Charan Kumar Reddy
Information security Lead
Riyadh
Summary
Information Security Lead / Cyber Security Consultant with 8+ years of progressive experience in the Information security Industry. Demonstrated skills identifying business risks, and perform testing in Web Application, Network, Active Directory, Penetration Testing. Experienced in risk assessment of security initiatives. Strengths in providing comprehensive risk assessment and security frameworks. Adept at providing expert guidance on cybersecurity policies, procedures, and regulatory compliance.
Overview
8
8
years of professional experience
4
4
Certifications
Work History
Cybersecurity Lead
Hala Payments
09.2024 - Current
- Responsible for maintaining up to date cybersecurity governance documentation as per regulatory requirements and industry’s best practices.
- Defined KPIs for identifying compliance with cybersecurity policy, procedures and standards.
- Worked to achieve SAMA CSF maturity level 3 by implementing cybersecurity controls.
- Worked to achieve compliance with NCA guidelines.
- Coordinated with vendors to perform independent compliance gap assessments.
- Established and managed comprehensive Vulnerability Assessment (VA) and Penetration Testing (PT) processes, ensuring alignment with organizational and regulatory requirements.
- Designed and implemented cybersecurity processes to mitigate vulnerabilities while ensuring regulatory compliance and operational efficiency.
- Built and maintained an accurate Asset Inventory, enabling effective vulnerability management and compliance audits.
- Defined and monitored Key Performance Indicators (KPIs) to track the effectiveness of security measures and improve overall risk posture.
- Selected, deployed, and maintained operationally effective security tools with periodic reviews to ensure their performance.
- Developed and enforced application security policies and procedures, aligning with OWASP Top 10, SAMA, and ISO 27001 standards, ensuring regulatory compliance and reduced vulnerabilities.
- Implemented a change management framework to streamline IT updates, minimizing risks and achieving a reduction in deployment errors.
- Integrated application security protocols into the CI/CD pipeline, enhancing the secure development lifecycle and reducing security risks in production environments.
Senior Information Security Consultant
Secureyes
09.2022 - 09.2024
- Conducted a cyber resilience assessment of security solutions for telecommunication to client.
- Conducted a cloud security gap assessment and prepared cloud security policies, procedures and standards.
- Conduct comprehensive penetration testing on networks, systems, and applications to identify security weaknesses and vulnerabilities, ensuring compliance with regulatory frameworks such as SAMA CSF, NCA CSCC, and ECC.
- Develop detailed reports outlining findings, risk assessments, and recommendations for remediation.
- Conducted Red teaming activity for one of the clients.
- Collaborate with cross-functional teams to prioritize and implement security measures based on risk analysis and business impact.
- Utilized various security testing methodologies, frameworks, and tools such as Nessus, Metasploit, BurpSuite, and Kali Linux to conduct thorough security assessments.
- Provide guidance and recommendations on security best practices and compliance standards such as PCI DSS, SAMA CSF, NCA CSCC, and ECC.
- Developed and executed practical solutions to align product teams' goals with security requirements, effectively managing security risks without compromising business objectives.
- Led change management initiatives for clients across various industries, focusing on cybersecurity and risk assessment.
- Collaborated with cross-functional teams to integrate cybersecurity measures into existing business processes and systems, ensuring minimal disruption to operations.
- Demonstrated strong analytical and problem-solving skills, thinking critically about complex security issues, and considering their impact on organizational risk and business objectives.
Senior Cyber Security Analyst
Wipro Limited
05.2021 - 06.2022
- Conducted PT on web applications, Mobile and API by using different tools.
- Conducted Security assessments and Configuration review using BurpSuite and Nessus.
- Monitored and modified roles and groups in AWS Identity & Access Management module when necessary.
- Verified inbound and outbound traffic rules in AWS EC2 Security Groups.
- Packaged, tested, and deployed applications of varying complexity ensuring highest quality.
- Developed scripts and strategies to enhance the overall process.
- Took responsibility of post package release issues and conducted remediation activities.
- Delivered >90% First Call resolution for technical issues in Windows and Mac systems and applications, Network, VPN etc.
Penetration Tester
Tech Mahindra
07.2018 - 03.2021
- Managing complete security for the organization; performing Web application, IOS Applications and Configuration audits periodically.
- Perform manual Application Vulnerability assessment and Penetration testing.
- Successfully worked on Web Applications as per OWASP standard based on various platforms like java, aspx , php, jsp.
- Identifying vulnerabilities in the application and providing recommendations on how the security posture of web applications can be improved and submitting as documented report.
Software Developer
RMSI Pvt.Ltd
03.2017 - 06.2018
- Design, develop, and deploy Appian applications to meet business requirements, ensuring high performance, scalability, and reliability.
- Customize Appian objects including process models, SAIL interfaces, expressions, rules, and integrations to create efficient and user-friendly applications.
- Implement best practices for Appian development, including design patterns, code reusability, and optimization techniques to enhance overall system performance.
Education
Bachelor of Science -
KSRM College Of Engineering
India 04.2001 -
Skills
Web and Mobile Pen testing
Risk assessment
Third-Party Risk Management
Minimum Security Baseline (MSB) Reviews
Internal Network PT (SMB, LLMNR, Kerberos Attacks)
Network Security Architecture
ISO 27001:2013 (ISMS)
Information security governance
Wireless Security Assessments
Cloud security
Team Management
Certification
Certified Information Security Manager (CISM)
Timeline
Cybersecurity Lead
Hala Payments
09.2024 - Current
Senior Information Security Consultant
Secureyes
09.2022 - 09.2024
Senior Cyber Security Analyst
Wipro Limited
05.2021 - 06.2022
Penetration Tester
Tech Mahindra
07.2018 - 03.2021
Software Developer
RMSI Pvt.Ltd
03.2017 - 06.2018
Bachelor of Science -
KSRM College Of Engineering
04.2001 -