JAYAKUMAR RAMASANDREN
Cybersecurity Manager
Tampines,Singapore
Summary
With around 13 years of experience in Information Security, IT Audit, and Risk Assessment, system and network administration, I provide consultancy services, technical guidance, and expertise in information security frameworks, best practices, security intelligence, and methodologies. I am adept at performing IT audits and risk assessments to ensure compliance, improve security posture, and minimize potential risks.
Overview
14
14
years of professional experience
9
9
Certifications
Work History
Cybersecurity Manager (GRC)
Alstom Asia Pacific
10.2024 - Current
- Conducted comprehensive OT cybersecurity risk assessments in alignment with IEC 62443, defining context and identifying vulnerabilities
- Developed and allocated OT cybersecurity architecture requirements, ensuring robust protection across systems
- Managed third-party cybersecurity risks, cascading security requirements to suppliers and ensuring compliance
- Assessed and validated achieved cybersecurity levels for various OT projects and programs
Proficient in AS 7770:2018 – Rail Cyber Security, applying standards to ensure secure rail system operations - Skilled in Cloud Security, with hands-on experience in Microsoft Azure environments
- Collaborated with cross-functional and international stakeholders across Australia, France, Switzerland, India, and Denmark to align cybersecurity strategies
- Ensured project implementations adhered to regulatory and compliance requirements, maintaining high cybersecurity standards throughout the lifecycle
Senior Security Consultant (GRC)
NCS Pte Ltd
03.2023 - 09.2024
- Perform IT Security Risk Assessments (project, cyber and data security) in accordance with industry best practices, including CSA, NIST CSF, ISO 27001, IEC 62443, MAS TRM/Notice and Instruction Manual for ICT & SS Management (IM8).
- Execute audits of the project to provide an objective and independent assurance on the adequacy and effectiveness of internal controls, risk management, and governance.
- Conduct on-site fieldwork, gather evidence, analyze findings, and compile comprehensive audit reports outlining observations, risks, and recommended actions.
- Conduct thorough security testing, including vulnerability assessments and system security reviews, to identify and address potential system weaknesses.
- Deliver engaging security training and workshops to educate employees and stakeholders about best security practices and protocols
- Implemented multi-factor authentication across client organizations, significantly reducing unauthorized access risks.
- Conducted tabletop exercises simulating various cyber attacks scenarios—enhancing organizational preparedness while challenging assumptions about existing defenses.
- Evaluated emerging security technologies to stay current on industry trends and incorporate innovative solutions into client projects where applicable.
- Delivered hands-on training to corporate stakeholders on topics such as incident management, threat intelligence, and vulnerability assessment methodologies.
- Played a critical role in post-breach investigations, providing expert insights to help clients understand the root cause of incidents and prevent future occurrences.
Cyber Security Consultant (GRC)
ITSEC Services Asia Pte Ltd
01.2022 - 03.2023
- Applying STRIDE and MITRE ATT&CK adversary techniques, integrated with CSA's 'Secure by Design' framework and methodology, to identify and mitigate potential threats.
- Evaluating the adequacy, efficiency, and effectiveness of IT system controls based on standards such as ISO27001, NIST CSF, MAS TRM, CIS v8, IM8 and CSA CCOP v2. Recommending improvements to address identified risks or weaknesses.
- Performing risk and assurance assessments for Technology Infrastructure, Cybersecurity, application controls, and IT procedures and processes.
- Perform Security Architecture review for IT/OT system to
- Perform Security Architecture Reviews of security layers across IT and OT devices, infrastructure, applications, people, and processes using the OWASP Software Assurance Maturity Model (SAMM)
- Collaborate with third-party vendors to deliver Automation GRC solutions and conduct phishing simulation exercises for customers. Such as Knowbe4, Microsoft Purview Compliance Manager
Project Lead, IT Security (GRC)
Tech Mahindra Pte Ltd
10.2021 - 12.2021
- Perform Security Risk Assessment at the level of Project/ Account/Organization
- Provide next fault investigation, troubleshooting, resolution, recovery, and root analysis
- Provide network consultation to project teams for system deployment of additional services to customers.
- Implemented best practices in documentation management systems that improved efficiency, accessibility, and security of project-related information.
- Monitored project progress, identified risks and took corrective action as needed.
Lead Consultant, IT Security (GRC)
Singtel Cybersecurity Pte Ltd
01.2019 - 10.2021
- Provide support to governance, risk and compliance matters for governance, risk and compliance assessments and recommends viable alternatives with regards to the area of IT and data hygiene's
- Review and develop security framework, information securities policies, processes/procedures, and guidelines on an ongoing basis
- Establish compliance with security policies/procedures through ongoing security reviews and audits which includes minimally, log analysis and security assessment of customer's ICT systems
- Research and monitor current software security risk
- Supporting the development team in terms of secure development practices
- Analysis of IT systems architecture in terms of security and risk/threat modelling
- Perform monthly logon review
- Perform monthly, yearly access rights review
- Collate reports for security events and activities
- Conduct security awareness training (Yearly)
- Perform vulnerability assessment
- To assist in general audits and provide data analytics support
System Consultant
Nityo Infotech Pte Ltd
06.2018 - 12.2018
- Work closely with network, system administrators and application development teams to ensure security policies are being followed.
