Ram Sundar

As the Director of Security and Compliance at SCOR Digital Solutions a FinTech organization part of the SCOR reinsurance group, in the Netherlands, I am responsible for ensuring the overall cyber, information security, data protection and Compliance of products developed across 30 different entities in APAC, EMEA, US and Latam. With my expertise in both cyber and information security, I successfully lead the company to maintain a strong, secure and compliant digital presence providing strategic leadership and execution.

• Provided strategic direction to secure by design workloads deployed in public cloud environments such as GCP, Azure, Alibaba Cloud and AWS
• Developed roadmap and guide overall cyber/information risk management and remediation
• Steer security & compliance discussions, priorities with various business, IT Directors/Leaders
• Strong stakeholder management by working with business, tech and entity level Executives, SMEs to drive forward the overall security strategy
• Developed & rollout information, data, AI, cloud, endpoint & software security policies
• Setup & manage security incident response and resolution process and tools
• hybrid SOC / SIEM (MS-Sentinel) from a Greenfield environment with central monitoring, scanning on network, infrastructure, endpoints, cloud, application, data environments across entities
• Provide assurance by attending client, statutory, supervisory, certification audits
• Setup central threat intelligence & management including phishing, ransomware, DDoS protection, data exfiltration
• Chaired Security architecture review to ensure security by design
• Oversee 0365, Azure security & compliance – MS Defender, Purview/information protection, co-pilot security, Intune management
• Devised strategy and deployed central SIEM solution using MS-Sentinel (log sources from Elastic, Imperva, Wiz, Snyk, Cloud logs, Defender, Cortex, Azure Entra, MS Native logs, CATO, Cyberark,etc) and hybrid SOC monitoring for malicious events,
• Overall responsible for securing network, platform, applications, data
• Devised strategy and setup for central vulnerability management – identification and detection of critical vulnerabilities and remediation
• Overall management of incident response and recovery process especially data breaches
• Delivered on ISO 27001, PCI DSS, SSAE, SOC2 compliance
• Overall steer for network security requirements such as firewall management, IDS/IPS, DLP, CASB using state of the art SASE framework for endpoints, cloud, branch, office locations.
• Devised overall strategy for being compliant to data protection requirements such as GDPR, DORA, NIS2, HIPAA, ISO 27001, SOC 2, PCI DSS
• Ensured Third party security & compliance
• Created and managed winning teams by direct team managment mentoring and coaching new, junior staff – Cloud Security Engineers, Compliance Officer and DevSecOps Engineer

Achievements

• Centralized security policy, process, tooling, control and KPIs from a de-centralised environment across entities, markets and technology
• Setup Security Governance Steering Committee that includes entity management, Leadership, risk
• Instrumental in ensuring security by design & operations on modern Kubernetes containerized platform hosting production critical workloads
• Devised AI security & compliance policy providing user awareness in line with EU AI Act requirements
• Rolled out strong KPI driven reporting on security and compliance topics
• Reviewed over 50 client contracts to standardize security/compliance commitments and provide periodic sense of assurance back to clients

As the Security Lead at Leaseplan Digital, a FinTech as part of Leaseplan Global, I was responsible for leading the security strategy for all business entities in 28 different countries and ensure overall security risks are managed and data protection for central products and solutions in driving the Car-as-a-Service and banking services. This role required strong knowledge of industry regulations and best practices, as well as the ability to develop and implement effective security strategies.

• Cross collaborated and partnered with Director, Heads of IT, Infrastructure and Security Officers across 28 different locations to drive central security strategy.
• Evaluated and incorporated security requirements within Azure and AWS cloud deployments for the Next Generation Digital Architecture including application and workload security.
• Validated security posture of critical applications and sensitive data to plug loopholes.
• Streamlined the incident response and security monitoring & logging process.
• Carried out security scanning on platform, applications both internal and external.
• Partnered with security vendors to roll out the right security solutions.
• Setup a team from scratch to conduct security scanning, monitoring and testing as well as the managed SOC/SIEM environment (using Splunk).
• Setup the cyber risk management process to identify, assess security risks and remediate based on criticality
• Evaluated data protection requirements based on GDPR, DORA
• Recruited, setup objectives and managed teams directly that included Risk Officers, Cloud Security specialists, DevSecOps Engineers, Operations Security experts and consultants.

As part of the Global Information Security team, I was responsible for managing security requirements of the IT infrastructure & applications

• Provided security requirements for IT infrastructure that included network, servers, data centers, applications and internally managed private cloud environments
• Reviewed 30% of firewall rules, access, policies periodically
• Participated in 5 security architecture review board to approve infrastructure changes
• Carried out overall 25 critical vendor third party security audits
• Written down 12 security policies, process for incident response, SOC/SIEM monitoring, vulnerability management, data encryption, data access, Business continuity planning by working with various stakeholders
• Strong stakeholder management across various entities

• As part of the Global Security and Compliance team, worked in specific areas such as network security, endpoint security and application, data security through cross collaboration with various stakeholders
• Reviewed over 100 firewall rules as part of periodic operational review. Setup VPNs, IPS/IDS management to enhance network security
• Consolidated and ingested over 15 data sources for security logs centrally
• Initiated centralized vulnerability scanning and remediation
• Worked with vendor contracting process to carry out due diligence as well as onboarding of vendor solutions using OneTrust GRC module