Summary
Overview
Work history
Education
Skills
Certification
Custom Section
Personal Information
Timeline
Generic
Manjesh Kumar

Manjesh Kumar

Bournemouth,Dorset

Summary

Cybersecurity expert specializing in cyber strategy, security architecture, and threat modelling. Demonstrated success in conducting security assessments, designing governance frameworks, and ensuring SOC readiness. Proficient in risk management, compliance, and developing cyber resilient services. Committed to enhancing organizational security posture through solutions aligned with NIST, CSA, and ISO 27001 standards.

Overview

29
29
years of professional experience
1
1
Certification

Work history

Head of Security Architecture and Assurance Services / Head of Cyber Operations

NATS
2018.03 - 2026.01
  • Drive the strategy and vision for a cyber-resilient and secure architecture roadmap, ensuring alignment with business objectives.
  • Designed and established the Cyber security Assessment vs Assurance framework for safety critical operational Services for UK and partner European aviation sector programme.
  • Present solution options to senior stakeholders through governance gates, securing agreement on a way forward and funding based on a risk-based approach.
  • Chair the European ANSPs Group, shaping the future of architecture and shared security services for collaborative security initiatives.
  • Established architectural standards to ensure consistency and reuse across the enterprise.
  • Work with Business Service and Business Continuity Groups to define Service Delivery Objectives (SDO), functional critical dependencies, and response and recovery strategies for known use-case scenarios.
  • Secure buy-in for key shared security services (e.g., PKI, crypto solutions, privileged access management, software assessment management), mapping security service gaps to the SESAR security reference architecture.
  • Provide end-to-end security risk assessments, design, threat modelling, and assurance services, including de-briefing of final solutions to senior executives and regulatory bodies.
  • Establish vulnerability management and security configuration management frameworks across NATS.
  • Lead efforts to map requirements to security controls based on the NIST framework, ensuring compliance with ISO 27001 and NIS regulatory requirements.
  • Lead and mentor a team of security architects and engineers across NATS (National Air Traffic Services) for the design, implementation, and business continuity planning of safety-critical operational activities in the SESAR program.
  • Successfully transitioned from a Big 4 consultancy model to an internal team of 20-22 security professionals, improving service quality and saving approximately £2.0 million annually.
  • Lead and manage the Cybersecurity Operations Canter (CSOC), overseeing threat detection, incident response, and 24/7 security monitoring to safeguard the organization against cyber threats.
  • Design and implement Cyber Defence Centre services, including Advanced SOC, vulnerability management, threat intelligence, and the establishment of end-to-end CSIRT processes.
  • Implement security automation and orchestration to improve response times, increase efficiency, and reduce the manual workload in the Cybersecurity Operations Canter (CSOC).
  • Lead the Security Working Group to conduct in-depth security impact assessments of new designs or change proposals, ensuring alignment with strategic objectives.
  • National Air-Traffic Service UK

Global Head – Cloud security and risk services

WIPRO
2017.05 - 2018.02
  • Designed and developed cloud security architecture in a multi-vendor environment (e.g., AWS, Azure, Oracle), tailoring security offerings specific to each cloud service provider.
  • Created templates and playbooks for cloud security assessments, ensuring comprehensive coverage for clients across various vertical domains.
  • Conducted security audits and recommended or approved architectural changes to enhance security posture and ensure compliance with industry standards.
  • Developed a cloud security governance structure to reduce business risks, enhance information security, and ensure compliance with regulatory requirements.
  • Assessed technology products for suitability using risk-based techniques and ensured robust third-party due diligence across the supply chain.
  • Set strategic direction for the IT security function in collaboration with the CISO, aligning security initiatives with business objectives.
  • Produced board-level presentations to articulate risks, mitigation strategies, and the need for investment in security controls.
  • Engaged with C-level stakeholders to understand business requirements and balance them against security risks, driving a risk-based approach to security investments.
  • Developed and implemented a comprehensive cloud security strategy and multi-year roadmap that addresses emerging threats, regulatory requirements, and organizational needs.
  • Lead the adoption of DevSecOps practices by integrating automated security tools and processes into CI/CD pipelines and leveraging Infrastructure as Code (IaC) for secure deployments.
  • Oversee the establishment and operations of a Cloud Security Operations Center (Cloud SOC) focused on monitoring, detecting, and responding to cloud-specific threats and incidents.
  • Implemented and managed a robust IAM framework and Zero Trust architecture for secure cloud access and data protection.
  • Ensure cloud environments adhere to relevant regulations (e.g., GDPR, HIPAA) and align with industry standards (e.g., ISO 27017, CSA STAR).
  • Led pre-sales initiatives in the Cyber Risk and Consulting practice, focusing on cloud security and risk services for commercial sector clients.
  • Maintained and updated information security policies, disaster recovery (DR) plans, and service continuation strategies.

