Ram Kumar CV
Ram Kumar CV
Ram Kumar CV
Drive organization-level corporate, information security & business continuity function, develop & enforce policies,
processes and best practices to achieve security compliance and maintain optimum BCP & security posture throughout.
Make high-stakes decisions, handle complex security issues, provide expert advisory inputs and manage critical security
projects. Design, implement & enforce effective information security & business continuity programs.
Profile Summary:
Prior Experience: 14 years of progressive Information Security, Business Continuity, Corporate Security Management,
Audit & Customer Service experience with top MNCs across BFSI, IT & ITES, ISP, Media & Entertainment verticals.
9 years of managerial experience working with C-level executives (including functional reporting to CEOs) drawn from
cross-functional domains.
Education: MCA, MBA (HR), CISM, CRISC, CPISI, BCCE, ISO 27001:2005 Lead Auditor, CEH and CCNA.
Co-Founder and General Secretary of Business Resilience Consortium - a BCP/DR focused non-profit society
Occasional contributor on Security topics and Guest Speaker at Security Conferences & Training Programs.
Writer and published author of few books like Career Excellence (Vol I & II), Atlantic Books, New Delhi and Cyber
Crimes A Primer on Internet Threats & Email Abuses, Viva Books, New Delhi.
Areas of Expertise: Specialize in setting up Information & Corporate Security/BCP function from ground up in MNCs
Information Security & Business Continuity Management
Information Security Governance, Risk & Compliance (GRC)
Developing & enforcing of Information Security Policy & Practices
GRC program for ISO 27001:2013 ISMS, PCI-DSS, SOX, GLBA, FFIEC,
MPAA, CDSA, Basel III, CNIL, ISO 22301 BCM Standards
Enterprise Risk Management Assessment and Mitigation
Security Program monitoring and improving through Security Metrics
Identity and Access Management (IAM) Solutioning & Administration
Security Awareness, BCP & Crisis Mgmt Training, Design & Promotion
Security Incident Management Tracking, Reporting & Resolution
BCP BIA, Planning, Documenting, Implementing, Training, Testing
Pandemic Planning H1N1 Monitoring, Preventive Measures & Advisory
Vendor Risk Assessment, Audit & Due Diligence
Corporate Security
Physical Security Controls Rollout & Review
Manpower planning, hiring & training
Access Control, CCTV & Fire Safety
Evacuation Drills, ERT & Travel Security
Environment, Health and Safety (EHS)
Labour Law Compliance
Executive Oversight
Vision, Strategy & Execution
Budgeting & Cost Control
Program & Project Management
Team Building, Mentoring & Leadership
Stakeholder Management
Management Reporting & Updates
Page 1 of 4
ITPL, Bangalore
Recruited to prep and roll out ISO 27001 ISMS across SG GSC and be responsible to deliver the Groups Information
Security Program at organizational level across 8 Business Lines covering 4000+ users across 3 locations.
Key role in improving companys information security strategy, practices & effecting enterprise-wide culture change.
Revamped Identity and Access Management Governance framework (SailPoint)and rolled out enterprise-wide
Implemented enhanced security controls project to secure sensitive data and improved policy exception process
Improved process rigor for data leakage protection (DLP) for outbound emails using Symantec DLP
Developed control framework for security health checks monitoring in BAU mode
Raised visibility of information security function company-wide through Risk Culture program and revitalized Security
Awareness Program New Joiner Induction, Risk Newsletter, End-user Communication, Participation in Events, etc.
Revise end user documentation - Security Policies, Procedures, Cheat sheets, Flyers & Awareness Presentations
Streamlined Risk Assessment Program for critical IT projects, sensitive applications and outsourced vendors
Performed gap analysis for ISMS implementation and prepared business case for roll out
Ran periodic User Access Review campaigns (applications, infrastructure, mailbox access) and ensured 100% compliance
Audit interface and responsible for closure of audit recommendations and non-conformances within agreed deadlines
Improved KRI parameters for value-added reporting and analysis to global headquarters in Paris
Paris-based Societe Generale www.societegenerale.com is the largest bank in the Eurozone providing a wide range of
financial services in retail and investment banking space for 150 years.
