Summary
Overview
Work History
Education
Skills
Certification
Training
Timeline
Manager
SARAVANAN THIAGARAJAN

SARAVANAN THIAGARAJAN

Summary

A dedicated and results driven Information Risk & Cyber Security professional with 12+ years of experience. Played critical roles in leading global projects across various industry sectors. Proven ability to build strong relationships of trust with customers and other stakeholders. Good in problem-solving, decision-making, leadership and communication skills, work in collaborative & ownership driven working style.

Overview

21
21
years of professional experience
5
5
Certification

Work History

Security Officer

ASML (TCS Contract)
07.2024 - Current
  • Support ASML & TCS in Ransomware, ISO 27001/NIST Internal/external audit, Vulnerability and patch management activities focusing on Network Security.

Application Security Specialist

ABN AMRO
10.2024 - 03.2025
  • Assessed information security risks for cloud integrations Azure and AI applications, ensuring alignment with organizational risk appetite and contributing to secure cloud architecture design.
  • Conducted security reviews of SaaS and COTS applications, including API security and aggregated risk assessments.
  • Evaluated AI/ML systems and data pipelines for privacy compliance, model integrity, and resilience against adversarial threats.
  • Led DORA (Digital Operational Resilience Act) compliance assessments for SaaS platforms, focusing on ICT risk management, third-party dependencies, incident response, and operational resilience testing.
  • Performed gap analyses to identify areas for improvement in vendor risk, ICT continuity, and incident management.
  • Collaborated with cross-functional teams to align security controls, SLAs, and governance with DORA requirements, supporting documentation and audit readiness.

ISMS Lead Implementor, Senior Cyber Security Expert

DSM-FIRMENICH
06.2022 - 06.2024
  • Role is to implement an Information Security Management System (ISMS) in alignment with NIST 2.0 and assist in achieving ISO 27001 certification within a three-year timeframe.
  • Responsible for overseeing the ISMS team, assuming the roles of a project manager and consultant and closely collaborate with vendors, business units, and the corporate security team.
  • Utilize the IT Trust process to execute Vendor Security Risk Assessments, ensuring a comprehensive evaluation of vendor risks utilizing SOC 2 reports and evidence based.
  • Prioritized significant risks and translated them into the business context and work with legal and sourcing to amend contracts.
  • Assess information security risks for new cloud integrations (AWS, Azure) and AI applications to ensure alignment with organizational risk appetite and support for cloud architecture reviews.
  • Evaluated AI/ML systems and data pipelines for privacy, model integrity, and adversarial threats
  • Implement follow-up actions to address identified security challenges effectively, in line with the workflow IT Trust tool.
  • Develop IT and OT cyber security policies, security standards and guidelines for the recently merged organization.

Data Privacy Project Manager, GDPR Advisor & ISMS Internal Auditor

Ericsson Telecommunications / Red Bee Media
01.2018 - 05.2022
  • Responsible for end-to-end GDPR Implementation across all Red Bee Media locations.
  • Provided support in the implementation of ISMS, preparation for external audits, and privacy by designing projects for effective management of security and privacy risks. Supported Group privacy team in implementation One Trust privacy assessment tool.
  • Defined and developed metrics to report and presented to Leadership team on security and privacy risks and help to make informed decision.
  • Performed cyber security and Third-party risk management, Controls, and assurance check to mitigate risks.
  • Review supplier and third-party contracts from security aspect and assurance point of view.

Security Project Manager

Accenture Technology Consulting
05.2015 - 12.2017
  • Responsible for managing IT cyber security consulting projects from start to finish following project management methodology, liaising with the PMO to ensure proper completion of project parameters, and communicating regularly with teams, leaders, and clients.
  • Developed the ABB Risk management project's project plan, estimation, and resourcing.
  • Supported and guided the team in developing a risk management framework for their organization, including, developing a risk management policy, process, risk register, risk taxonomy, and risk scenario. (With a focus on IOT and IIOT risks).
  • Worked closely with the CISO and risk management head, defined required roles and established an IRM governance body.

Data Privacy / GDPR Advisor

Shell
05.2015 - 12.2017
  • Inform, advise, and issue recommendations to the Company regarding compliance with data protection laws including GDPR, and Company policies and guidelines with respect to data protection.
  • Performed GDPR gap analysis in business and IT and OT processes, systems, procedures, and controls, resulting in a gap analysis summary report as an initial deliverable in accordance with GDPR requirements.
  • Assisted in the determination and implementation of privacy and security requirements for new business and technology projects, as well as ensuring that adequate policies, procedures, and controls comply with privacy laws, regulations (GDPR), and policies.
  • Collaborated with the contracts and procurement teams to review joint venture and third-party contracts for the adequacy of security, Data Protection and privacy clauses in contracts and privacy notices in accordance with GDPR.

