Satyendra T.
Details
IT (Information Technology) and Finance
Southern New Hampshire University, Manchester, NH
2007 : 2009
Master's Degree
Master of Science in Computer Information Systems with minor in Finance
Southern New Hampshire University, Manchester, NH
2000 : 2002
Bachelor's Degree
Bachelor of Science – IT LGFT Technical Education
Board of Technical Education - Government Polytechnic
1993 : 1997
Hasbro
Vice President Chief Information Security Officer
Bose is the #1 audio (Healthcare, Consumer Electronics, Automotive, Military and Aviation) company globally with $4B in annual revenues.
• Architected and optimized a cloud connected product, information security practice and GRC function to undergird Bose’s major strategic shift from stand-alone audio products to digitally connected audio products for home, auto, and healthcare/medical devices – IoT.
• Optimize and lead a newly united global information security and GRC function. Manage multi-million dollars' OP/CAP budgets. Direct 15 dedicated technical direct reports and 21 security champions/indirect resources. Work with healthcare, medical devices, and consumer products customers to develop secured new products.
• Achieved industry standard of security maturity by developing and implementing a 3-year security maturity roadmap to launch the product security initiative and correct substandard cybersecurity performance – at 75% of the average industry expenditure and within 3 years.
• Designed and executed Global Information Security strategy for Product Security, Cloud Security, and Mobile App Security Programs using “Security and Privacy by Design” principles. Adopted NIST 800-53 and ISO27001/21434.
• Implemented Product Security Engineering and Assurance program to integrate Product Security requirements throughout the product development lifecycle and post launch maintenance and operations.
• Negotiated contract terms for security integration and partnerships with key product integration or joint development partners like Apple, Amazon, Flextronics, GM, Porsche, Hyundai, and Mazda.
• Collaborated with Legal, Privacy, and Internal Audit on Product Security governance, and on a regular cadence presented security status to BoD and executive committee.
• Achieved compliance with global standards including PCI, GDPR, CCPA, FDA, HIPAA, and TISAX
2016 :
Bose Corporation
CISO - Global Information Security and GRC
Led Bose’s information security strategy for IT and Products and operations, including establishing cybersecurity best practices and cyber frameworks. Collaborated with GRC counterpart before ascension to CISO to integrate and oversee united IS and GRC.
• Introduced and performed Threat Modeling and Penetration Testing exercises to understand the product risk and collaborated with the engineering leadership to address product risks and vulnerabilities.
• Saved $2M YoY by building a fully integrated in-house GRC function that replaced costly use of GRC outsourced consultants. Built strong GRC, established policies, standards, processes, and standard operating procedures.
• Identified failure of GRC’s outsourcing strategy, assessed organizational problems, architected strategic plan, developed business case for bringing compliance in house, and gained Board approval.
• Implemented Security Champions, Training, and Awareness Program engaging representatives from 27 business units.
2016 : 2017
Bose Corporation
Head of Information Security (Technology and Products)
Recruited to create and lead a newly established standardized IS, GRC, and DR department supporting 57 different business units. Managed 5 direct and 22 indirect reports and external consultants. Optimized budgets to $11M. Served on Risk Steering committee. Influenced key stakeholders to achieve buy in for new initiatives. Hearst is a leading media, entertainment, and digital solutions organization with $15B in revenues and 350 businesses.
• Implemented a standardized security and compliance function to support a major corporate initiative to consolidate functions across 57 business units, replacing dysfunctional, inefficient processes and a patchwork of ad hoc solutions.
• Attained PCI compliance as Level 1 Merchant within 90 days for all business units. Corrected previous failure to meet critical compliance requirements that threatened a $6B revenue stream and $1M in audit fees annually.
• Architected and implemented a secured platform running in Amazon Web Services (AWS) environment to consolidate 27 disparate data centers into 5 virtual environments and protect 450M+ customer data, including critical personal information (PII) such as credit cards, telemetry from medical devices, and health records (PHI).
• Achieved $2.4M cost savings and 50% reduction in audit efforts by developing an industry standard-based set of uniform technology standards. Eliminated 80%+ of redundant controls. Enabled IT automation (potentially 60%).