ITPL, Bangalore
Reported to: Country Head Technicolor India, dotted line reporting to Director Worldwide Content
Protection and Anti-Piracy, LA, USA and accountable to 4 BU Heads
Part of Country Leadership Team mandated to establish an integrated Information & Corporate Security function
Recruited to set up Technicolor Security Office (TSO) at Technicolor India and be responsible to deliver Information
Security & Physical Security Program at organizational level across 4 Business Units Animation & Gaming, Media
Services, Moving Picture Company (MPC) and DreamWorks Dedicated Unit (DDU) covering 1300+ users.
Set up Country Security Council for Technicolor India to serve as steering committee for security function
SPOC for Security function and offer expert advisory to Management on security matters
Established Security Governance, Risk & Compliance (GRC) program for Technicolor India
Achieved industrys leading digital security standard CDSA certification for 3 consecutive years for Technicolor India.
Lead MPAA Site Security Survey audit interface and passed successfully for fully-owned VFX studio - MPC
Handled Internal & Statutory Audits for IS including SOX compliance requirements PwC, Deloitte & KPMG auditors
Provided guidance & handholding for CDSA & MPAA compliance to onsite locations (Los Angeles & Burbank)
Drafted and implemented site-specific security policies, procedures & best practices
Instrumental in raising visibility of security function across BUs security handbook, induction & awareness programs
Enhanced Environment, Safety & Health (EHS) Program by improving safety posture equipment & staff training
Lead and successfully coordinated (5 instances, <12 mins) site Evacuation Drills (planned & unplanned)
Managed crisis situations (general shutdowns, cab strikes) with advisory to management on office open/shut decisions
Paris-based Technicolor www.technicolor.com is the world leading provider of solutions to CREATE, MANAGE and DELIVER
content for the Media & Entertainment industry in existence for 100 years.
Page 2 of 4
Sep 2007 March 2010
Yodlee, Inc
Information Security Manager (role equivalent to ODC Security Head)
Reported to: Sr. Director Information Security, USA and dotted line reporting to Managing Director - India
Key role in aligning Information Security Program with global policy and developing BCM Program company-wide
Recruited to head Yodlee Security Office (YSO) at Yodlee India and be responsible to deliver Information Security &
Business Continuity Program at organizational level for Bangalore ODC in line with corporate security policy.
Member of core security team set up to provide strategic direction to Information Security & Business Continuity function
fully aligned to ISO 27001:2005 ISMS, PCI-DSS and FFIEC standards.
Pivotal role in optimizing companys security strategy, practices & effecting company-wide culture change.
Key Projects & Accomplishments:
PCI DSS Assessment Program Management: Driving & project management of preparation work at California office (3
months at HQ) for annual PCI-DSS Level 1 Service Provider Assessment by Verisign, Inc.
Designed and enhanced security program controls mapped to ISO 27001 ISMS requirements. Close liaison with related
governance functions Physical Security, Facilities, IT, HR, Legal to meet global security standards.
Established BCM Life cycle (covering BIA, deptl BCPs, Implementing, Training, Testing, Improvement, Maintenance)
BCP Documentation: Developed BIA format & departmental BCP documents for critical business functions
Conducted Business Impact Analysis (BIA) by coordinating with departmental heads in both US & India.
Coordinated conduct of 3 BCP Functional Remote Access Tests and Table Top Exercises at BLR & US offices (includes
planning, coordinating with IT & Ops teams, employee communications, post-test data gathering & reporting)
Audit Prep Work Program Management:
Coordinating & participating in revision of Security Policies, Procedures & Practices with policy owners
Collating required evidences and preparing documentation - creating binders for policies & procedures, audit evidences &
records for auditor reference. Prep work management with periodic reminders and regular updates to YSO leadership.
Organizational preparedness training, briefing key stakeholders, enterprise-wide email communication, etc
Established & implemented a comprehensive Security Awareness Program:
Conducted role-based Security Awareness Training Program (3 annual cycles) for Yodlee Bangalore staffers (around 300
persons) in about 8 weeks time scheduled alternate days. Followed up to ensure 100% training coverage.
Designed & Developed Presentations, Security Best Practices Pamphlets, Security Awareness Posters & Wallet Cards.
