Vishnu Padmakumar

Strategic:

• Developing information security program / framework
• Defining Enterprise IT security controls and initiatives
• Advising senior management on cost benefit realization of security initiatives
• Defining and establishing Information Security Steering Committee
• Leading the organization's information security function
• Representing security team in external business engagements

Tactical:

• Implementing cyber security regulatory compliance in accordance with NESA / ISO 27001
• Defining, establishing and maintaining ISMS Policies and Procedures
• Implementing security control measures to address open risks
• Implementing Vulnerability Management Program
• Implementing Security Awareness Program
• Implementing Enterprise IT Security solutions
• Preparing RFPs, scoping objectives, evaluating vendors for cyber security projects
• Managing Incident Response function
• Managing third party service providers
• Implementing data leakage prevention, data classification, cloud security controls (CASB), Single Sign On and Identity & Access Management technologies

• Performed security assessment of web applications to ensure risk level is brought down to an acceptable limit.
• Implemented (cost saving) automated vulnerability scanning/mobile app security assessment portals for use by UAE federal government entities.
• Participated in senior management meetings to provide security consulting for existing/new systems.
• Collaborated with Dubai Electronic Security Center (DESC) to test, plan and escalate unattended risks to get them mitigated in a timely manner.
• Researched and implemented new and innovative technologies, solutions and processes to enhance over all security maturity of the organization.
• Conducted web application vulnerability assessment and penetration tests for Federal Government entities.

• Lead the Threat & Vulnerability Management team
• Conferred with GRC team in developing and implementing risk assessment methodology, procedure and security standards across the organization.
• Performed VAPT of web and mobile applications
• Researched and implemented new and innovative technologies
• Developed road map for the CISO's cyber security strategy.
• Performed vendor assessments.
• Prepared operational procedures and executive reports for higher management. Propose solutions to mitigate risks highlighted in external audit reports

• Performed VAPT of web and mobile applications
• Performed PCI-DSS technical security testing of assets belonging to financial sectors.
• Performed risk analyses of new and existing systems and services.
• Performed policy compliance review of major banking and financial enterprises across Saudi Arabia.

• Performed security assessment and certification of global enterprise applications
• Performed periodic network scanning of global data centers to identify and map internet facing applications.
• Conducted awareness sessions to project team members on the security risks and control measures thus ensuring developers and QA personnel are trained with appropriate level of security knowledge
• Conferred with security consulting team to evaluate the remediation/exceptions in GRC platform.
• Performed internal validation of third-party assessment reports