- Handle Change request, Service Request, Incident
- Plan maintenance for all the security equipment for patching
- Monitor, analyze and report security threats, incident and vulnerabilities to information systems
- Evaluate and recommend new/upgrade of software and hardware for the protection of information systems.
- Participate in the creation, review, and update of information security policies
- Generate and compile Monthly Report, and submit to customer
System Engineer
Comtel Solution Pte Ltd
11.2016 - 05.2018
- Assist with daily review of system and firewall logs.
- Monitor privileged accounts used in various systems
- Work with vendors on various security Project.
- Managing of IT Security incident handing/ case escalation /log management / IT Security tools.
- Participate in the creation, review, and update of information security policies
System Engineer
DZH International Pte Ltd
05.2016 - 10.2016
- Manage, coordinate, and implement software upgrades, patches, hot fixes on infrastructure managed
- Provide after-hours support for Infrastructure related emergencies as well occasional weekend maintenance as part of the rotational duty support team
- Liaise with vendors, internal stakeholders and/or customers to identify troubleshoot, and resolve issues
- Support other IT related activities when required
IT Consultant
ChassAsia Pte Ltd
11.2015 - 04.2016
- Providing critical technical business support to partners, highly skilled customers, IT and functional staff
- Mentor and provided advice to other Technical Support Engineers as needed
- Ensure that the customers' systems are running smoothly
- Provide technical services such as implementation and or maintenance support to the customers on a wide range of systems, networking and storage solutions.
- Research, diagnose, troubleshoot and identify solutions to resolve customer issues related to product use, design and configuration
- Troubleshooting and supporting of Windows Server and Infrastructure ensuring IT Service Level Agreements are met.
System Administrator
Toppan Security Printing
12.2012 - 10.2015
- Managing operation support and maintenance of the Information Security Management System based on the ISO/IEC 27001:2005 standards
- Perform access level management includes access level design, definition, creation, modification, deletion and daily access rights management
- Perform Vulnerability Scan. Analyze and work with related owners to fix the critical and high findings within specific time period.
- Conduct Physical & Logical security awareness training to all staffs to ensure appropriate level of security consciousness
- Perform Security configuration reviews of servers, network access control and firewall rules periodically.
- Prepare, review and refine audit programs, audit procedures and methods wherever necessary for the conduct of the internal audit activities.
- Develop and obtain signed-off of the Security Audit & Review Plan
- Conduct Host, OS, DB and Server Hardening Audit / Security Baseline Configuration Assessment Develop Security Audit Compliance Checklist
- Perform IT Security Compliance Audit base on the approved checklist, policies, and standards
Technical Assistance
NCS Pte Ltd
09.2011 - 10.2012
- Perform first level problem diagnosis and resolve problem related to computer hardware/ software and application system
- Provide advice and assistance to users on usage of simple functional features of software and hardware peripherals
- Provide on-site support during examination of school
- Assist in user account application
- Asset & component inventory tagging for new it equipment
- Installing new software for desktop and laptop
- Basic configure on server application on server root
- Provided technical assistance to staff members as needed, ensuring smooth adoption of new technologies and seamless integration with existing workflows.
Education
M.D. - ICT Management
Asia E University
Kuala Lumpur08.2018
Skills
Cybersecurity frameworks
Compliance auditing
Threat modeling
IT security management
Security risk assessment
Vulnerability assessment
Project leadership
Decision-making
Strategic planning
Teamwork and collaboration
Time management
Problem-solving abilities
Certification
ISACA (CISA, CISM, CRISC)
Technology Summary
Nessus, Network VA Scanner (Nessus, GFI Lan Guard), Anti-Virus Tools (Norton, Symantec, McAfee), SIEM (SolarWinds, ArcSight & QRadar Imperva), Firewall (Fortinet, Checkpoint, CISCO ASA), Windows Servers, Hyper V, VMWARE, N-Computing, LANs, WANs, VPNs, Routers, Firewalls, TCP/IP, MS Office (Word, Excel, Outlook, Access, PowerPoint), Power BI, Tableau
Personal Information
- Available: Full-Time & Permanent
- Notice Period: 1 Month
- Nationality: Malaysian
- Visa Status: Singapore Permanent Resident
Timeline
Cybersecurity Manager (GRC)
Alstom Asia Pacific
10.2024 - Current
Senior Security Consultant (GRC)
NCS Pte Ltd
03.2023 - 09.2024
Cyber Security Consultant (GRC)
ITSEC Services Asia Pte Ltd
01.2022 - 03.2023
Project Lead, IT Security (GRC)
Tech Mahindra Pte Ltd
10.2021 - 12.2021
Lead Consultant, IT Security (GRC)
Singtel Cybersecurity Pte Ltd
01.2019 - 10.2021
System Consultant
Nityo Infotech Pte Ltd
06.2018 - 12.2018
System Engineer
Comtel Solution Pte Ltd
11.2016 - 05.2018
System Engineer
DZH International Pte Ltd
05.2016 - 10.2016
IT Consultant
ChassAsia Pte Ltd
11.2015 - 04.2016
System Administrator
Toppan Security Printing
12.2012 - 10.2015
Technical Assistance
NCS Pte Ltd
09.2011 - 10.2012
M.D. - ICT Management
Asia E University