Santanu Roy

- Led the design and implementation of Bank's enterprise-wide security architecture, improving overall security posture by 40%.

- Conducted risk assessments and vulnerability analyses, providing actionable recommendations that reduced security incidents by 30%.

- Developed and enforced security policies and procedures, ensuring compliance with regulatory standards such as APRA, and PCI-DSS.

- Collaborated with Bank's other IT and engineering teams to integrate security solutions into cloud environments (AWS, Azure, Google Cloud), enhancing data protection and access controls.

- Managed security architecture for multi-tier applications, including network segmentation, firewall configuration, and intrusion detection/prevention systems (IDS/IPS).

- Provided leadership and mentorship to junior security professionals, fostering a culture of continuous improvement and knowledge sharing.

• Successfully led multiple transformation programs for NBN Australia, focusing on active network security and cloud security adoption projects and reduced security breach attacks by 45% on NBN network
• Designed and developed NBN cyber security strategy and roadmap with appropriate controls, security patterns and guidelines to NBN Co as per Government regulations
• Performed threat & vulnerability assessment for various critical NBN systems and applications and made recommendations for business case
• Performed risk assessment and security assessment for existing legacy system to migrate to SaaS solutions
• Implemented security controls, risk assessment framework, and program that aligned to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances NBN business objectives
• Evaluated risks and developed NBN security standards, procedures, and controls to manage risks
• Implemented processes, such as GRC (governance, risk, and compliance), to automate and continuously monitor information security controls, exceptions, risks, testing
• Defined and documented business process responsibilities and ownership of the controls in GRC tool
• Performed and scheduled regular assessments and testing of effectiveness and efficiency of controls and created GRC reports
• Provided remediation guidance and prepared management reports to track remediation activities

• Designed and implemented security solutions for a variety of clients, including financial institutions, healthcare providers, and government agencies.
• Conducted security audits and penetration testing, identifying and mitigating vulnerabilities in applications and network infrastructures.
• Implemented and managed security information and event management (SIEM) systems, improving incident detection and response times.
• Worked with development teams to incorporate security best practices into software development lifecycle (SDLC) and DevOps processes.
• Coordinated with external auditors and regulatory bodies to ensure compliance with security frameworks and standards.

• Worked on Driving License system security projects for Victoria State Govt in Australia.
• Assessed and delivered VicRoads DLS systems remediation strategies for critical security gaps, including incident response, risk assessment, data encryption, and identity and access management.
• Coordinated and assisted in internal and external Cyber Security reviews, assessments, penetration tests, and audits.
• Provided consistent support to product development.
• Designed, and implemented information security policies & controls to ensure the confidentiality, integrity, and availability of VicRoads driving license system

• Worked on RACQ Bank's Cloud migration project and their IAM initiative
• Designed and developed new solutions for security services with a focus on Federation, Governance, Identity or Access Management
• Provide security services in vulnerability assessment, penetration testing and threat detection
• Designed and implemented Single Sign on Solutions using market leading products with industry standards like SAML 2.0, WS Federation, OAUTH
• Developed best practices defined by Vendor, Regulatory, Compliance and Corporate policies
• Managed, troubleshooting of CyberArk PVWA, CPM, PSM, EPV (Vault), AIM & DNA scans
• Maintained and developed Cyber Security Controls: Governance, Policies, Procedures, Standards and Registers

• Worked on Australian Government API security projects under MyGov initiatives to bring multiple departments under one platform increasing security posture by over 60%
• Developed, and matured MyGov’s API security, policies, standards and practices
• Inducted as a key member of the security leadership team driving the API Security Architecture for the enterprise wide implemenation
• Increased Government's operational efficiency and reduced call time by 40% through automation