Senior Information Security Risk & Controls Lead

Shell
05.2015 - 12.2017
  • Led and performed Legal & Regulatory cyber security assessments using the Archer GRC tool, which entails collaborating with business, IT, and central IRM to assess, apply baseline & relevant IT/OT Controls Risk Profile (remediation plans) for applications in scope for Competitively Sensitive Information, Intellectual Property, Trade Controls, Records Management, and Data Privacy (Privacy impact assessment, and E-Discovery).
  • Led projects to enhance supply chain security and third-party risk management, defining scopes, deliverables, and timelines. Conducted risk assessments, implemented security measures, and collaborated with teams to allocate resources effectively.
  • Conducted joint venture, third-party information sharing, and cloud risk (cyber security assessments) with Archer GRC by engaging with sponsors and contracts to ensure proper security controls when providing company data to service organizations or cloud providers.
  • Identified and managed compliance, operational, financial, and reputational risks through training, advice, testing, and compliance monitoring.

Security Solution Architect

Shell
05.2015 - 12.2017
  • Analyzed, assessed & advised clients on process and technologies; defined a roadmap for successfully implementing security solutions.
  • Developed strategies for the customer to improve their overall cyber security program (Splunk, Tanium, Palo Alto, CyberArk).

Sr. Information Risk/Controls Analyst

WIPRO Technologies
01.2006 - 04.2015
  • Led and conducted risk assessments using a risk-based approach for both Business Critical (BC) and Non-Business Critical databases, devising remediation plans to align with baseline, SOx attestation, and Audit requirements from a security and risk perspective.
  • Developed control procedures and evaluated their operational and design effectiveness.
  • Conducted compliance monitoring and audits for IT controls.
  • Assisted in the onboarding of applications and databases onto the Cyber Defense platform for enhanced log monitoring.
  • Evaluated Security Architecture, established Security Processes, and authored comprehensive standards, guidelines, and procedures.

Business Analyst & Project Test Manager

Shell Netherlands
01.2006 - 04.2015
  • Identity Management Service (IMS), which is a key component in Shell’s approach to Identity and Access Management (IAM). ILM (Microsoft Identity Lifecycle Manager) product used for an accurate repository of Identity information about individuals like Shell employees, Joint Venture, Contractors & External Business Partner users that have a working relation with a company.
  • Tools/Software- ILM 2007, Active Directory, SQL Server 2005, SharePoint server, DRA tool
  • Business Analyst
  • Performed gap analysis & information gathering exercise to compare the existing system with the proposed system and documented new requirements and features.
  • Engaged with business owners to gather Business & Technical requirements for the Employee, Joint venture and Contractor Solution as part Shell Identity and Access Management Programme.
  • Identified & analyzed to defined opportunities for business process improvement, documented business processes and initiated efforts to make improvements.
  • Project Test Manager
  • Responsible for overall test management activities for Identity Management services (Synchronization & Publishing Layer).
  • Prepared Detailed Test Cases (functional), traceability matrix based on business requirements and design documents.
  • Responsible for all the test related reports like UAT & Integration closure report.
  • Managed test cases and defects via HP quality center tool.

Security Consultant

ING
01.2006 - 04.2015
  • The Application Assessment project entailed conducting an exhaustive security evaluation of critical ING Information Systems. Utilizing a risk-based methodology, the aim was to guarantee adherence to diverse regulatory and legal standards, encompassing Data Privacy and SOx compliance.
  • Identified and safeguarded Personal Identifiable Information (PII) and sensitive financial data within customer applications, aligning with GLBA Data Privacy framework.
  • Engaged in interviews and collaboration with Business Owners, Technical, Functional teams, and Integrated Risk Management (IRM) stakeholders.
  • Customized security baselines tailored to specific environments and application types, ensuring thorough assessment scoping.
  • Secured sign-off from application owners, service managers, and stakeholders through insightful presentation of findings and actionable recommendations.

Security Architect

ING
01.2006 - 04.2015
  • Security testing for internet banking application secure SDLC - OWASP, OSSTM
  • Delivery management of project deliverables from application security team, process compliance, day to day team activities and planning.
  • Secure Design Review of various modules including Threat Modelling analysis.
  • Prepared project specific security Checklists, Penetration testing methodology documents and client deliverables like detailed test plan.
  • Setting up of Security process at the offshore development center.

