Rohit Surya
Frederick
Summary
Accomplished Cybersecurity leader with over 15 years of experience in federal and corporate environments. Currently spearheading the Cyber-SCRM program at Accenture Federal Services, driving the implementation of secure SDLC and DevSecOps practices while enhancing communication between leadership and technical teams. Previously led enterprise security automation and compliance frameworks at Amazon, ensuring alignment with HIPAA, NIST, and GLBA standards, while collaborating closely with the CISO office on strategic security enhancements. Expertise includes building robust security programs, implementing CMMC/NIST controls, and overseeing cloud migrations, all aimed at safeguarding sensitive data while fostering innovation.
Overview
17
17
years of professional experience
Work History
Information Security Manager - Cyber Supply Chain
Accenture Federal Services
Arlington
05.2023 - Current
- Directed Cyber Supply Chain Risk Management (C-SCRM) program creating robust security strategies to safeguard essential federal infrastructure from emerging threats.
- Advised senior management on best practices related to program management processes.
- Streamlined software development processes with embedded security measures for a 30% improvement in vulnerability management.
- Designed comprehensive security frameworks for diverse environments, ensuring alignment with regulatory standards such as NIST 800-53/171 and CMMC.
- Implemented comprehensive vulnerability management strategy, focusing on high-risk issues and accelerating resolution times by 25%.
- Streamlined processes to minimize operational friction through strengthened partnerships.
- Led open-source and third-party security programs, creating automated vulnerability detection.
- Supervised individual project leaders and provided support and motivation.
Infosec & Compliance Manager | Security Assurance
Amazon
Arlington
07.2022 - 05.2023
- Managed Technical Program Managers within the Security Assurance team at Amazon to implement security automation and tooling.
- Implemented measurable KPIs to monitor security posture enhancements.
- Ensured adherence to regulatory frameworks such as HIPAA, NIST, GLBA, and NYDFS.
- Integrated security measures at all stages, emphasizing 'shift-left' principles.
- Drove strategic security efforts in partnership with CISO office and senior leadership.
- Performed thorough security evaluations, categorizing findings by risk level.
- Developed and managed an end-to-end program roadmap to ensure successful delivery of projects.
Principal Security Architect
Accenture Federal Services
Washington D.C. Metro Area
11.2012 - 06.2022
- Lead and delivered digital transformation efforts while implementing NIST 800-53/171 standard-based security frameworks.
- Directed relocation of critical ITAR/CUI projects to secure GCC High Defense cloud.
- Monitored systems for indications of threats, security breaches or intrusions.
- Implemented software tools to assist in threat detection, prevention and analysis.
- Designed secure network infrastructure, implemented access control policies, and managed authentication systems.
- Implemented strategic security governance model connecting Senior Leadership, Delivery teams, and key client stakeholders.
- Led team of Solution Architects delivering secure and high-availability solutions.
- Directed successful incorporation of security protocols within Agile methodologies from initiation to completion.
- Gained customer trust through swift handling of incidents within strict SLA adherence.
GRC Consultant
Accenture
Washington
11.2009 - 11.2012
- Participated in executive reporting, ensuring comprehensive risk management.
- Managed the creation of KPI reports to track security incidents and compliance status.
- Ensured compliance of CMMI requirements with ISO standards to facilitate team preparation for CMMI Level 4 audits.
- Utilized extensive knowledge of SDLC processes to enhance application development.
- Executed internal evaluations to verify the efficacy of security controls.
- Analyzed business processes to identify potential risks and develop mitigation strategies.
Senior Network Security Engineer
Cognizant Technology Solutions
Washington
06.2008 - 06.2009
- Provided comprehensive security operations for top-tier clients, ensuring prompt and effective incident management.
- Performed real-time threat hunting to detect and counteract emerging malware campaigns.
- Boosted operational effectiveness by devising efficient escalations while coordinating efforts with international telecom companies.
- Monitored systems for indications of threats, security breaches or intrusions.
Education
Master of Science - Computer and Network Security
Middlesex University
London, United Kingdom03-2008
Bachelor of Science - Computer Applications Development
University of Madras
07.2005
Skills
Security Program Management Vulnerability Management Risk Assessment Compliance Frameworks (NIST, HIPAA, CMMC, ISO 27001, CMMI) Executive Communication Cloud Security (AWS, Azure, Office 365) DevSecOps Supply Chain Risk Management Security Metrics & Reporting Incident Response (including Supply Chain Incidents) Cross-functional Leadership Process Documentation Agile Methodologies SDLC / Secure SDLC Digital Transformation POA&M Management GCC High Jfrog Artifactory Change Management Risk Mitigation Security Governance Software Composition Analysis (SCA) Software Bill of Materials (SBOM) Third-Party Risk Management Fourth-Party Risk Management Geopolitical Risk Assessment AI-Driven Threat Detection Zero Trust Architecture Project Management Methodologies (Agile, Waterfall) Certifications (PMP, CISSP)
Web
www.credly.com/users/rohitsurya
Timeline
Information Security Manager - Cyber Supply Chain
Accenture Federal Services
05.2023 - Current
Infosec & Compliance Manager | Security Assurance
Amazon
07.2022 - 05.2023
Principal Security Architect
Accenture Federal Services
11.2012 - 06.2022
GRC Consultant
Accenture
11.2009 - 11.2012
Senior Network Security Engineer
Cognizant Technology Solutions
06.2008 - 06.2009
Master of Science - Computer and Network Security
Middlesex University
Bachelor of Science - Computer Applications Development
University of Madras
Similar Profiles
VICTOR R. SWANNVICTOR R. SWANN
Systems Administrator Specialist at Accenture Federal ServicesSystems Administrator Specialist at Accenture Federal Services
Nathalia BrownNathalia Brown
HR Service Delivery Operations Analyst at Accenture Federal ServicesHR Service Delivery Operations Analyst at Accenture Federal Services
Kaila Henderson, ISP, SFPC, ISOC, SAPPCKaila Henderson, ISP, SFPC, ISOC, SAPPC
FSO Team Lead/ Corporate AFSO/ COMSEC Custodian at Accenture Federal ServicesFSO Team Lead/ Corporate AFSO/ COMSEC Custodian at Accenture Federal Services
Alexander J. RaschAlexander J. Rasch
Development Security Operations (DevSecOps) Engineer at Accenture Federal ServicesDevelopment Security Operations (DevSecOps) Engineer at Accenture Federal Services
Ethan J. HurryEthan J. Hurry
Line Cook at BJ's Restaurant & BrewhouseLine Cook at BJ's Restaurant & Brewhouse