Elangovan Baskaran

Designed and implemented the overall Threat and vulnerability management (TVM) strategy to identify, assess, and prioritize vulnerabilities across all technology platforms

Implemented RBVM process in vulnerability management process

Conducted regular vulnerability assessments, scans, and penetration tests to identify weaknesses in internal and external systems.

Threat intelligence platforms and sources to stay updated on emerging cyber threats and vulnerabilities

Collaborated with IT Teams, development, and infrastructure teams to drive remediation of identified vulnerabilities and oversee patch management processes.

Risk Analysis and Prioritization :Assess the criticality of identified vulnerabilities by considering potential impact, exploitability, and exposure to the business

Developed and documented risk mitigation plans (RMP), including short- and long-term solutions, for vulnerabilities that cannot be immediately remediated.

Ensured that vulnerability management processes aligned with industry standards (e.g., NIST, ISO, PCI-DSS) and meet relevant compliance requirements.

Work with IT/Stakeholder teams (e.g., business units, IT operations, and legal teams) to assess how vulnerabilities may impact business operations, regulatory compliance, and reputation.

Expertise in handling large-scale data sets, ensuring legal compliance

Implemented effective records retention and management processes.

Demonstrated track record of supporting legal teams and minimizing legal risks through comprehensive document and data management strategies.

Managed data retention and disposal policies for compliance with regulatory requirements, including SOX, HIPAA, and GDPR.

Coordinated with internal and external stakeholders to ensure proper documentation and reporting of legal hold processes.

Core Competencies: Legal Hold Review and Implementation,Structured Records Management,Data Retention Policies,Risk Mitigation, Data Classification and Mapping,Legal and Regulatory Compliance,Documentation and Reporting

Responsible for Security Transition and Transformation (Mobilization)
Cloud Infrastructure consulting, service delivery experience on AWS,
Azure, GCP Cloud.
Managed Cloud Security Transformation projects
Cloud delivery, SLA, metrics, operational rigor, Production, mission critical environment management, Critical incidents, escalation handling- Transform/Run
SOC: Ensure the integrity and protection of networks, systems and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices
Analyze security event data from network (Sensors, Firewall traffic)
Triage security events and carry out incident response steps
Recognize potential, successful, and unsuccessful intrusion attempts and compromises through reviews and analyses of relevant event detail and summary information.
Handled Critical incident management and Management/stakeholder communications.
Handled Transformation scope for cloud-based solutions as per security standards
Performed Internal Audits for the infrastructure, cloud-based and provided remediation solutions.
Handled policy compliance, Security policies and standards.
Hands- on experience in SIEM, Endpoint security, Data security, Data center security, IAM, Vulnerability Management, Compliance and Risk Management
Automation, Analytics, AI exposure
Database migration to cloud
Storage and file services migrations to cloud
Vendor Management: Hitachi, Q Radar, PAM, Rapid 7

Tracked the real time emergency and critical vulnerabilities on daily basis until closure.
Initiated Get-to-green project to drive closure for critical, high, medium
vulnerabilities in Corporate Environment.
Initiated internal Project for tracking the EOL/EOS Vulnerabilities
remediation/upgrade with Risk management process
Initiated internal project to remediate the Zero-day vulnerabilities which has compensating controls and Work around.
Involved in risk analysis for the vulnerabilities which operations team notable to remediate within SLA.
Tool Management: Qualys, Tenable.io: Performing internal audit the on monthly basis to verify that each user has right level of access to Qualys console.
Service Now integration with Qualys Guard (Vulnerability Management Module).

Managing End-End Infra services BAU, Incident, Changes, Problem record
Manage CSAT and KPIs ,Governance of delivery and review with customer
Maintain SLA as per the contract.
Project Initiating, Requirement Gathering, Derive Scope Statement, Project Scheduling, Executing, Resource Handling
Perform Project Communications, closing and sign off with Customer.
Manage billing the customer on deliverables and penalty as per the agreement
Maintain CMDB, KEDB and project document/ inventory.
Crisis Management on BAU & project delivery
Implement Service Improvement and Performance Improvement plan
Perform revalidation of monitoring parameters plan, schedule and execute the disaster recovery exercise
Track the status and progress of projects.
Identify risks, plan risk response and implement risk strategies.
Knowledge on Project Management tools and Project Management Information System,Identify and Fix vulnerabilities in infrastructure using customer and IBM tools.
Mentor the technical resources
Identify and plan to mitigate the security threats in Infrastructure.
Compliance, Issue, Risk Management Governance and Mitigation using too as IBM Big Fix, IBM CIRAT.
Handshake call with all Technology teams and client security focal for Patch an NCI (Non-Compliance) management.
Plan and lead the Internal and External Audits in Infrastructure such as ISO Security Audit etc.