Pravinkumar Jha

pravin.cse.jha@gmail.com Mobile: +91-8108300165

Professional Summary:
 Over 13 years of experience in cybersecurity, with a strong focus on vulnerability
management and application security
 Proven track record of leading and managing multidisciplinary teams, fostering a culture
of security-by-design and continuous improvement
 Skilled in implementing secure SDLC processes, conducting threat modeling,
and ensuring compliance with industry standards like ISO 27001, HIPAA, and
PCI.
 Experience in researching, evaluating, and implementing new security tools
and technologies, Zero Trust Implementation, Security Automation.
 Extensive experience in managing third-party information security risks,
including conducting vendor assessments, reviewing contracts, and ensuring
compliance with security standards
 Proficient in technical project management, risk-based prioritization, and
driving remediation of identified vulnerabilities, budget management, and
resource allocation, delivering successful outcomes within established
timelines and budgets.
 Led the development of a Supplier Security Questionnaire to improve
security screening of vendors and enhance overall security protocols
 Excellent communication and collaboration skills, with experience convincing
stakeholders to remediate vulnerabilities and reduce cyber risks and a proven
track record of effectively liaising with cross-functional teams and external
stakeholders.
 Adaptable and solution-oriented, with a passion for tackling complex technical
challenges and delivering impactful solutions.
 Seeking a leadership role to drive innovation and enhance technology initiatives.

Skills:
 Team Leadership
 Vulnerability Management Lifecycle
 Risk Based Prioritization
 Secure SDLC and DevSecOps
 Threat Modelling and Secure Architecture Review
 Vulnerability Scanning and Penetration Testing
 Stakeholder Management and Relationship Building.
  Reporting and Metrics
 Technical Project Management Resource Allocation and Adaptability
 Software Quality Assurance and Release Management
 Budget Management
 Product, Application Security, CyberSecurity Operations

Certifications:
 Google CyberSecurity Specialization
 ISO 27001- Lead Auditor
 CSSLP- Certified Secure Software Lifecycle Professional
 ICSI | CNSS- Certified Network Security Specialist
 API Security
 DIAT CIAP- Certified Information Assurance Professional by Defense Institute of Advance
technology.
 CSM- Certified Scrum Master
 CSPO- Certified Scrum Product Owner
 6 Sigma Green Belt.
 ITIL V3
 ISTQB- Foundation Level, Test Analyst, Test Manager
 Generative Al at SAP
 Oracle Certified SQL Expert.

Experience:
Manager (Associate Director), I0/2023 - 04/2024
Abbott Healthcare Pvt Ltd.- Mumbai
 Spearheaded the establishment of Product Security and Automation Testing teams in
India, focusing on hiring top talent and procuring office space to support team
operations.
 Collaborated with cross-functional teams to identify, prioritize and remediate
vulnerabilities based on risk, severity and potential impact
 Aligned product requirements and test specifications from the Global Office to ensure
synchronization with local team activities.
 Managed the team budget effectively, optimizing resource allocation to meet project
demands and financial objectives.
 Conducted performance appraisals, one-on-one sessions, and provided constructive
feedback to team members to foster their professional growth and development.
 Led the implementation of security measures and testing processes to ensure product
quality and compliance with industry standards and regulations.
  Provided technical expertise and guidance on vulnerability management best practices to
application owners and developers
 Collaborated with cross-functional teams to integrate security and automation practices
into the product development lifecycle.
 Fostered a culture of innovation and continuous improvement within the teams,
encouraging collaboration and knowledge sharing.

Manager, 02/2012 - 10/2023

eClinicalWorks

Leadership and Management:

 Directed the Application Security and Automation Engineering department, supervising
80+ engineers across 5 departments.
 Managed and motivated employees to maximize productivity and engagement.
 Resolved conflicts and facilitated communication between stakeholders to achieve
business goals.
 Developed a strong company culture focused on collaboration, employee engagement,
and continuous learning opportunities.

