Subbu Ganapathy
Huddersfield,West Yorkshire
Summary
A competent and dedicated Security Certified Secure By Design Lead, Prince 2 Practitioner PM, a Certified Scrum Master (CSM), Product Owner (CSPO) professional associated with the Banking, Insurance, Financial Services Industry with over 24 years’ extensive experience in delivering IT, Business Change and Cyber Security full life cycle projects including Security Design Assessments covering Legal, Regulatory, Mandatory (LRM) and strategic product launch. Is commercially astute and has the ability to work with stakeholders at all levels and turn proposals into reality. Especially successful in management roles that demand rigor, a high level of drive and commitment for delivering business outcomes in both Change and Transformation programmes.
Overview
25
25
years of professional experience
1998
1998
years of post-secondary education
1
1
Certification
Work history
Secure By Design Lead
MUFG Bank Ltd
London
11.2023 - Current
- Led security reviews for in-house and third-party technology solutions
- Collaborated with Security Architects to embed security requirements in projects
- Led secure by design initiatives aligning with GDPR, FFIEC, and EBA ICT controls
- Managed 3rd party due diligence assurance reviews
- Collaborated with Head Office Cyber Security Team in Tokyo for due diligence completion
- Led Secure By Design initiatives for in-house and cloud services
- Produced risk treatment and control remediation reports for Senior Management
- Directed Secure by Design initiatives and risk management procedures
- Acted as Lead single point in contact to support the Internal Audit process
- Worked with external vendors to assist in penetration testing alongside security architects
- Led Secure By Design assessment for O365
- Led security risk assessments for in-house, vendor, and third-party technology projects
Technical Delivery Manager - Cybersecurity Program
MUFG Bank
London
03.2023 - 10.2023
Secure By Design SME
MUFG Bank
London
02.2020 - 02.2023
Niche Application and Infrastructure Security Project Manager
Lloyds Banking Group
London
06.2018 - 10.2019
- Delivered OB for regulatory deadline of January 2018 at LBG
- Led Agile-at-Scale Payment Services Directive 2 (PSD2) Programme
- Collaborated with Technical Architects to define infrastructure and architecture needs
- Security Design Assessments (SDA) working closely across all OB functions (Payments, Account Information, Auth & Fraud, Commercial) that governs an appropriate level of security involvement across design, testing, & implementation thus providing assurance to the Security Execs in Digital SOCI, IT Cyber Security, & Cyber Security Operations (CSO) that the IT change meets the required level of mandatory IT Security requirements & Enterprise Architecture Security standards & patterns
- OCSP logging capability within IT working with Digital SOCI (Security Operations and Change Implementation) Akamai, Web Application Firewall (WAF) team and coordinating the testing with the OB labs
- Infrastructure Security Logging & Monitoring ensuring OS audit logs for the newly deployed servers are on-boarded to Security Information and Event Management (SIEM) monitoring tool sets
- Infrastructure Privilege Access Controls (IAM) ensuring newly deployed Unix servers are locked behind CyberArk & that the non-user specific accounts use CyberArk Enterprise Password Vault
- Infrastructure Security & Compliance ensuring new domains added on Network Landing Zone (NLZ) are tested for DDoS working with Akamai
- Infrastructure Vulnerability & Compliance scans including reporting for all new devices and changes to the existing devices
- Programme Threat Model coordinating the delivery with the GDS (Global Data Science), Security Architects, Security Engineering, NCC Penetration Testers and Open Banking labs, clearly highlighting the preventive controls required to be delivered for securing the channel
- Threat scenarios, the threats & threat events coordinating with CSO for which preventative controls can’t be delivered by the Agile labs, so such residual risks can be dealt with & alerted appropriately for the BAU to stop the threat occurring
- WAF policy reviews to protect OB channel against application layer attacks
- Digital Footprint Governance working with SOCI ensuring the OB changes to Digital assets are aligned to Group principles
- Application Vulnerability Scanning (Static Application Security Testing - SAST & Dynamic Application Security Testing – DAST) using Veracode, Nexus IQ, ZAP
- Service Introduction (front door assessments) for all infrastructure changes such as installation of new VM’s, upgrades, patches, disaster recovery plan (aligned to business continuity plans) working with SI Manager, F5, Unix, DataPower, Technical Architects, OB Environments, Release, User Acceptance and Implementation teams
- Penetration Testing and secure code reviews working with 3rd party NCC teams on all new and changed API’s, web and mobile applications that are in scope as part of sprint
- Gap Analysis for Test Facility (Forge Rock – 3rd party) & Sandbox looking at the Groups CAT C requirements catalogue and assisted Business Unit Control Function (BUCF) partners to complete their Programme Risk Scoring Exercise
- LBG was the only major UK bank to deliver its OB to the regulatory deadline of Jan 13, 2018 under LBG’s Digital’s £200m p.a
- Agile-At-Scale Payments Service Directive (PSD)2/ OB Programme
Senior Project Manager
Lloyds Banking Group
Edinburgh / Leeds
05.2015 - 02.2018
- E-commerce Delivery Systems Manager (DSM) on following projects:
- Scottish Widows Protect (SWP) project, where I was accountable for delivering £5M worth eC change that launched protection products to the IFA market providing portal access