IAM Test Lead

ING
01.2006 - 04.2015
  • TAM components - Policy server, Webseal, SMS, Common Auditing and reporting service using manual and script methods, IBM DB2 8.2 in a partitioned HACMP Cluster Environment.
  • Implemented IBM Tivoli Access Manager (ITAM).
  • Developed test strategy, Detailed and High-level test cases for overall IDAM Project.
  • Responsible for overall test management activities & prepared guidelines for System Testing for testers.

Ethical Hacker and Penetration Tester

Hewlett Packard Global Soft
01.2004 - 12.2005
  • Managed Vulnerability Assessments, Penetration testing (Network and web), Application Security Audits, Database and wireless security assessments following OWASP and OSSTM methodology, framework for Fortune 100 clients by Security analysis across technical, functional and managerial aspects.
  • Presented detailed report consisting of mitigation strategies and recommendations for the vulnerabilities and trained Information Security Professionals in Ethical Hacking.

Education

Bachelor of Computer Applications -

University of Madras
01.2003

Skills

  • Governance, Risk, and compliance
  • Third party Risk Management
  • Information Security Audit
  • Incident Response
  • Cloud Security, Application Security
  • Vulnerability Assessment
  • Project Management
  • IT, OT & Cyber Security
  • Network Security

Certification

  • CDPSE – Certified Data Privacy Solutions Engineer. 2023
  • One Trust - Certified PMP, GRC solutions expert, data subject request expert.
  • ISO 27001:2013 – Certified Information Security Lead Implementer . 2019
  • ISO 27001:2013 – IRCA Certified Information Security Lead Auditor professional. 2019
  • CISM – Certified Information Security Manager from ISACA. 2014
  • CISSP – Certified Information System Security Professional from (ISC)2. 2012
  • E|CEH – EC-Council Certified Ethical Hacker from EC-Council. 2008
  • CCNA – Cisco Certified Network Associate from Cisco. 2008
  • MCSE – Microsoft Certified System Engineer from Microsoft. 2005

Training

  • Preparing for CIPM and CIPP-E – (IAPP member).
  • Preparing for CCSP (Cloud Security Certification).
  • Attended ISA/IEC 62243 Cyber Security Risk Assessment Specialist.
  • SCF – Attend SABSA Chartered Security Architect – SABSA Institute.

Timeline

Application Security Specialist

ABN AMRO
10.2024 - 03.2025

Security Officer

ASML (TCS Contract)
07.2024 - Current

ISMS Lead Implementor, Senior Cyber Security Expert

DSM-FIRMENICH
06.2022 - 06.2024

Data Privacy Project Manager, GDPR Advisor & ISMS Internal Auditor

Ericsson Telecommunications / Red Bee Media
01.2018 - 05.2022

Security Project Manager

Accenture Technology Consulting
05.2015 - 12.2017

Data Privacy / GDPR Advisor

Shell
05.2015 - 12.2017

Senior Information Security Risk & Controls Lead

Shell
05.2015 - 12.2017

Security Solution Architect

Shell
05.2015 - 12.2017

Sr. Information Risk/Controls Analyst

WIPRO Technologies
01.2006 - 04.2015

Business Analyst & Project Test Manager

Shell Netherlands
01.2006 - 04.2015

Security Consultant

ING
01.2006 - 04.2015

Security Architect

ING
01.2006 - 04.2015

IAM Test Lead

ING
01.2006 - 04.2015

Ethical Hacker and Penetration Tester

Hewlett Packard Global Soft
01.2004 - 12.2005

Bachelor of Computer Applications -

University of Madras

Similar Profiles

  • Bhaskar Bantupalli

    Bhaskar BantupalliBhaskar Bantupalli

    ServiceNow Consultant / Developer at ASML (via TCS)ServiceNow Consultant / Developer at ASML (via TCS)

  • Niklesh Sekar

    Niklesh SekarNiklesh Sekar

    Scrum Master at ASMLScrum Master at ASML

  • Umar F Rufai

    Umar F RufaiUmar F Rufai

    EUV System Integration Engineer at ASMLEUV System Integration Engineer at ASML

  • Karna Chand

    Karna ChandKarna Chand

    Security Officer / Arm /Unarmed Security Officer at Hawain Garden CasinoSecurity Officer / Arm /Unarmed Security Officer at Hawain Garden Casino

  • LARRY PORTER

    LARRY PORTERLARRY PORTER

    Associate Chief Security Officer/Information Systems Security Officer at Federal Bureau of Investigation, FBIAssociate Chief Security Officer/Information Systems Security Officer at Federal Bureau of Investigation, FBI

CREATE PROFILE
SARAVANAN THIAGARAJAN