Professional Documents
Culture Documents
Bharathkumar Vankipuram
Bharathkumar Vankipuram
Senior Leader with chronicle success and Dynamic experience of over 23 years in all aspects of Technology Audits, Risk Management,
Cyber & IT Security, Governance Risk & Compliance mainly in Banking & Financial Sectors, targeting top level assignments in with an
esteemed organization, Life Coach & Mentor
Incident & Change Management Well versed in defining Enterprise wide Technology Risk, Audit & Cyber
siness Continuity Planning Security Methodology, Framework & Processes, maintain a balance
Application Development Security between broader objectives of the Organization and the Risk Management;
End -to-end project implementation and management of IT Security Risk
Vendor Security reviews projects, Risk reports & dashboards, escalation/management of Incidents
through concerned departments
Project Management & Agile Methodology
May’ 21 to Till Date: Standard Chartered Bank as Third Party Security Risk & Assessments–Special Engagements Director
Special engagement group in TPSR is a business priority group focused to expedite the end to end technology vendor onboarding process
Built Target Operating Model for TPSR special engagements which includes; conceptualize new process and structure; restructure the current
costing model; strategic and continuous improvement programs.
Create and manage business aligned reporting metrics for senior leaders
Manage improvement programs; create special Engagement framework, manage global Innovation campaign,
Effectively manage all third party special engagements; recommend efficient technical solutions to address data and cyber Risk
Provide technical and operational guidance to all risk senior/managers.
Founder and Champion for TPSR Innovation Strategy and Events
Received GEM (Going Extra Mile) Award for Q2 from CISO & COO Leadership team for Strategizing and managing new initiatives within TPSR. This is a
prestigious individual award and only 0.1% of total population under Trust and Resilience group receives this individual award.
Aug’ 20 to Till May’ 21: Mashreq Bank Dubai (through Paramount Computer Systems – Contractual Role )
Implementation and management of various Cyber Security, Risk Management and Data Privacy projects for various clients in Middle East
Dec’ 18 to Aug’ 20: Temenos Banking Software Systems as Senior Vice President/ Global Head –Assurance & Audit
Part of Global Risk and Security Leadership Team
Key Result Areas:
Drive and maintain Enterprise wide Technology Risk management and Cyber Security Assurance strategies globally
Develop & Enhance Enterprise Risk Management processes and Cyber Security Assurance and facilitate the identification, assessment and reporting
of data risks across departments and regions
Develop and maintain risk monitoring and reporting structures, including reporting dashboards, risk registers, templates and supporting
documentation
Produce risk reports working with key contributors and support the analysis of significant risks and the appropriate mitigation measures
Work closely with Internal Audit, Operations and other Security teams and Governance Committee to ensure an enterprise risk management
approach
Ensure that risk reporting aligns with organizational performance and strategy reporting, to support decision making and management oversight at
the most senior levels of the organization
Support senior leaders to drive a risk culture across the organization and ensure the effective operation of enterprise risk management
Develop and Manage Risk Based framework and Assessment plan to support Enterprise wide risk program across the organization.
Manage the company wide Control Risk assessment program to deliver quality outcomes for the Group and improve controls effectiveness
End to end management Security and Risk based certifications includes, PCI-DSS, SOC2, ISO 27001, and ISO27017, ISO27018 (Data Privacy) etc.
Manage all aspects of Cyber Security Compliance which includes; Internal Security reviews, Data security audits, Vulnerability Assessment,
Penetration testing, Application Security, Configuration reviews, Phishing activities etc.
Work with all business functions to identify emerging risks and ensure they are appropriately addressed and subjected to formal governance
Oversee periodic testing through scheduled control self-assessment outcome(RSCA), and follow on the adequacy of the related remediation actions
Led the Mergers and Acquisitions, conduct security due diligence assessments and reviews.
Performing risk based Adhoc assessments to test the compliance across the organization against various standards and regulatory requirements
and reporting the same for successful mitigation;
Manage Vendor/Supplier third-party risk assessment and remediation of identified weaknesses through implementation of controls
Responsible for ensuring compliance on contractual agreements with company policies, controls, road maps for to integrate with the global security
program.
Manage and oversee the completion of all open regulatory, audit and self-identified risk issues and ensure successful closure and remediation.
Assisting the Chief Security Officer in the preparation of executive & management reports related to cyber and Technology Risks, events & pertaining
actions
Creating cyber security risk awareness to all business leaders and create process to mitigate the risk in their business functions.
Conduct information security awareness training program for both Cloud and On-premises world.
Built highly skilled team regarded Security & Risk professionals to execute the Cyber Security & Technology Risk Assurance strategy globally
Exhibited leadership skills in managing team functions such as discipline, welfare, sub-ordinate development, performance appraisal, counselling,
grievance management, coordination & control of various organizational and inter-departmental activities
Jul’ 10 to Aug’ 18: The Bank of New York Mellon as Internal Audit Director/ Head of Asia Technology Audit
Part of Global Audit Leadership team
Key Result Areas:
Managing APAC technology audits and spearheading the entire gamut of Global Technology Audits with a team of 30 Auditors in India, Singapore
and Hong Kong.
