Ajay Ganesh

Experience

• 

  Accenture

  Jul 2014 - May 2016

  Software Engineer

  1. Accenture Life Sciences Cloud, Validation Tester- Module-lead for a team of five members and the single point of contact in analyzing and finalizing the requirements with on-shore Business Analyst. - Roles include identifying and creating test data as well as drafting test scenarios and test cases for multiple modules. - Managed Defects by handling Defect triage call with various teams. - Additional responsibility includes performing peer and lead review of Test cases as part of Quality Assurance. 2. Clinical Data Repository, Business Analyst- Designed and developed user personas for implementing "Role Based Access Control (RBAC) using an access entitlement matrix by following the principle of least privileges. Show less

• 

  Deloitte

  Apr 2017 - Jun 2017

  Management Intern

  1. Enhanced the Cyber Wargaming delivery process for improving cyber preparedness for clients and tested the wargaming platform for its intended design and functional requirements based on various security controls including identity and access management (E.g., user access privileges). 2. Developed user-friendly guides, prepared list of observations and provided recommendations for improving the user experience. 3. Developed cyber wargaming scenarios and story lines for war games by considering various threat actors, attack vectors and crown jewel targets of the industries. Show less

• 

  Deloitte

  May 2018 - Apr 2022

  1. Established a compliance program to design, implement and validate controls on a cloud platform to meet the Service Organization Controls (SOC 2) Trust Services Criteria.- Primary point of contact and liaison between Engineering teams and Auditors- Audit Findings and Reporting- Executive reporting and stakeholder management- Gap remediation and successful implementation2. Developed Threat Library comprising of leading threats and risks for a cross-industry initiative by incorporating attack vectors from MITRE ATT&CK framework and other leading industry standards and regulations. Show less 1. Developed policies, standards and procedures based on NIST and ISO standards for multiple Life Sciences and Healthcare (LSHC) multinationals based out of the US region.2. Performed risk assessment based on HIPAA regulation by assessing multiple entities across various jurisdictions.- Prepared an executive summary report highlighting the findings and recommendations- Developed a quantifiable risk summary focusing on prioritized list of security domains- Identified potential areas of improvement by defining program initiatives- Developed an implementation roadmap highlighting strategic and tactical activities grouped per logical workstreams3. Conducted multiple workshops to understand and assess a client's cloud migration strategy- Assessed cloud readiness against CSA CCM best practices- Refined cloud strategy for multi-year workload migration initiatives- Developed an integrated blueprint for acquiring third-party vendors and solutions into the broader cyber tooling ecosystem Show less 1. Developed an Integrated Controls Framework by rationalizing and harmonizing requirements from leading industry standards and regulations such as ISO 27001, ISO 27017, ISO 27018, HIPAA, PCI DSS, CSA CCM, NIST CSF, and NIST 800-532. Implemented a Change Management Program by revamping client's existing service management processes based on leading ITIL best practices.- Developed an inventory of assets- Developed process flows based on the updated process- Updated the universe of policies and procedures on service management- Provided a cost estimate based on vendor analysis of potential tools Show less

  • Lead Solution Advisor

    May 2021 - Apr 2022

  • Solution Advisor

    Jun 2019 - Apr 2021

  • Associate Solution Advisor

    May 2018 - May 2019
• 

  PwC Nederland

  May 2022 - now

  1. Cyber in Mergers & Acquisitions- Developed key strategic cyber capabilities during the M&A Deals cycle- Advised and supported clients through implementation of cyber technologies navigating through dependencies during carve-out phase- Developed operating models and target state blueprint post integration on how the combined cyber focussed organization- Developed roadmaps focussed on key cyber initiatives in line with the business risk appetite and market risks2. ISO 27001 Certification Audits- Led planning through execution of ISO 27001 audits against both the 2013 and 2022 version of the standards- Managed stakeholders through effective planning and proactiveness- Audited the ISMS for clients across various industries including but not limited to Aviation, Telecom and Technology.- Coached and mentored junior auditors to improve on information security knowledge3. Cyber Crisis Strategy and Operations- Established cyber crisis management governance program to help clients improve cyber risk response strategies and preparedness- Developed an operating model to help C-level executives engage and take decisions- Improved the communication strategy to effectively connect with internal and external stakeholders in the event of a cybersecurity crisis4. Cybersecurity Risk Management and Control Implementation- Delivered a cybersecurity enhancement program for a client to align per cybersecurity controls framework- Conducted workshops with business owners to educate and help implement security controls to protect against cyber attacks- Improved application security and compliance process in the DevSecOps cycle through 'security-first' culture- Cross-border data transfer regulatory requirements Show less 1. Risk assessments and maturity assessments- Performed risk assessment to evaluate against industry best practices and threat landscape- Developed curated recommendations to implement measures and improve security posture- Present C-level executives on the cyber maturity and advise on quick-wins and implementation measures.2. Project Management- Served as a team lead and PMO for a large scale cyber security transformation program- Identified risks and dependencies to highlight to the stakeholders during SteerCo- Improved progress in the operations through tactical adjustments and onground enhancements of existing resources (people and cost)- Third party risk management Show less

  • Cybersecurity Manager

    Oct 2023 - now

  • Senior Associate - II

    Apr 2023 - Oct 2023

  • Senior Associate

    May 2022 - Apr 2023