Summary
Overview
Work History
Education
Certification
Timeline
Generic

PRAKASH SANKAR

Redmond,WA

Summary

Experienced Information Technology Leader with more than 15 years of combined experience in the domains of Information Security Architecture and Engineering, Risk Management, Compliance and Security product management. Proven track record of hiring and developing strong diverse teams, mentoring technology teams and managing security budgets.


As a change Leader improved the security maturity of the environment in a short time, by defining strategy and executing security projects and programs. Worked closely with Senior Technology and Security Leadership in defining Security portfolio roadmaps and Enterprise Security governance controls. Bring data-first approach to Leadership and decision making process.


Partnered with technology vendors and managed service providers in providing Security and Compliance solutions.

Overview

19
19
years of professional experience
6
6
years of post-secondary education
1
1
Certification

Work History

Senior Manager, Security and Compliance

The Walt Disney Company
Seattle, WA
09.2019 - Current
  • Managed global Security and Compliance team, that has responsibilities around Security and Compliance in Disney Enterprise and Streaming segments. Managed $10 million Security budget, across Software and managed Security services. Improved team composition, by making strong hires in cloud space - AWS, Azure and Google Cloud.
  • Part of Leadership agile team, to enforce business continuity during COVID lock-down. Collaborated with multiple stakeholders across Audit, Finance and HR functional teams on managing remediation action plans and executing Security programs.
  • Implemented Security Architecture process, to manage Security for new projects and minimize residual Security risks. Executed large Security programs to minimize aging residual Critical risks. Managed Security in hybrid environment - SAP, AWS, Azure, Google Cloud, Workday and other applications.
  • Implemented KPI for Infrastructure vulnerability and patching in Cloud infrastructure. Implemented weekly and monthly metrics across team and instituted data driven security culture.
  • Executed pre-audit programs in Sarbanes-Oxley (SOX), PCI compliance to minimize audit findings. Managed action plans in response to management audit findings. Influenced and negotiated budgets for Security and Compliance programs.

Senior Security Technical Program Manager

Amazon Web Services Inc.
Seattle, WA
10.2017 - 08.2019
  • Influenced decisions at AWS VP, Director level to dedicate development resources to identified security issues. Worked with Principal Product Managers to identify and deliver Compliance certifications for AWS services, to meet regulated Customer demand.
  • Conducted Security Architecture assessments of AWS services and worked with development teams in implementing security solutions to remediate identified gaps. Defended AWS services in FedRAMP, HIPAA, PCI, SOC, ISO and regional Compliance audits like Australian IRAP, German C5 etc. This enabled regulated customers globally to use AWS services.
  • Executed security readiness for AI services - Rekognition, Polly (Alexa Voice), Textract, Security Services - Guardduty, Macie, IoT services (Internet of Things) - IoT Core, FreeRTOS and Greengrass, Databases - Elasticache (Redis), Mobile - Amplify Console.
  • Involved in FIPS (Federal Information Protection Standard) TLS endpoint security consulting with AWS services as part of PDT and OSU region infrastructure build discussions.
  • Provided security related support to JEDI (Joint Enterprise Defense Infrastructure) AWS bid for security controls related to Hypervisor, Cryptography and AWS Network related controls.
  • Conducted Security Assessment of AWS Network Switches in Top of Rack(TOR), Aggregators and switches that connect across data centers. Reviewed AWS 'Direct Connect' related Security controls.
  • Member of IoT Security Framework working group committee and helped draft shared Security responsibility around IoT. Provided feedback on Singapore government IoT framework draft.

Vice President, Enterprise Security & Risk Manager

Comerica Bank
10.2015 - 09.2017
  • As member of Enterprise Risk Management (ERM) leadership team partnered with CISO, First Line and Second Line leadership teams in defining GRC Program Development roadmap, GRC Portfolio prioritization, Cloud Security (SAAS, PAAS, IAAS) Assurance strategy and and Security Controls implementation.
  • Worked closely with implementation partner for enterprise wide roll out of GRC solutions - Policy Management, IT Assessments, Risk and Controls Self-Assessment (RCSA), Vendor Management and Issue Management in RSA Archer Platform.
  • Experienced in RSA Archer GRC Architecture and Implementation - Access Models, Calculations, Data Driven Events, Data Feeds and APIs.
  • As part of internal 'Cloud Transformation initiative' wrote white paper on Amazon Web Services (AWS) 'Cloud Security Reference Architecture and Assurance' and used it as policy for internal AWS Cloud Security enforcement and reviewed Security controls in Cloud implementation platforms - AWS, Azure IAAS, Container, Abstracted technology platforms and Application Coding.
  • Implemented Static Vulnerability testing process based on Open Web Application Security (OWASP) in Web application and Mobile Platforms (DevOps build cloud integration).

Enterprise Security Architect

Flagstar Bancorp, Inc
06.2013 - 09.2015
  • As member of Executive Management Team, partnered with CIO, CISO and Enterprise Architecture teams in drafting IT Security Strategy roadmap.
  • Executed IT Security projects in domains of Cloud - Amazon Web Services (AWS), Mobile, Application Security and Network Security.
  • Managed projects both from Security Architecture, Project management and budget perspective.
  • Partnered and built strategic alliances with Information Security Vendors in evaluating and implementing new Security solutions.
  • Security review of IT Security operations and processes in detection and protection tools (IDS/IPS, DLP, Firewall rules, Forward proxy, vulnerability management and advanced threat protection tools.).
  • Initiated Application Security and Vulnerability Testing program based on OWASP Methodology and implemented vendor solution for Security Code reviews.
  • Created 'Security Standards' for the Security Domains - Access Controls, Cryptography, Configuration Management, Secure Coding, Network Security, Threat & Vulnerability Management and Audit Logging.
  • Evaluated Vendors for risk - Cloud hosting (AWS), Hosted Software as Service (SAAS), Infrastructure and Platform as Service (IaaS, PaaS) and Offshore Business process and offshore Software Coding vendors.
  • Performed Gap Assessment on Customer facing internet hosted web applications in Flagstar and implemented Web Application Firewall product.

GRC Manager

The Dow Chemical Company
01.2008 - 06.2013
  • Managed SAP Governance Risk and Compliance (GRC) portfolio of applications - Access Control and Process Control.
  • Managed a team of ten employees globally who were involved in maintenance of SAP GRC application& risk portfolio of projects.
  • Partnered with First and Second Line resources in managing Segregation of Duties for Sarbanes Oxley (SOX) Compliance related to business processes in Finance, Supply Chain and Purchasing operations.
  • Played Leadership role in SAP Security implementation of SAP Next Enterprise Architecture across various SAP landscapes and managing controls around Emergency Access Management.
  • Coordinated with IT department, internal and external auditors during Sarbanes Oxley IT Controls testing.
  • Created risk assessment model using ISO 27001 and COBIT internal control framework for Information Security.
  • Created change management processes in application configuration and infrastructure setup.
  • Drafted change management process, governance around existing business continuity and disaster recovery plans.
  • Implemented CIS based Security configuration using Symantec CSS product suite for Linux and Windows operating systems, Middleware, and VMware instances.

Application Security Architect

Capital One Financial Corp
01.2006 - 01.2008
  • Performed risk assessment for projects in security group and compliance projects arising as result of internal and external audits.
  • Created security architecture deliverables based on project methodology and approved projects that meet compliance based on COBIT, ISO27001 derived risk matrix methodology.
  • Implemented Security controls SOA API interfaces for externally hosted SAAS applications and HR PeopleSoft application providing Confidentiality and Integrity of data.
  • Security architect for data privacy portfolio - whole disk encryption, mobile encryption and PGP email encryption.
  • Participated in product benchmarking, vendor selection and Gartner vendor evaluation presentations.
  • Managed PCI compliance framework security controls for VISA merchant gateway and internal controls around firewall compliance.
  • Identified risks related to Identity management solution and its interfaces, and worked on access risk remediation projects in response to internal and external audit.

IT Auditor

PricewaterhouseCoopers LLP
01.2003 - 01.2006
  • Executed external IT audit for controls in ERP applications - SAP, PeopleSoft and Oracle and Identity Management Solutions - IBM Tivoli, CA Identity Manager for clients in energy sector.
  • Executed Audit planning, ground work and audit execution.

Education

Masters - Management Information Systems

Texas A&M University - Mays Business School
01.2002 - 01.2004

Bachelors - Information Technology

University of Madras
01.1998 - 01.2002

Certification

CISSP - Certified Information Systems Security Professional

Timeline

Senior Manager, Security and Compliance

The Walt Disney Company
09.2019 - Current

Senior Security Technical Program Manager

Amazon Web Services Inc.
10.2017 - 08.2019

Vice President, Enterprise Security & Risk Manager

Comerica Bank
10.2015 - 09.2017

Enterprise Security Architect

Flagstar Bancorp, Inc
06.2013 - 09.2015

GRC Manager

The Dow Chemical Company
01.2008 - 06.2013

Application Security Architect

Capital One Financial Corp
01.2006 - 01.2008

IT Auditor

PricewaterhouseCoopers LLP
01.2003 - 01.2006

Masters - Management Information Systems

Texas A&M University - Mays Business School
01.2002 - 01.2004

Bachelors - Information Technology

University of Madras
01.1998 - 01.2002

Similar Profiles

CREATE PROFILE
PRAKASH SANKAR