Sugen Vinayagamurthy
Toronto
Summary
Dynamic IT security professional with extensive expertise in frameworks such as NIST SP 800-53, CSF, and ISO 27001, complemented by a strong foundation in TCP/IP, networking, firewalls, and security protocols. Proven track record in stakeholder engagement, characterized by exceptional communication and organizational skills fostering collaboration across departments. Successfully led the implementation of an Identity and Access Management (IAM) solution while deploying endpoint security measures to enhance infrastructure resilience. Demonstrated ability to manage complex deployment and migration projects, significantly mitigating risks associated with Business Email Compromise through the effective use of Proofpoint Email Security solutions.
Overview
11
11
years of professional experience
1
1
Certification
Work History
Information Security Analyst/ Governance, Risk and Compliance (GRC) Analyst
THE SALVATION ARMY CANADA (THQ)
04.2022 - 08.2025
- Implemented enterprise-wide Privileged Access Management, cutting privileged account risks by 40%.
- Deployed Proofpoint Email Security, reducing business email compromise (BEC) attempts.
- Conducted monthly vulnerability scans and patch compliance, achieving a 25% reduction in high-risk findings within 6 months.
- Collaborated with QSAs to achieve PCI-DSS 4.1 compliance across payment systems.
- Authored and deployed security playbooks, decreasing incident response times by 30%.
- Strengthened endpoint defenses by enhancing CrowdStrike policies to mitigate malware and lateral movement.
- Configured & managed Cisco Meraki firewall to reduce the attack surface area by 40%
- Developed and implemented security policies, procedures, and best practices for secure information systems based on NIST SP 800-53 and CIS frameworks.
- Implemented Privilege Account Management solution across enterprise and reduced the risk by 60%.
- Conducted vulnerability assessments to identify threats and risks in IT infrastructure and web applications.
- Performed risk assessments and executed tests of data processing system to ensure functioning of data processing.
- Drove enhancements to the Information Security Risk Management program, ensuring adherence to regulatory requirements and a focus on risk-based outcomes.
- Advised business units and external partners on risk mitigation strategies, guiding them through the decision-making process and tracking identified risks to resolution
- Cultivated strong, collaborative relationships with diverse internal teams and external partners to ensure consistent adherence to security standards and processes.
- Authored and presented periodic security metrics and reports to senior leadership and stakeholders, providing a transparent view of the security landscape.
- Managed a portfolio of concurrent security activities and projects, consistently meeting deadlines and adapting to shifting priorities in a dynamic environment.
- Conducted internal audits to identify areas of improvement within the organization''s information security program.
- Collaborated with IT teams to ensure seamless integration of security measures into existing infrastructure.
- Reduced vulnerabilities by performing thorough penetration testing on a regular basis.
- Conducted security audits to identify vulnerabilities.
Application Support Analyst
ITC SYSTEMS INC.
04.2017 - 01.2020
- Responsible for project management, stakeholder engagement, project documentation and training junior staff.
- Successfully deployed Netzcore Web Application in AWS cloud platform on a weekly basis.
- Collaborated with client for Network, Server and Application hardening.
- Deployed web application solution with application hardening via best security practices in client's environment.
- Created internal documents for software security configuration and deployment to train junior software support team.
- Provided network/application security support for external stake holder's critical web applications and documented details in knowledge base for internal access.
- Documented change management process for critical patch deployment to production environment.
- Worked with clients to create change management requests before deploying patches to the production environment.
- Created training for web-based applications for internal and external stakeholders.
- Collaborated with external vendors for Application-integration to provide unique solutions for our clients.
- Provided comprehensive training for users to ensure smooth adoption of new applications and features.
- Enhanced application performance by identifying and resolving technical issues in a timely manner.
Network Administrator
Scotiabank – Banking Operations (IT&S)
09.2014 - 02.2016
- Successfully migrated Windows 2003 servers to Windows 2008R2 in production environment along with active directory services.
- Successfully migrated NetApp VFiler Storage to Windows 2012 server with dedicated SAN.
- Translated business requirements for conducting secure and automated application testing for web applications.