Application Security and Compliance:

 Cultivated a highly skilled security team, emphasizing secure SDLC processes to mitigate
pre-product release risks.
 Conducted R&D on new security tools and technologies to enhance the organization's
security posture
 Implemented security automation solutions to minimize manual efforts and improve
SLA for vulnerability management and incident response.
 Implemented Azure Security (Cloud Security) best practices.
 Implemented threat modeling and secure architecture review processes, conducting
assessments annually.
 Research and implemented zero trust architecture to strengthen the organizations
overall security framework
 Improved SOC strategy, design and implementation to enhance the Security Posture.
 Ensure good SLAs and KPI results by coordinating with the various teams.
 Conducted stakeholder interviews, reviewed policies and procedures, and performed
vulnerability analysis to identify gaps between current and future states
 Established a process to conduct effectiveness Assessments for ForcePoint DLP rules.
 Implemented threat modelling, threat intelligence and secure architecture review
processes, conducting assessments annually and adopting them as standard practice.
 Managed vulnerability assessment and penetration testing activities for over 40
products, ensuring adherence to Secure SDLC principles and conducting security
deployment reviews.
  Spearheaded server hardening initiatives based on the NIST framework, enhancing
overall security posture.
 Established robust security reviews and compliance with ISO 27001, HIPAA, PCI, OWASP,
Azure Security Benchmark, integrating security within Cl/CD pipelines.
 Introduced automated security assessment tools, vulnerability assessments, and
penetration testing to enhance security measures.
 Collaborated with Procurement, Vendor Operations, and Legal teams to formulate a
holistic strategy for third-party reviews, optimizing vendor and third-party integration
speed
 Led disaster recovery planning, business continuity efforts, and streamlined processes
with Agile
 Led the development of a Supplier Security Questionnaire, improving security screening
of vendors and enhancing overall security protocol
 methodologies.
 Conducted SAM, ISO 27001, HIPAA, and other compliance audits, ensuring adherence to
stringent standards and regulations.
 Oversaw division of security team into purple and red teams, with distinct
responsibilities including Secure SDLC support and VAPT activities.

Automation Testing and Security:

 Managed an Automation Testing team consisting of 2 Team Leads, 4 Mentors, and 6
Product Analysts.
 Led the automation of30,000 legacy test cases using Selenium and Geb frameworks over
6 years.
 Collaborated with Product Analysts to convert manual test cases into Gherkin format and
assess feasibility for automation.
 Implemented Docker and Selenium Grid for efficient and scalable testing processes on
Azure.
 Ensured weekly execution of automated test cases, conducted maintenance, and
reported bugs as necessary.
 Initiated Continuous Integration (CI) and Continuous Testing (CT) processes, along with
Contract Testing, to ensure quality throughout the software development lifecycle.
 Supported implementation teams with automation for post-deployment checks and
quality assurance.

Support Engineer, 07/2011-01/2012

CSS Corp
 Worked as support Managed communication transcripts for Vonage VOiP provider,
resolving issues and ensuring smooth communication services for users by working on
XML files.
  Transitioned to troubleshooting support issues with Belkin routers, providing technical
assistance to customers and resolving connectivity issues promptly.
 Utilized expertise in network troubleshooting to address issues with Juniper routers,
collaborating with enterprise customers to diagnose and resolve network-related issues
effectively.

Additional Information:
 Familiar with emerging trends, regulatory changes, and evolving threats in the security
and compliance landscape.
 Proven ability to prioritize multiple requests and communicate priorities effectively.
 Experience in managing projects with diverse groups across multiple geographies.
 Capable of resolving conflicts and identifying items requiring senior management
attention.

Experience:
MBA: Information Technology Management, 01/2018
TIMSR - Mumbai

Bachelor of Technology: Computer Engineering, 01/2011

RIET – Jaipur

Projects:
 OWASP SAMM (6 months): Led the completion of OWASP SAMM Level 3 for
eClinicalWorks, enhancing the organization's software security posture.
 ISO 27001 (12 Months): Successfully managed the auditing and implementation process,
resulting in ISO 27001 certification for eClinicalWorks.
 Secure SDLC and DevSecOps (36 Months): Spearheaded the implementation of Secure
SDLC practices throughout the development cycle, integrating security measures from
requirement review to deployment. Implemented various security tools including
Sonarqube, Contrast Security, and Imperva WAF to fortify application security.
 TMMi (24 Months): Implemented TMMi Level compliance and adherence within the QA
organization at eClinicalWorks, ensuring high-quality software testing practices.
 IT & Business Continuity Planning (4 Months): Led business continuity planning efforts
for eClinicalWorks India location, ensuring seamless remote work capabilities for over
3000 staff and 4000 systems. Implemented VPN connections and increased firewall
throughput to support work-from-home initiatives, reducing overall IT costs and
enhancing user awareness through training programs.

Date:
Place: