Sarma Ayyagari
Details
Computer Science
New Jersey Institute of Technology
2001 : 2003
B.E
Mechanical Engineering
University of Madras
1988 : 1992
AdvanSix
CISO & Director - Cybersecurity
Working alongside the CISO, manage the overall Information Risk Management program design, implementation and assurance. Provide governance and oversight of Information Risk, Information Security and Cybersecurity. Establish information security policies, standards, and procedures for a variety of technologies and processes related to traditional IT and cloud computing systems. Ensure compliance to regulations and frameworks such as NYDFS Part 500, FFIEC, NIST CSF, ISO27001, and SWIFT CSP. Guide secure application development by promoting and advocating secure-SDLC methodology, that dictates Application Risk Assessments, System/Application architecture reviews including Threat Modeling, and App-Sec certification. Oversee Threat and Vulnerability Management program, and Incident Response Management including supporting tools and processes such as Vulnerability scanning, pen testing, SIEM and SOC. Provide advisory services to IT and Business groups on all matters related to Information Security and Cybersecurity. Liaison with auditors and regulators to ensure compliance with regulations and guidelines. Participate in Risk Management committees to present overall program status including material risks.
2016 : 2018
MUFG
VP & Information Security Officer - MUTB (New York)
Trusted Advisor providing management consulting services to C-suite mainly CROs, CISOs, CIOs, Heads of Information Security and Heads of Internal Audit on cybersecurity and privacy issues. Oversee engagements related to cyber related business risk assessment, identification and mitigation. Led teams in planning and execution, managing client expectations, and maintaining quality standards. Develop strong relationships internally and externally and seek opportunities to solve complex business problems related to cybersecurity and risk. Focused broadly on financial services sector including Banking and Capital Markets, Asset Management and Insurance, with an excellent understanding of sector-specific cybersecurity regulatory landscape, leading practices, and frameworks.
Perform assessments related to
- Cyber related business risk
- Security maturity assessments against standards, guidelines and regulations
- Technology and application risk assessments including configuration reviews and penetration testing
- Third party risk assessments
- Design and operating effectiveness of controls related to security technologies and processes
2014 : 2016
PwC
Manager - Cybersecurity & Privacy
Subject Matter Specialist for information risk, security and compliance matters. Responsible for initiating, driving and managing variety of enterprise information security, compliance and technology risk management programs that were critical to the protection of the company's assets and brand.
2005 : 2014
Suez Environment North America
Technology Manager - IT Security & Infrastructure
IT audit testing for SOX compliance program including developing work programs for various IT processes and technologies. Design and operating effectiveness testing of IT General Controls (ITGCs) and Application controls.
2004 : 2004
Pentair
IT Auditor
Skills
Auditing, Business Analysis, Business Process, Cloud Computing, Disaster Recovery, Encryption, Information Risk, Information Security, Integration, IT Audit, IT Compliance, IT Controls, ITIL, IT Risk Assessments, IT Security, IT Strategy, Leadership, Microsoft SQL Server, Process Improvement, Project Management, Risk Assessment, Sarbanes-Oxley Act, SDLC, Secure Application Development, Security Operations in AWS, Technology Change Management, Third Party Risk Management, Threat Modeling, Vendor Management, PowerPoint, Microsoft Excel, Microsoft Office, Photoshop, Microsoft Word, Public Speaking, Social Media, Data Analysis, Marketing, Market Research, Social Networking, Financial Modeling, Capital IQ, Financial Analysis
About
Cybersecurity leader responsible for overseeing, governance and implementation of an effective cybersecurity program. Results oriented information risk management executive with extensive experience managing Information Governance, Risk and Compliance programs. Strong Information Security leader with solid client service experience, acting as a trusted advisor providing strategic & tactical advice, implementing security projects, and managing security operations. A resourceful manager ready to accomplish tasks by integrating people, process, and technology. Collaborative team player ready to motivate, mentor and coach team members. An accomplished manager experienced in successfully managing large teams, projects and budgets including Opex and Capex spends. Specialties include Technology Governance, Risk and Compliance Management, Information Security and Cybersecurity, Risk Assessments, Secure-SDLC, Security Architecting, Cloud security design and operations (Amazon Web Services), Threat and Vulnerability Management, SIEM/SOC, and Incident Response Management.
Profile Photo