Launched monthly security newsletter YSO News and served as Editor write, collate articles, design, layout & e-publish
California-headquartered Yodlee, Inc (www.yodlee.com) is a pioneering provider of innovative online banking solutions to top
banks & financial institutions world-wide.
Bangalore
Signed up to spearhead the setting up of Cyber Security Division as a distinct IT Security service vertical for G4S Security
Services, India across NAMESA (North Africa, Middle East and South Asia) region.
Responsible for running the division as a profit center in tandem with other IT Security SBUs.
Key Roles & Responsibilities:
G4S Cyber Security Core Group Member Participate in management meetings for business strategy & direction.
Coordinate conduct of audits & follow up on closure of NCs found during audits & assessments.
Build and sustain client relationships, support pre-sales activities for key clients.
Key Projects handled:
Third-party IT Risk Assessments, Policy Reviews and Cyber Crime investigations liaison projects for clients.
Conduct monthly Information Security Awareness Training open house workshops for clients targeting both IT & Non-IT
managers. Clients reps include HP, Dell, Wal-Mart, McAfee, TCS, HCL, LG Software, Scope International, Airtel, etc
United Kingdom-based Group 4 Securicor (G4S) (www.g4s.com) is worlds leading security services company with business
operations in over 100 countries world-wide serving clients for more than 113 years.
Page 3 of 4
May 2005 - Jan 2006
Affiliated Computer Services, Inc (ACS)
Information Management Associate - Security Engineering (NWDC)
ITPL, Bangalore
Reported to: Information Security Manager (NWDC), Portland, USA with dotted line reporting to Senior Director - Operations
Handled key clients like Nike and Symetra Financial by providing SLA-driven end-to-end quick-response remote security
monitoring & support with job roles as Internet Gateway Administrator, Trainer and Documentation Specialist.
Affiliated Computer Services, Inc (ACS) A Xerox Company (www.acs-inc.com) is a Fortune 500 company and a premier
provider of diversified BPO & IT outsourcing solutions to clients worldwide.
Hyderabad
Provide cyber security solutions to ISP members (for all UOL brands - Juno, NetZero, BlueLight, MySite, Freeservers.com &
Classmates.com) for account security & abuse issues spam, phishing, & viruses.
Juno Online, an United Online Company, (www.juno.com,www.untd.com) is a top Internet Service Provider in USA.
Non-IT Experience (3 years):
Year
Company
Jan 2003 June 2003 ICICI Bank Ltd, HITEC City, Hyderabad
May 1998 Nov 2000 Sathya & Associates, Chartered Accountants,
Hyderabad
Education:
Year
2008-2009
2000-2003
1996-1999
1996
Degree
Master of Business Administration International
(MBA) Specialization in Human Resources
Master of Computer Applications (MCA)
Bachelor of Commerce (B.Com)
Higher Secondary Course Certificate (Plus Two)
School Topper in Economics
Designation
Customer Service Officer Banking Operations
Audit Assistant
Division
Distinction
First
First
First
University
Edith Cowan University,
Perth, Australia
Madurai Kamaraj University, Madurai
Osmania University, Hyderabad
Board of Higher Secondary Examination
Chennai, Tamil Nadu
Certified Payment Card Industry Security Implementer (CPISI), SISA Feb 2015
Certified in Risk and Information Systems Control (CRISC), ISACA, USA Aug 2011
Business Continuity Certified Expert (BCCE), Business Continuity Management Institute (BCMI), India Aug 2008
Business Continuity Certified Planner (BCCP), Business Continuity Management Institute (BCMI), India Sept 2007
ISO 9001:2000 Quality Management System Internal Auditor, BSI, India June 2007
Cisco Certified Network Associate (CCNA), Cisco Systems, Inc, USA Dec 2003.
Diploma in Advanced Software Technology (DAST), CMC Ltd, Hyderabad June 2002
Professional Affiliations:
Member - ISACA, USA, Project Management Institute, USA, BCI Bangalore Forum and Data Security Council of India
Personal Profile:
Date of Birth and Age
: 04-04-19XX, XX years.
Languages known
Ram Kumar G
Page 4 of 4