards and regulations. Collaborated with internal teams and external auditors to assess and mitigate risks, identifying potential vulnerabilities an d recommending appropriate controls. Led the incident response team, coordinating timely and effective responses to security incidents and minimizing the impact on customer data. Oversaw the management of security tools and technologies, evaluating their effectiveness and implementing necessary improvements. Conducted regular security training and awareness sessions for employees, promoting a culture of security consciousness throughout the organization. Managed vendor relationships related to security services and solutions, ensuring the selection of reliable partners and effective service delivery. Prepared and presented reports on security metrics, highlighting key findings and recommendations to executive leadership. Mindtree, Chennai - India Jun 2013 Sep 2016 Cyber Security Manager Led the design and implementation of a robust security infrastructure for a cloud-based SaaS platform, addressing customer concerns and ensuring the protection of sensitive data. Developed and maintained security policies, standards, and procedures, aligning them with industry best practices and regulat ory requirements. Coordinated vulnerability assessments and penetration tests, working closely with external consultants to identify and remediate vulnerabilities. Collaborated with the product management team to integrate security requirements into the software development lifecycle, ensuring secure coding practices and regular security testing. Conducted security risk assessments for third-party vendors and partners, evaluating their security practices and making recommendations for improvement. Perform internal audits (30+) and identify non-confirmatory and provided (OFI) opportunities for Improvement. Tracked the CAR (Corrective Action Plan) till the closure. Conducting Third-party risks assessments to identify associated threats & vulnerabilities to ensure data security. Define and document business process responsibilities and ownership of the controls in the GRC tool. Schedules regular assessments and testing of effectiveness and efficiency of controls and creates GRC reports, Developed enterprise-wide security management programs and successfully implemented processes and technologies based on compliance required, such as ISO27001, ISAE 3402& PCI- DSS, SOC 2, and NIST-800-53. OTHER ORGANISATIONS WORKED Company Name Role / Designation Duration Start Duration End Computer Science Corporation DXC Technology Lead Security Audit Consultant Aug-12 Jun-13 Hexaware Technologies Security Consultant Mar-11 Aug-12 Intelenet Global Services (Serco) Risk & Compliance Analyst Jul-07 Mar-11 VISA INFORMATION H1B WORK PERMIT USA (I140 APPROVED) Keywords: artificial intelligence database information technology hewlett packard microsoft mississippi Texas