Lokesh has led a number of complex cyber security & GRC engagements with a focus on GRC strategy, program development and RSA Archer implementation for technology and telecommunication clients. Prior to KPMG, Lokesh worked at Oracle Corporation as a business analyst building PeopleSoft’s HCM product suite.
GRC Business Transformation
- Led and defined the overall Archer deployment and strategy roadmap for T-Mobile’s chief compliance officer to onboard their various compliance obligations into Archer over a multi-year timeframe.
- Lead an enterprise wide GRC program development, process optimization and RSA Archer implementation for enterprise, compliance, risk, policy, and corporate regulatory compliance related scenarios for T-Mobile’s CISO, and chief compliance officer’s strategic business initiatives
- Lead the deployment of an on premise installation of Archer v5.x which is live in production with Enterprise Management, Business Continuity Management, Risk Management, Policy Management, and Compliance management solutions for over 1000 users at Microsoft.
- Lead the deployment of vendor risk assessments, infrastructure assessments, self-serve application security attestations, integration/automation solutions for streamlined user experience, and delivered reports on tools rationalization at Microsoft.
- Lead the deployment of a turn-key, first of its kind, security assessment posture solution for Shell’s process control domains to oversee their operating assets, capital projects, and suppliers.
- Built an off-shore Archer support team based in Bangalore, India to provide 16x5 Archer enhancement support to Microsoft.
- Provided SME guidance for program development activities, optimizing existing processes and aligning to industry standards and leading practices such as ISO31K, COSO-ERM, and Microsoft SDL etc.
- Lead the deployment of the Incident Management solution at Microsoft. Responsible for requirements gathering, project management and technical deployment.
- Trained end users and management stakeholders via training sessions and documentation on various modules and capabilities of the Archer SmartSuite Framework
- Leading the overall project planning and implementation of a customized controls monitoring program for Microsoft CSS.
- Lead the implementation of a customized delete tool to perform mass delete activities for a Vulnerability Management application
Supplier Security & Privacy Risk Management
- Led the definition and execution of an end to end third party security risk assessment program at T-Mobile. This effort spanned four different cross-functional groups and included activities right from inception to remediation and contract enforcement to address the overall supplier risk posture.
- Led program development activities for the build out of an enhanced end-to-end supplier tiering, assessment, remediation process for Microsoft. Identified and helped in the rationalization of several disparate and redundant processes to enable common risk reporting and mitigation at the enterprise level.
- Lead the development and operations of a supplier security council that involved participation from ten leadership stakeholders at a fortune 100 organization to identify, prioritize, invest and execute on common supplier related challenges in a programmatic manner to reduce the overall supplier risk posed to the enterprise.
Big Data Security
- Led the security architecture and technology assessment of a Hadoop based enterprise data warehouse built to serve as the authoritative master data source for all key business units and engineering at T-Mobile.
Cyber Maturity Assessments
- Assessed a healthcare related records management system and processes for security vulnerabilities at the State of Washington. Identified and assessed individual technology components including ADABAS, EntireX, RACF and Solaris against industry standards and best practices. Conducted field interviews and devised recommendations to mitigate inherent policy, process and technology risks.
- Assessed the state of information security for an end-to-end government enterprise against industry standards such as ISO, NIST, etc. and helped build a framework to drive the client’s future state for information security. Gathered data from client stakeholders, applied industry standards and devised recommendations in to improve the client’s overall information security status including policies and procedures
Business Continuity Management
- Lead the development and design of an enhanced capability driven BCM methodology with detailed use cases, process charts & narratives that was implemented across twenty business units for a fortune 100 technology company.