Administered India Centre of Excellence & Asia Technology Audit Team which conducts Technology & Infrastructure audits, Security reviews,
Application audits, project life cycle review and Regulatory exams
Provide independent assurance to the BNY Mellon board of directors and senior leadership stakeholders on the aspects of control design/operating
effectiveness of technology environment
Developed, finalized and managed audit plans, risk & control matrix for the core areas including Cyber security& Core Infrastructure/Security audits,
Business processes (technology), Business Continuity/ Disaster Recovery Assessment, Regulatory stability review for APAC and other global regions
Managed & directed end-to-end technology control & information/cyber security and privacy reviews across the globe; ensuring compliance &
adherence to BNY Mellon policies and regulatory requirements
Executed & managed Risk Analysis on suitability of IT Controls, to protect sensitive & client data
IT operational risk assessments & audits on applications being used within organization / external organizations dependent on this organization;
ensured compliance to the control objectives and standards for the operational risk control function
Responsible for managing and delivering global continuous and horizontal Core Infrastructure for e.g. Change, Incident and Problem Management,
Network Security, Systems Operation, Operating System, Database reviews and critical application reviews.
Conducted & supervised reviews on Vendor Risk Management process for the global vendors which includes reviewing the contractual obligations,
SLAs and other regulatory information security and compliance clauses
Facilitated Application Development Security, entailing incorporation of SDLC in organization & ESA promulgation of appropriate application
development model (Waterfall, Agile & RAD); provided guidelines on securing applications and web-servers through appropriate secure architecture
Conducted & supervised reviews on Vendor Risk Management process for the global vendors which includes reviewing the contractual obligations,
SLAs and other regulatory information security and compliance clauses
Leading the Cyber audit initiatives within APAC region and making sure for adequate coverage as per regulatory requirements.
Led Horizontal BCP/DR reviews to ensure readiness
Provide direction to the team to ensure that audits are performed in accordance with department and professional standards.
Monitored & mentored APAC audit team by sharing knowledge, skills and experience to guide them in their growth through effective career
planning and goal setting process
Spearheaded various committees & forums within technology audit to improve the effectiveness & productivity of the audit approach
Managed project audit life cycle and Governance for the region in the area of Privacy, Infrastructure and Software development life cycle (Agile
etc.)
Supervised the timely & frequent communication of all issues to senior stakeholders & ensured that all updates are provided during the course of
the audit
Authorizing the audit reports report for the area of responsibility within APAC region and directed the resourcing & budget of all audits managed
within APAC (including India)
Mar’ 09 to May’ 10
Tata Consultancy Services (Banking & Financial Services) as Senior Manager (Information Security & Security Assessments)
Mar’ 08 to Dec’ 08
KPMG Singapore as Manager (IT Audit & Advisory)
Oct’ 06 to Mar’ 08
PriceWaterHouseCoopers as Manager (IT Audit & Advisory)
May’ 05 to Sep’ 06
Covansys India Private Limited (Currently DXC Technology) as Senior Consultant (Information Security & Sarbanes Oxley)
Aug’ 04 to May’ 05
SIFY Limited as Information Security Consultant
Jul’ 02 to Aug’ 04
Standard Chartered Bank as IT Change Management Executive
Jan’ 99 to Jul’ 02
DSQ Software Limited as System Security Executive
EDUCATION
Masters of Computer Application from University of Madras
Masters in Psychology from University of Madras
Post Graduate Diploma in Business Administration in Operations (PGDBA) from Symbiosis
B.Com. from University of Madras
Professional Diploma in Software Technology & System Management in National Institute Information Technology
CERTIFICATIONS
Certified Data Privacy Solutions Engineer (CDPSE)
Certified in Risk and Information Systems Control (CRISC)
Certified Information Systems Auditor (CISA)
Certified Information Systems Manager (CISM)
CSA(Cloud Security Alliance) Star Compliance Implementer
ISO27001 Lead Auditor
ISO27001 Lead Implementer
ITIL Foundation Certified Professional (V3)
BS15000 Certified Lead Auditor & Implementer from British Standard Institute
Ethical Hacker (CEH)
Cisco Certified Network Associate (CCNA)
Microsoft Certified Professional (MCP)
Certified Life Coach (Accredited by International Coaching Alliance and Certified Coaches Alliance)
References:
A Michael Smith
https://www.linkedin.com/in/amichaelsmith/
Chief Audit Executive at Nasdaq
Location: Greater New York City
a.michael.smith@nasdaq.com
Ed Kirkorian
https://www.linkedin.com/in/edward-kirkorian-5610111/
Managing Director- Internal Audit at BNY Mellon
Location: Greater New York City
Edward.Kirkorian@Bnymellon.com
Nassos Oikonomopoulos
https://www.linkedin.com/in/nassos-oikonomopoulos-aa575215/
Head of Technology Controls - Head of Regions & IT Regulatory Advisory HSBC
Location: London
necono@yahoo.com