Summary
Overview
Work History
Education
Skills
Timeline
Generic

RAMESH NAIDU

Information Security Manager
Doncaster East,VIC

Summary

BEST KNOWN FOR Three decades of technological and management experience in the IT space. Delivering smart, pragmatic business-focused solutions. Passionate evangelism towards current and emerging technologies. Blazing new trails. Leadership in establishing new IT divisions. Mentoring teams to embrace opportunity, boost performance and foster innovation.

Overview

46
46
years of professional experience

Work History

Senior Database Administrator

THE GOOD GUYS
  • Met SLA that determined the point-of-sale database should ‘never go offline’
  • Achieved SLA that all mission-critical batch jobs would be delivered on time
  • Established a release management system for all IT system changes—leading to appointment as Change Manager overseeing the establishment of a change management system
  • Encouraged team excellence
  • Team was later recognised as consultants competently handling all technical enquiries
  • Eliminated almost all human errors
  • Boosted availability from 99.9% to 99.999% for mission-critical POS and finance databases
  • Established robust data-centric integration architectures for SOA, BI, and datawarehouse environments
  • Initiatives increased inventory stock-on-hand status efficiency instantaneously, price and ticketing systems by 80%, weighted average costing efficiency by 90%, and product categorisation by 90%
  • Introduced standby databases for reporting that allowed primary databases to operate core business without impact.

JB Hi-Fi Group, JB HI, THE GOOD GUYS
Melbourne, VIC
01.2014 - Current

Information Security Manager

JBHIFI Retail
Melbourne, Victoria
07.2014 - 03.2022
  • One of the first employees promoted to help the company become a retail-industry pioneer—mitigating security threats and risk via the company’s pioneering in-house IT security department
  • Establishing strategies and policies in a non- security-aware environment required training, collaboration, and working with auditors, administrators & vendors to meet best practice security compliance
  • Introduced and tightened user access to systems and databases, ensured an ongoing commitment to risk awareness and mitigation, launched new policies and controls, and delivered outstanding results
  • Initial challenges: No written security framework, strategy, policy, policy controls or risk assessment meetings, or centralised secure vault storing and managing sensitive information
  • Without fundamental processes, auditing, controls or tools, the achievement of PCI-DSS and Australian Privacy Law compliance was unlikely
  • Actions: Instigated & conducted PCI DSS compliance audit, wrote security policies, set controls and standards, conducted risk assessment meetings, installed software to store passwords and digital certificates, and implemented numerous modules to track, control, prevent access, install protections, and defend system integrity
  • Achieved PCI DSS compliance continuously for the last 5 years for Good Guys and two years for JB Hi Fi
  • No major cyber security incidents in more than five years, while other retail competitors suffered major, or severe data breaches and incidents
  • Accomplishments Improved the visibility of security threats, vulnerabilities, and non-compliance, and ensured data was secured and available
  • Within 12 months of implementing a comprehensive program of change, network vulnerabilities were cut to less than 10%, and software data breaches that had negatively impacted competitors were averted
  • Through a new ticketing system, patches were applied swiftly and on a regular cycle
  • Presided over a company-wide initiative to devise security policies and frameworks, as well as a ground-breaking cyber defense security risk assessment
  • Following management meetings identifying risks, and brainstorming methods for rolling out policies/reporting across various IT areas, implemented ISMS and policy framework for Good Guys
  • For the first time, data security governance was conducted through regular audits, risk assessment meetings and best practice policy compliance controls
  • Conducted Privacy Impact Analysis PIA for Privacy Compliance
  • Selected projects Appointed Project Lead on ISO-27001 Gap Analysis Project in obtaining ISO-27001 certification for IT and JB Hi-Fi Solution department
  • Presented to executive team & board for ISO-27001 certification project
  • Appointed Project Manager on PCI-DSS compliance assessment every year to coordinate with QSAs and various internal stakeholders
  • Appointed Project Manager in establishing 3rd Party vendor security assessment & management
  • Appointed Technical Architect and Environment Administrator on a $120K project implementing QUALYS Vulnerability
  • Management and Policy Compliance
  • Identified and eliminated network vulnerabilities across multiple platforms and applications; built standards using CIS/NIST benchmarks; improved the IT team’s security posture and awareness; maintained the security of the cardholder data environment, and set up security risk and threat monitoring/alerts via Threat PROTECT
  • The project was delivered on time and to budget
  • Engaged as Project Manager & Technical Architect, delivering well-below the $60K budget, an Oracle Unified Directory project to establish a second layer of access exclusively for applications
  • As a second layer of authentication, operate two separate directories (network and applications) to avoid significant security user access threats; this initiative avoided a single point of compromise and was praised by external auditors who passed all user controls
  • Praised by the CIO and Board of Directors on the success of the project that improved user access security posture and elevated the company’s reputation across the sector
  • The company’s CIO was selected CIO of the Year in The CEO Magazine 2016 Executive of the Year Awards where security measures were prominently featured
  • Assigned as Project Manager and Technical Architect, to create a mission-critical centralised password vault for storing and managing shared sensitive information—passwords, documents, and digital identities
  • Transformed risky, ad hoc process of manual spreadsheets and desktop sticky notes, to a secure vault protected by preventative and security controls augmented through approved workflows and alerts on password access
  • Introduced security policy framework and policy controls
  • Established a data security division
  • Launched vulnerability management
  • Second layer authentication directory for application access

Change Manager

04.2011 - 05.2014
  • Promoted as the first manager of a newly created IT division devoted exclusively to production support
  • Of primary importance was ensuring enterprise-wide IT production systems for 105 stores across Australia and NZ were operating with little or no downtime, and achieving all SLAs
  • Established a new division for Production Systems support, recruited and created a fully autonomous and streamlined team, established policies, and implemented two mission-critical projects
  • During tenure in the role, acted as Change Manager to establish change management and release management controls, and creating a streamlined incident management system
  • Set up fully functional team in three months
  • Team became autonomous in one year with all KPIs being met in 12 months
  • Never exceeded budget Maintained costs under 20% of budget
  • Centralised order system increased sales by 30% Profit margins increased to 7% from 1%
  • Ecommerce sales profits grew to 15% of total sales
  • Challenges on commencement: a lack of documented procedures and controls for production support, high levels of human error, no change management controls surrounding production system changes, poor staff rostering, and no accountability or auditing
  • Action overview: Established standard operating procedures on incident management, trained team, introduced stringent policy controls and a release management system, and created a new environment administration team to build non- production environments
  • Awarded Top Performing Manager in IT by CIO | Performance Appraisal: Outstanding | Won Bonus
  • Selected outcomes: Ambiguities removed following SOP implementations
  • Incidents become visible and accountable
  • From regular failed PwC audits, by year three there were no failed findings
  • By year three 100% of changes were transitioned through the production team—increasing from just 60% in year one
  • No incident of production downtime attributable to human error
  • All calls resolved after hours by year three—a significant improvement from 40% next morning in year one
  • Production staff availability increased from eight to 12 hours, while on-call service extended to 24/7 support
  • Critical production change failures decreased from 20% to2%
  • Change visibility and store notifications increased from 50% to 100%
  • Application development productivity rose by 20%
  • Sustained business continuity across all stores with no critical errors impacting operations from 750 changes
  • Selected projects
  • Implemented two mission-critical projects—Oracle Retail Supply Chain Management and E-Commerce—delivered without significant downtime during implementation
  • Despite numerous changes needed to resolve ongoing issues, projects were deployed on time and within budget
  • E-Commerce sales rose from .001% total sales to 5%
  • Led a $4M Oracle retail merchandising system project to manage, control and execute merchandising, purchasing, distribution, order fulfilment, and financial close
  • The project, delivered on time and on budget, was highlighted by Oracle as one those most successful implementations—with up to 50,000 messages traversing the systems daily, and no messages lost
  • Batch jobs were reduced by 75% and recovery mechanisms provided solid backup
  • The CEO was quoted as saying, the “Centralised buying system and improved supply chain management, helped pursue “Remarkable Retail”
  • Technical Architect and Environment Administrator on $1M E-Commerce website to cope with 24/7 retail traffic
  • Robust, highly available databases at the backend, catered for daily activities and mission-critical batch jobs
  • The Good Guys was awarded the NORA Multichannel Retailer of the Year Award at the 2015 Australian Retail Awards.

Technical Production Support Manager

THE GOOD GUYS
01.2011 - 01.2014
  • Report to CIO
  • Supervised: 9
  • Budget: $600K

Senior Database Administrator, General Manager

Base Technologies
01.2008 - 01.2011
  • Recruited to ensure all IT production systems were running without adverse downtime and meeting SLAs
  • Supported the first website for the company, established basic infrastructure for middleware, instigated identity management with directories for authentication and authorisation, presided over highly available systems and trained team members—many of whom were later promoted
  • Transformed three staff with no prior DBA experience into Senior DBAs, and an Environment Administration Manager
  • Implemented flash storage improving database performance by 80%
  • Stores never reported a performance downgrade
  • Presided over no single points of authentication failure or compromised security
  • No major incidents or critical production systems downtime
  • Change management procedures and controls implemented
  • Middleware interfaces streamlined to the production system
  • Production error alerts and actions established
  • Highly available systems established and teams trained

QUEST SOFTWARE
Camberwell
10.2000 - 11.2008
  • (Spotlight)
  • Designed memory performance analysis portal with an accompanying paper presented to several Oracle User
  • Groups in major Australian cities
  • Designed in Oracle 9i using a holistic approach that Oracle could only replicate in version 12c, eight years later
  • Designed DBA monitoring in TOAD and SQLDeveloper, still in use to the present day
  • Developed in FOGLIGHT, a web-enabled performance monitoring and stealth performance statistic collector for Oracle databases
  • Leveraged the power of TOAD and SWLDeveloper—software tools for Oracle databases.

Project Manager

SYNTHESYS SYSTEMS CONSULTANCY & SERVICES
Melbourne
05.2000 - 09.2000
  • Assumed control of a project to develop an application for the Education Institute’s Building Compliance Audit system for the
  • Department of Education Employment & Training
  • More than a year overdue and with just one staff member, completed the project in four months—well under budget and two months less than the six months allocated
  • During period of employment also identified new areas for improvement and built a business requirements document that was later approved by DEET and brought an additional project to the employer.

Oracle Consultant

THAIOIL COMPANY LIMITED
10.1993 - 02.2000
  • Developed and implemented a high-precision Oil Tank Volume Calculation system based on daily readings from engineers
  • Work surpassed the ISO standard for petroleum products and lubricants
  • Designed, developed and implemented robust
  • Laboratory Information System that helped achieve ISO 9000 quality.

Senior Systems Analyst

THE K.C.P. LTD
11.1987 - 09.1993
  • Developed and rolled out a first in India—a production planning tool and control (MRP-II) system via Oracle database
  • Also introduced and developed a product cost estimation system for estimates and variance analysis reports
  • Methodologies and architectures Enterprise information security architecture
  • Datastructure/Databases Oracle 12c, Microsoft SQL Server, MySQL, POSTGRES
  • Development/Real Time IDE Tools Oracle SQL Developer, Oracle JDeveloper
  • Programming & Assembly Languages Java, C, PL/SQL, SQL
  • Development Environment Oracle Fusion Middleware
  • Business Programs Microsoft Office
  • Protocols and Standards PCI-DSS, ISO-27001, CIS
  • Business Software Oracle Retail Merchandising System, IBM E-Commerce, TECHNOLOGYONE-POS
  • Design / Drawing/Painting Microsoft Visio
  • Operating Systems IBM AIX, Solaris, Linux, Microsoft Windows
  • Security: QUALYS: Vulnerability Management, Policy Compliance, Continuous Monitoring, PCI Compliance, ThreatPROTECT

Education

Master of Science - Mathematics

Loyola College/Madras University

Bachelor of Science - Mathematics

Loyola College/Madras University

Diploma - Systems Analysis & Data Processing

Annamalai University

Diploma - Systems Analysis & Data

Annamalai University

Post Graduate Diploma - Business Administration

Annamalai University

Skills

  • Security planning
  • Security event log reviews
  • Potential weakness mitigation
  • Policy and control implementation
  • Training and Development

Timeline

Information Security Manager

JBHIFI Retail
07.2014 - 03.2022

JB Hi-Fi Group, JB HI, THE GOOD GUYS
01.2014 - Current

Change Manager

04.2011 - 05.2014

Technical Production Support Manager

THE GOOD GUYS
01.2011 - 01.2014

Senior Database Administrator, General Manager

Base Technologies
01.2008 - 01.2011

QUEST SOFTWARE
10.2000 - 11.2008

Project Manager

SYNTHESYS SYSTEMS CONSULTANCY & SERVICES
05.2000 - 09.2000

Oracle Consultant

THAIOIL COMPANY LIMITED
10.1993 - 02.2000

Senior Systems Analyst

THE K.C.P. LTD
11.1987 - 09.1993

Master of Science - Mathematics

Loyola College/Madras University

Bachelor of Science - Mathematics

Loyola College/Madras University

Diploma - Systems Analysis & Data Processing

Annamalai University

Diploma - Systems Analysis & Data

Annamalai University

Post Graduate Diploma - Business Administration

Annamalai University

Senior Database Administrator

THE GOOD GUYS

Similar Profiles

CREATE PROFILE
RAMESH NAIDUInformation Security Manager