Design Authority/Deputy CTO

HP->CSC->DXC
2010.06 - 2017.04
  • Delivered the MOD-wide technical reference architecture and translated it into a technical roadmap aligned with the business vision.
  • Led all major architectural design decisions related to changes in the existing architecture and the implementation of new solutions, overseeing a team of 22 architects across applications, infrastructure, security, and other common services.
  • Defined the overall conceptual, logical, and technical architecture to identify and manage technology risks and controls across UK defence business services.
  • Served as the Technical Design Authority, providing quality review and assurance of technical design decisions and running the Design Approval Board (DAB) for architecture and solution design-related changes.
  • Successfully delivered two major transformation programs involving data canter migration and the RFP process with multiple suppliers. This included overseeing software upgrades, business continuity planning, and cutover activities.
  • Designed and delivered a centralized Data Integration Hub to enable secure communication between all MOD agencies as part of the Corporate Shared Strategy (CSS) vision. The solution featured end-to-end design for bidirectional data synchronization, data and session-level encryption, guaranteed message delivery, data chunking, and restart functionality.
  • Led the technical solution design and implementation of the new AFPS15 (Armed Forces Pension Scheme) solution, including proposing technical options and recommendations for policy automation and modelling. This project resulted in cost savings of approximately £15 million for the customer and provided easier upgrade paths for future enhancements.
  • Responsible for technical solution design, estimation, technical assurance, and driving the quality gate process, ensuring development and functional configuration adherence to agreed-upon solution designs during the design phase.
  • Responsible for the security aspects of architecture and design, including system monitoring, data and access audit, data and session-level encryption during transformation and transportation, data obfuscation, network security, and certificate management.
  • Designed, planned, and governed all aspects of data, application, technology, and security architecture, ensuring compliance with organizational standards and best practices.
  • Managed business stakeholders through weekly briefs on planning activities, ensuring they were informed of any gaps, progress, and enterprise-wide activities or deviations.

Design consultant (Org split)

2010.01 - 2010.05

Lead Solution Architect (SDLC implementation)

University of Southampton
2006.04 - 2009.11

Oracle ERP (EBS CRM) Architect

First-Assist Insurance
2003.12 - 2006.03

Application Performance tuning consultant

Voluntary Health Insurance
2001.04 - 2003.11

Founder/Customise ERP solution developer

Orbic Solutions
1998.07 - 2001.03

High-end Front-End tools and Technologies Trainer

ASSET International
1997.07 - 1998.06

Education

MSC - Advanced Cyber

King's College London
London

Skills

  • Cyber strategy and roadmap
  • Security Assessment
  • Security architecture
  • Threat modelling
  • Security Assurance
  • Security Design governance
  • SOC design and readiness
  • Risk & Compliance
  • Cyber Resilient Service Design
  • Cyber capability Design in (Hybrid deployment)
  • SOA Architecture
  • NIST
  • CSA
  • ISO 27001
  • IT Strategy & Change
  • Vendor Relationships
  • Supplier assurance and Audit framework design

Certification

  • CISM, ISACA, 1632737
  • CISA, ISACA, 20167349
  • CCSK, CSA, UnwobEzeUDtL4psx5g4JgBrQ
  • TOGAF, The Open Group
  • SCJP, Sun certified Java developer, expired
  • SCWCD, Sun certified web component developer, expired
  • C/C++, Brainbench certification, expired
  • OCP developer, expired
  • OCP 9i DBA, expired
  • MCSD, Microsoft certified solution developer, expired

Custom Section

  • Cyber strategy and roadmap
  • Security Assessment
  • Security architecture
  • Threat modelling
  • Security Assurance
  • Security Design governance
  • SOC design and readiness
  • Risk & Compliance
  • Cyber Resilient Service Design
  • Cyber capability Design in (Hybrid deployment)
  • SOA Architecture
  • NIST / CSA/ISO 27001
  • IT Strategy & Change
  • Vendor Relationships
  • A framework design for Supplier assurance and Audit

Personal Information

Title: Head of Cyber Security for Safety-critical Operational Systems

Timeline

Head of Security Architecture and Assurance Services / Head of Cyber Operations

NATS
2018.03 - 2026.01

Global Head – Cloud security and risk services

WIPRO
2017.05 - 2018.02

Design Authority/Deputy CTO

HP->CSC->DXC
2010.06 - 2017.04

Design consultant (Org split)

2010.01 - 2010.05

Lead Solution Architect (SDLC implementation)

University of Southampton
2006.04 - 2009.11

Oracle ERP (EBS CRM) Architect

First-Assist Insurance
2003.12 - 2006.03

Application Performance tuning consultant

Voluntary Health Insurance
2001.04 - 2003.11

Founder/Customise ERP solution developer

Orbic Solutions
1998.07 - 2001.03

High-end Front-End tools and Technologies Trainer

ASSET International
1997.07 - 1998.06

MSC - Advanced Cyber

King's College London
Manjesh Kumar