- Lead a team of 30 + permanent, contract and offshore staff located in Edinburgh, Bristol, and Chennai for delivery of high quality and cost-effective e Commerce solution for market leading Scottish Widows Protection product using Java, .Net & Microsoft technologies including ESB & Infrastructure changes
- IT PM e2e delivery responsibility on the following Protection projects:
- P4L Automation
- Re-Insurance Protection
- Delivered Marriage Tax Allowance & GAD Rate Change – Annuities & Drawdown Products (LRM) and Customer Age 75 projects:
- IT PM on Scotland Act – Pension Products (LRM):
- Tracking delivery progress with stage gate deliverables, ensuring key deliverables are populated in CMT and ensuring that right level of governance is applied
- Financial tracking, monitoring, and forecast costs in Clarity PPM system
- Support the business PM’s in Business Case production and responsible for presenting the business case to HoPD, CIO delivery team, Group IT Finance Managers, and Group IT before the IPAC approval and confirm back to business that Group IT accepts accountability and responsibility for the delivery
- Raising ERF’s/ negotiating and updating 3rd party contracts and finally raising PO for 3rd party supplier on external costs on the back of the invoice
- Delivered projects using in-house capability, partner resources, and 3rd party resources
- Using the Change Governance Approach (CMA) managed risks / issues / dependencies through CMT and kept CMT up to date
- Key project indicators and exceptions reviewed on a regular basis and provided a consolidated view of the status, progress, costs, risks, and issues across all work streams / work packages with Programme Manager & HoPD as appropriate
- Regular stakeholder communications with Project Sponsor, HoF Protection Pricing and Annuities, Senior Actuary Analyst, IT and Business Programme Managers, HoPD, Release Managers, Underwriting Manager, Marketing Manager, Group Finance, Insurance Operations Business Delivery, Business Delivery Consultants, Customer Operations as appropriate
- Engaged the Service Delivery (SD) Infrastructure team to complete the Web Application Security Assessment to identify security issues as the Scottish Widows Protect (SWP) development allowed 3rd party IFA’s and internal UK Wealth to obtain Protection Life Insurance product quotes and sell proposition that could negatively impact LBG reputation
- Engaged with SD Storage and Middleware team to deal with slow response times of FIREFOX browser whilst working on SWP project
- Delivered Proof of Concept successfully on the P4L Automation project working with the Solution Architect, SD Oracle Database Administrator, and ALIS Data stage SME’s to ensure that fairly huge premium rate tables are copied, dropped and loaded within the 6.5 hrs available time window
Business Change Project Manager
Capita Life and Pensions Services
Isle of Man – Douglas
10.2013 - 05.2015
IT / Change Project Manager
Capita Life and Pensions Services
Cheltenham
02.2009 - 10.2013
Project Manager
Wipro Technologies
Norwich
01.2008 - 02.2009
Project Manager
Wipro Technologies
Norwich
04.2007 - 01.2008
Systems Analyst
Xansa Technologies
Edinburgh & WGC
06.2004 - 03.2007
HP Mainframe Systems Analyst
HP
Malaysia
06.2000 - 10.2000
Education
Bachelor of Engineering - Electronics
Mumbai University
Skills
- Risk Assessment
- Security Compliance
- Project Management
- Team Leadership
- JIRA
- Confluence
- Security Awareness
- CMT
- Clarity
- MWOT
- RFQ
- ERF
- PO
- AXIS
- ALM
- MS Office
- MS Word
- Excel
- MS Project
- MS PowerPoint
- PLAN IT – PPM
- Dairy
- Memo
- Lotus Notes
- Business Objects
- Outlook
- Visio
- Assyst
- Quality Centre
- Enterprise Architect
- Share Point
- Plan View
- IBM suite of products
- SOA framework
- WAS
- WPF
- ESB
- WPS
- TAM
- HP
- QC
- MVS IBM Mainframe
- API’s
- Telon
- SAS
- Terra Data SQL 4GL
- Easytrieve
- IBM ES 9000
- IBM COMPATIBLE PCs
- HP 3K, 9K
- NCR’s TERRADATA DATABASE
- Oracle Database
- UNIX Shell scripts
Certification
CompTIA Security+ ce certification
Prince 2 Practitioner
Certified Scrum Master
Certified Scrum Product Owner
Cyber security Masters programme (in progress)
Certified Ethical Hacker (certification in view)
Certified Information Systems Security Professional (certification in view)
CISA (certification in view)
Timeline
Secure By Design Lead
MUFG Bank Ltd
11.2023 - Current
Technical Delivery Manager - Cybersecurity Program
MUFG Bank
03.2023 - 10.2023
Secure By Design SME
MUFG Bank
02.2020 - 02.2023
Niche Application and Infrastructure Security Project Manager
Lloyds Banking Group
06.2018 - 10.2019
Senior Project Manager
Lloyds Banking Group
05.2015 - 02.2018
Business Change Project Manager
Capita Life and Pensions Services
10.2013 - 05.2015
IT / Change Project Manager
Capita Life and Pensions Services
02.2009 - 10.2013
Project Manager
Wipro Technologies
01.2008 - 02.2009
Project Manager
Wipro Technologies
04.2007 - 01.2008
Systems Analyst
Xansa Technologies
06.2004 - 03.2007
HP Mainframe Systems Analyst
HP
06.2000 - 10.2000
Bachelor of Engineering - Electronics
Mumbai University
Similar Profiles
Andrea CalderonAndrea Calderon
Syndicated Loan Operations-AVP at MUFG Bank LtdSyndicated Loan Operations-AVP at MUFG Bank Ltd
Shekita LeslieShekita Leslie
Corporate Finance Analyst at MUFG Bank LTDCorporate Finance Analyst at MUFG Bank LTD
Rahul SrinivasanRahul Srinivasan
Vice President at MUFG Bank LtdVice President at MUFG Bank Ltd
STEPHAN R. DIXONSTEPHAN R. DIXON
Senior Accounts Payable Administrator at Evolution Technical Services LtdSenior Accounts Payable Administrator at Evolution Technical Services Ltd
Josee Ewane EnongueJosee Ewane Enongue
House parent at Summer Boarding CoursesHouse parent at Summer Boarding Courses