2014 : 2016
Hearst
Director - Security Governance, Compliance, and Disaster Recovery (DR)
Promoted rapidly through a $23B company to a position of global authority for security, compliance, and audit in 27 countries. Managed 12 direct reports and $2.3M operating budget. Authority for security policies, audit strategies/programs, information security/compliance assessment and planning, SEIM (Security Information & Event Management), risk assessment and management, reporting, and vulnerability management. Provided SDLC compliance review on 100+ projects. Member : SOX, PCI, Audit, Governance, Compliance, Security, and Disaster Recovery Standards Committee.
• Architected and led comprehensive program to improve Staple’s security and compliance posture while cutting costs, both key to safeguarding personal and credit card information as the company refocused on ecommerce channel.
• Drove standardization of policies and procedures for SOX Compliance/Audit across 5 continents, replacing a patchwork of distributed practices. Dramatically improved audit performance, created efficiencies, and cut costs.
• Completed external SOX Audits for all North American locations with 0 deficiencies for 3 years running, covering $20B revenue (80% of total sales). Engaged with leading accounting giants : E&Y, Deloitte, PWC.
2006 : 2014
Staples, Inc.
Senior Manager - Global Security Governance, and Compliance
Skills
Auditing, Automation, Business Continuity, Business Process Automation, Business Process Improvement, California Consumer Privacy Act (CCPA), Change Management, CISA, CISM, CISSP, Computer Security, CRISC, Cyber Threat Intelligence (CTI), Data Center, Digital Forensics, Disaster Recovery, EDR, Enterprise Architecture, FERPA, General Data Protection Regulation (GDPR), Governance, HITRUST, Identity Management, Incident Management, Information Security, Information Security Management, Internal Control Implementation, ISO 27001, IT Audit, IT GRC, ITIL, Medical Device Security, NIST 800-53, PCI DSS, Privacy Compliance, Privacy Law, Product Security, Regulatory Compliance, Risk Assessment, Sarbanes-Oxley Act, SDLC, Security, Security Information and Event Management (SIEM), Security Monitoring, Software Development Life Cycle (SDLC), Threat & Vulnerability Management, Threat Modeling, U.S. Food and Drug Administration (FDA), U.S. Health Insurance Portability and Accountability Act (HIPAA), Vulnerability Management, IT Management, Software Documentation, SQL, Requirements Analysis, Vendor Management, IT Strategy, IT Service Management, Business Intelligence, Quality Assurance, SOX Compliancy, Payment Industry, Network Security, Requirements Gathering, Computer-Assisted Audit, ACLS, Business Process, Internal Audit, Internal Controls, Internal Control, HIPPA, Computer-Assisted Audit Technique
About
Multibillion-dollar companies rely on information security and compliance to protect people, products, brand equity, and revenues. As a leader in product and enterprise security, I view my overarching job to be one of developing innovative programs and strategic solutions to information security and compliance challenges in order to protect the products, customer data, limit financial exposure and mitigate threats to the enterprise.
Currently, as CISO at Bose, I have established the security posture for a company-wide shift to IoT products, which are supremely dependent on secure cloud connections and integration with mobile app and other IoT services. I have also overseen a massive migration of global information security data to the cloud. I manage multi-million dollars’ budgets and teams to 31 direct/indirect resources and security champions.
Previously, at Hearst, I leveraged my BPI (Business Process Improvement) and financial accountability orientation to consolidate and streamline an information security and compliance function undergirding 57 business units. At Staples, I rose rapidly to lead security governance and compliance initiatives while managing direct and indirect global teams and managing multi-million dollar budgets.
Because no high-impact change can be accomplished without people in relationships, I leverage leadership, people, and communication skills to achieve buy-in from the stakeholders who will interact with new products, tools, and programs every day.
Forester and AWS (Amazon Web Services) have selected me to speak at international conferences based on my reputation as an innovative information security subject matter expert. I often use my own case studies to exemplify excellence and best practices in my field.
My expertise encompasses Product Security (IoT), Cyber Security, Security Maturity, Cloud Security, Quantified Risk Management, Data Privacy, Data Protection, Regulatory Compliance, Asset Protection, and 3rd Party Risk Management.
Credentials: MBA, CISA, CISM, CVMS, CRISC, ITIL v.2, CISSP in progress.
Profile Photo