- Deployed and supported automation script testing for Scotia Connect Online for major releases.
- Conducted vulnerability scanning against critical infrastructure and provided report to cyber security department.
- Participated in the enterprise roll-out for end-point security solution and continuous monitoring.
- Implemented IAM solution for internal departments to access remote network shares via Active directory and group policy.
- Proven project management skills to assume multiple responsibilities within time-sensitive and fast-paced environments.
Education
Accelerated Cybersecurity Training Program - SANS Foundations, GIAC Security Essentials (GSEC), GIAC Certified Incident Handler (GCIH), Cybersecurity Professional Practice
Rogers Cybersecure Catalyst, Toronto Metropolitan University
Toronto, ON11.2021
Skills
- Azure AD for IAM
- Root cause analysis
- Network security
- Access control
- Risk mitigation
- Critical thinking skills
- Privacy regulations
- Data security
- Vulnerability Management
- Network Security
- Application Security
- Incident Response
- Risk Management
- Vendor management
- Vulnerability Assessment
- Threat intelligence
- Security awareness training
- Vulnerability assessment
- Security architecture
- Security policy development
- Infrastructure assessment
- Vulnerability & penetration testing
- Cloud security
- Risk analysis & mitigation
- Risk assessment
Accomplishments
- Performed comprehensive investigations of security breaches and implemented appropriate solutions.
- Trained end users on proper security protocols to minimize cybersecurity attacks.
- Educated management on how to minimize risk of cybersecurity attacks.
- Made recommendations to management on new security software to improve the process.
- Developed and implemented security procedures to achieve risk reduction in Cloud apps.
- Achieved 40% risk reduction to Privilege Accounts by introducing Privilege Account Management (PAM) for System Admin tasks.
Languages
English
Full Professional
Tamil
Native or Bilingual
Certification
- GCIH Incident Handler Certification (GCIH) - 2021-11-01
- GSEC Security Essentials Certification (GSEC) 2021-09-01
- CISSP (Provisionally Passed), 2024
Cyber Security Extracurricular Activities
TryHackMe – Advent of Christmas, Participant, 2021-12-01 to Present
SANS Holiday Hack Challenge 2021, Participant, 2021-12-01 to Present
Cyber Start Game (SANS), Participant, 2021-05-01 to Present
HACK The Box – BOOT UP CTF, Participant, 2021-10-01 to 2021-10-31
SAN GCIH CTP, Participant, 2021-09-01 to 2021-09-30
Interests
- Getting involved in local advocacy groups to promote positive change in the community
- Youth mentor, providing guidance and support to empower the next generation of leaders
- Youth Development Programs
- Environmental Stewardship
- Participating in fundraising events to support local charities, schools, or community projects
Timeline
Information Security Analyst/ Governance, Risk and Compliance (GRC) Analyst
THE SALVATION ARMY CANADA (THQ)
04.2022 - 08.2025
Application Support Analyst
ITC SYSTEMS INC.
04.2017 - 01.2020
Network Administrator
Scotiabank – Banking Operations (IT&S)
09.2014 - 02.2016
Accelerated Cybersecurity Training Program - SANS Foundations, GIAC Security Essentials (GSEC), GIAC Certified Incident Handler (GCIH), Cybersecurity Professional Practice
Rogers Cybersecure Catalyst, Toronto Metropolitan University
Similar Profiles
Alexander IfrimAlexander Ifrim
Supporter Services Advisor at Salvation Army THQSupporter Services Advisor at Salvation Army THQ
Elizabeth (Liz) ChittockElizabeth (Liz) Chittock
Farm Manager at The Salvation Army THQFarm Manager at The Salvation Army THQ
Barbara Kristine GarciaBarbara Kristine Garcia
Donation Giving Specialist at The Salvation Army CanadaDonation Giving Specialist at The Salvation Army Canada
Shane MarlattShane Marlatt
Scaffold Superintendent at Newcrest MiningScaffold Superintendent at Newcrest Mining
NATHAN OSTAFICHUKNATHAN OSTAFICHUK
Senior Account Executive at Agility PR SolutionsSenior Account Executive at Agility PR Solutions