UM A M AHESHW AR REDDY SUDIREDDY
CISM, CPISI, ISO 27001 LI, CPISM
KSA Contact No.: +966-**-***-**** E-Mail: acgbkv@r.postjobfree.com
USA Contact No.: +1-224-***-****
Program Manager with 14-ye ar experience in the field of Information Securit y
Professional Brief
Over 14 years of insightful experience in the field of Information Security. Highly proficient in Developing, Establishing and managing
compliance with corporate policies, procedures, standards, frameworks, guidelines, Etc. Rich experience in managing Informat ion
security while performing periodic risk assessments, compliance audits, maturity assessments and conducting training to spread
awareness regarding Information Security. Experienced in handling multiple projects pertaining to Information security such as PCI
DSS implementation, ISO 27001, Maturity assessments, central bank regulations, GRC Automation (i.e., GRC tools implementation
aligning them to the business needs), etc. Adept in understanding business processes, technical processes, operations, and a lign the
information security requirements across people, process, and technology.
Executive Attributes
Adept in PCI DSS program management, handled almost 5 full -cycle implementations back in India and KSA and performed
multiple gap assessments. (Previously performed VISA CISP and MasterCard SDP programmes as a consulting engagements)
Adept in Information security Governance, Risk Management, and Compliance.
Possess exposure on multiple technologies and the information security aspects.
Adept in developing, establishing and deploying policies, procedures, standards, etc.,
Exposure to various cultures and capable of excelling in multicultural environment.
Implemented multiple ISO 27001 projects back in India, UAE and KSA. Exposed to various sectors (i.e., Manufacturing,
Pharmaceutical, Banking, Software Development firms, Etc.)
Core Competencies
Payment Card Industry Data Security Standards (PCI-DSS)
ISO 27001
Functional Project Management for GRC tools impl ementation (Exposed to multiple tools, like, Archer Technologies, CURA
Software, MetricStream, and CCM GRC Suite).
Information Security Maturity Assessments
Risk Management
Information Security Program Management
Professional Entitlements
CISM: Certified Information Security Manager: Certificate ID: 1425833
CISSP: Certified Information Systems Security Professional: Certificate ID: 321097
CPISI: Certified Payment Card Industry Security Implementer: Certificate Number: 011973
ISO 27001 Lead Implementer
CPISM: Certificate of Proficiency in Information Systems Management
B.Com (Computers) : Bachelor of Commerce & Computers, FY 2000
PGDCA: Post Graduate Diploma in Computer Applications, FY 2001
Projects Handled
Multiple PCI DSS full cycle implementation Projects (Vodafone South, Al Rajhi Bank, SAMA, NCB, and BSF)
VISA CISP and Master Card SDP in multiple banks in UAE and India
Managed Security Asset and Risk Management Office in IBM, Pune, India
ISO 27001 Implementation Projects (AnswerThin k, GSS America, Emirates Steel Industries (Abu Dhabi), and TAK Design
Consultants SDN. BHD. (Dubai))
ISO 9001 Quality Audits on one Pharmaceutical firm (Nicholas Piramal Healthcare, Jaheerabad Plant, AP, India.
Handled multiple ISMS & External audit engagements across India on a consulting basis.
Experience Chronology
Al Rajhi Banking & Investment Corporation, Ri yadh, Saudi Arabia (March 2013 – Till Date)
Senior Information Securit y Specialist
Responsibilities in Brief:
PCI DSS Implementation for the FY 2014-2015
Catering to Internal and External audit requirements from an information security standpoint
Developed Information Security documentation and initiated first steps towards implementing ISO 27001 and certification.
Perform periodic maturity assessments, compliance assessments, etc. to evaluate the security posture and recommend
measures to enhance the information security objectives and alignment with the business objectives.
Develop, publish, and enforce governing p olicies, procedures, guidelines, and standards mapping to the bank’s objectives.
Functional project manager for GRC automation, working with the developers to align Archer eGRC for bank’s requirements.
Spearheading online Anti -phishing, Anti-trojan, Mule Accounts, Data Breaches, Social Media Impersonation, Unauthorized
affiliations, detecting rogue mobile applications, etc. and coordinating with the internal team to take the proactive / neces sary
action to safeguard the customers and bank information asse ts.
th th
Versatile Solutions LLC. Ri yadh, Saudi Arabia (Jul y 18, 2009 – March 15 2013)
Senior Consultant – Information Securit y
Responsibilities in Brief:
Program Manager & Senior PCI Advisor for PCI-DSS in Al Rajhi Banking & Investment Corporation, Riyadh, KSA
Program Manager & Senior PCI Advisor for PCI-DSS in SAMA (Saudi Central Bank), Riyadh, KSA
Program Manager & Senior PCI Advisor for PCI-DSS in NCB (The National Commercial Bank), Jeddah, KSA
Program Manager & Senior PCI Advisor for PCI-DSS in BSF (Bank Saudi Fransi), Riyadh, KSA
Performed PCI-DSS Presales role
IBM India Pvt. Ltd., Pune India (Feb 2009 – July 2009)
Program Manager – Information Securit y
Responsibilities in Brief:
Program Manager & Senior PCI Advisor for PCI-DSS for Vodafone South, Pune, India.
Security Asset and Risk Management Lead, executing various information security programs such as Vulnerability
Management, Exception Handling and Deviation Fixing, conducting periodic risk assessments, and chairing compliance calls
on a daily basis to track the progress of compliance.
SV Infos ys, Bangalore, India (Jan’2004 – Feb’2009)
Manager – Information Securit y Services
Responsibilities in Brief:
Implementation Consultant for ISMS (BS7799, ISO:17799, ISO27000).
Implementation Consultant for VISA CISP and Master Card SDP.
Performed Pre-audits for PCI DSS earlier versions for 3 banks in UAE.
ISO 9001 Quality Audits on one Pharmaceutical firm (Nicholas Piramal Healthcare, Jaheerabad Plant, AP, India.
Sumre ys S ynerg y Solutions Pvt. Ltd., Bangalore, India (Feb’2003 – Dec’2003)
IT Infrastructure Securit y Specialist
Responsibilities in Brief:
Consulting/Designing/Implementing and Maintaining Network Infrastructure along with vulnerability management.
Ananth Solutions Pvt. Ltd., H yderabad, India (April ’2001 – Jan’2003)
Trainee Research & Developer
Responsibilities in Brief:
Trained on software development methodologies and networking technologies.
W orked with a team of experts developing driver software for proprietary hardware.
Personal Information
Marital Status: Married
Passport: J0245131 (Old: B3399508)
Visa Information: KSA Job Visa (Residence Permit), also possess USA B1/B2 Visa : Valid till 2021
Skype: sudireddy.ramreddy
W hatsApp: +966*********
sa.linkedin.com/pub/uma-maheshwar-redd y-sudireddy-cism/8a/8b6/5b1/
LinkedIN: