Results-driven cyber and information security professional with over 15 years of experience in delivering successful information and cyber security outcomes for local and global organizations. Achieved industry-leading security standards by developing and implementing technology roadmaps and robust security programs that anticipate and adapt to evolving risks. Implemented security protocols and tools, such as intrusion prevention and virus protection systems, resulting in minimal security breaches. Led cross-functional teams to achieve successful security outcomes while maintaining positive relationships with IT teams, engineers, and other personnel. Successfully communicated and resolved complex security issues with stakeholders and demonstrated the ability to adapt to new industries and technologies.
Hi, I’m
SURESH EMMANUEL
Colombo
Summary
Overview
16
years of professional experience
1
Certification
Work History
Hatton National Bank PLC
Chief Information Security Officer
07.2020 - Current
Job overview
- Direct accountable for Cyber and information security strategy and roadmap development and on ground execution
- Lead an expert team of professionals to drive an appropriate level of security across the entire bank
- Improved Corporate management cybersecurity awareness through ”Game of Threat” Cyber simulation training
- Manage all aspects of the company’s cybersecurity postures and spearhead awareness program that results in an 80% decrease in security events
- Improved awareness of users through consistent various awareness programs, phishing simulations and trainings, targeting endpoints, mobile, remote working, servers, emails, internet, etc
- Improved Bank’s security posture and practices by implementing NIST CSF and certifying from ISO/IEC 27001 standard
- Over 98% successful on ground execution of planned cyber and information security projects per annum
- Improved SOC incident ticket resolution time by 70% through implementing effective SecOps practices
- Established Capability Maturity Model based, cross-functional security working committee to drive information security initiatives effectively across the Bank
- Established security KPI & KRI based dashboard monitoring systems through MS power BI and extended up to top management
- Helped to identify and remediate vulnerabilities through periodic and frequent security testing via commercial tools, open-source tools
- Improved security posture of the Bank by conducting multiple penetration testing and RED team assessments as per MITRE attack framework
- Defended organization proactively against latest Cyber attack through effective Threat Intel utilization
- Assured zero data leakage incidents by implementing classification and Data leakage prevention on endpoints, web and emails along with effective user awareness training across the Bank
- Established Threat intel based proactive control remediation and incident response
- Enhanced security posture of the Bank via next-gen EDR/ XDR solution implementation to endpoints and server segments.
Nations Trust Bank PLC
Assistant Vice President Information Security
01.2018 - 07.2020
Job overview
Nations Trust Bank PLC
Senior Manager Information Security
10.2017 - 12.2017
Job overview
Nations Trust Bank PLC
Manager Information Security
04.2015 - 10.2017
Job overview
- Developed and executed multiple security plans to support the overall CISO strategy of the Bank to support the business
- Improved email security by implementing a system consist of advance threat protection, sand-boxing and anti-phishing capabilities
- Promoted multiple times within a two years’ timeframe for helping the company surpass goals
- Implemented a connected security architecture which can be connected to a SOAR platform for an effective cyber incident response
- Implemented a dark web monitoring service to proactively identify threat actors beyond organization’s boundaries
- Updated older programs and Implemented procedures that protect the bank from security threats and data breaches
- Evaluated, recommended, and developed security controls, architecture, policies, and standard practices based on business needs, risk assessment, and regulatory requirements
- Reduced the risk by improving of endpoint computers security via implementing EDR software and Nextgen protection
- Reduced incidents by 100% through proactive countermeasures and 24
- 7 SOC monitoring
- Helped the Bank to achieve data security compliance by implementing a Bank-wide data governance framework
- Reduced threat landscape and vulnerabilities through wide spectrum of technology risk reviews.
LANKA ORIX Information Technology Services Ltd, An LOLC Group of Company
Information Security Analyst
10.2013 - 04.2015
Job overview
- Ensured group’s compliance efforts by implementing of ISO/IEC 27001, ISO/IEC 9001, and ISO/IEC 20000 at LOLC Group of companies
- Implemented and maintained programs, policies, and procedures to protect the integrity and confidentiality of systems, networks, and data security controls
- Implemented and improved process efficiency via CMMI methodology for Agile software development environment
- Conducted risk assessments of information systems to identify security issues and develop mitigation plans
- Conducted internal IS audits and proactively participated in team meetings with IT managers.
Sri Lankan Airlines Ltd, Bandaranayke International Airport
Group Advisory Services Supervisor - IS
03.2013 - 10.2013
Job overview
- Conducted Information security and governance audits for SriLankan Airlines Group Including ISO/IEC 27001 internal audits, BCM audits and Compliance audits
- Articulated risk- based annual IS audit plan, and presented IS audit findings to the Board Audit Committee.
PRICEWATERHOUSECOOPERS LANKA PVT LTD
Associate IT Security Consultant
06.2012 - 03.2013
Job overview
PRICEWATERHOUSECOOPERS LANKA PVT LTD
IT Security Analyst
11.2011 - 06.2012
Job overview
- Promoted within one year to the post of Associate IT Security Consultant for determining an optimal direction for the company on a strategic level
- Planned and executed IS audits and security reviews for multiple Blue-chip companies
- Managed security audits/ reviews within timelines and articulated Management letters by highlighting security risks
- Articulated Standard Operating Procedures (SOP) to streamline inter organization practices
- Assisted organizations to identify and remediate vulnerabilities through multiple VAPT and PT assignments for large corporates.
SJMS Associates, Deloitte Touche Tohmatsu - Deloitte
INFORMATION SYSTEMS AUDITOR (Trainee)
01.2010 - 11.2011
Job overview
- Conducted Information systems audits as per Deloitte's IS audit assurance framework and ISO/IEC 27001 standard
- Articulated management letter of IS audit findings by highlighting risks and impact to the businesses
- Wide spectrum of technology risk reviews multiple global and local clients
- Articulated Management Letters and executive summary to top management Board of Directors.
SJMS Associates, Deloitte Touche Tohmatsu, Deloitte Lanka
NETWORK ASSISTANT (Trainee)
07.2009 - 01.2011
Job overview
- Helped organization’s growth by maintaining core network infrastructure, emails, server maintenance, incident and end user support activities.
WPA World Class Service (PVT) Ltd
IT AND NETWORK SUPPORT ASSISTANT
01.2008 - 06.2009
Job overview
- Improved companies bottom-line by managing operating systems, application and network support, troubleshooting and availability of systems.
WPA World Class Service (PVT) Ltd
Data Processing Officer
10.2007 - 01.2008
Job overview
- UK health care data claims and billing processing in Naxos system
- UK Data protection act related practices
Ade Lanka (PVT) Ltd
Data Processing Officer (Trainee)
01.2007 - 09.2007
Job overview
- Global music labels (SONY, Paramount’s, Disney, etc.) related data processing
Education
University of GloucestershireColombo
Master of Science from Cybersecurity
03.2024
University Overview
International Institute of Cambodia University of TechnologyColombo
Bachelor of Science from Computer Science
06.2016
University Overview
Informatics AcademyColombo
International Diploma in Computing from Computer And Information Sciences
01.2015
University Overview
Cardiff Metropolitan UniversityColombo
MBA from Business Administration And Management
01.2015
University Overview
Skills
- Standards & Frameworks: ISO/IEC 27001ISO/IEC 3100 ISO/IEC 27701 ISO/IEC 20000 GDPR NIST CSF CIS Controls PCI-DSS MITRE ATT&CK SANS
- Security strategy: Security architecture Strategy and Road Map Development Defense in depth Connected security Architecture Security Automation and Orchestration Response Security playbooks Data governance
- Language Proficiency : IELTS overall 70 ( Speaking 80)
- Project/Program Management Skills
- Outstanding Communication Skills
- Leadership
- Collaboration
- Cost benefit analysis
- Change Management
- Active Listening
- Security Information and Event Management (SIEM)
- Personnel Oversight
- Risk Management Assessments
- Vulnerability Management
- Confidential Data Protection
- Strategic Execution
Accomplishments
Accomplishments
- Implemented complex security projects and assignments concurrently, with success in applying information and cyber security policies and procedures to achieve business objectives
- Improved Cybersecurity posture of the Bank by implementing effective incident response, threat intelligence and information privacy
- Reduced vulnerability management remediation timelines from 30 days to 10 days by introducing automation
- Used effective threat intel based system to proactively defend against latest threats
- Assured zero data leakage incidents through effective data governance and DLP controls
- Adopted zero trust security model in security architecture to improve security posture
Certification
- Certified Information Systems Security Professional (CISSP) The International Information System Security Certification Consortium, (ISC)², USA, Nov 2022
- Certified Information Security Manager (CISM) Information Systems Audit and Control Association, ISACA, USA, Aug 2016
- Certified Information Systems Auditor (CISA) Information Systems Audit and Control Association, ISACA, USA, Mar 2016
- Certified Data Privacy Solutions Engineer (CDPSE)
- ITIL Foundation Version 3.0 Certified Practitioner, APMG, 2013
- Payment Card Industry Security Implementer, SISA, 2016
- ISO 27001 Certified Information Security Management System Lead Auditor, BUREA VERITAS, 2015
- ISO 9001 Quality Management System Lead Auditor, BUREA VERITAS, 2014
- ISO 27701 Privacy Information Management System Lead Implementer, BUREA VERITAS, 2022
- Security Information and Event Management System Administration - 101, McAfee Corp, 2017
- Certificate in IT and Cyber Security Law, NIBM, 2022
Languages
Sinhalese
Native language
English
Proficient
C2
Tamil
Upper intermediate
B2
Additional Information
Additional Information
He’s been an active panelist and distinguished speaker for multiple leading conferences, summits and events organized by Asian Bankers Association, GISEC Global 2023, The Economic Times, Dynamic CIO, Computer Society of Sri Lanka, ISC2, ISACA and Ministry of Digital Infrastructure.
Affiliations
Affiliations
- Chairman for CISO Community circle of Sri Lanka, ISC2, Sri Lanka Chapter, 2022-Present
- Board Director of ISACA, Sri Lanka Chapter, 2019-2020
- Professional Member, BCS, UK, 2011 - Present
- Professional Member, ISACA, 2013 - Present
- Professional Member, ISC2, 2022 - Present
LinkedIn
https://www.linkedin.com/in/sureshemmanuel
Timeline
Chief Information Security Officer
Hatton National Bank PLC
07.2020 - Current
Assistant Vice President Information Security
Nations Trust Bank PLC
01.2018 - 07.2020
Senior Manager Information Security
Nations Trust Bank PLC
10.2017 - 12.2017
Manager Information Security
Nations Trust Bank PLC
04.2015 - 10.2017
Information Security Analyst
LANKA ORIX Information Technology Services Ltd, An LOLC Group of Company
10.2013 - 04.2015
Group Advisory Services Supervisor - IS
Sri Lankan Airlines Ltd, Bandaranayke International Airport
03.2013 - 10.2013
Associate IT Security Consultant
PRICEWATERHOUSECOOPERS LANKA PVT LTD
06.2012 - 03.2013
IT Security Analyst
PRICEWATERHOUSECOOPERS LANKA PVT LTD
11.2011 - 06.2012
INFORMATION SYSTEMS AUDITOR (Trainee)
SJMS Associates, Deloitte Touche Tohmatsu - Deloitte
01.2010 - 11.2011
NETWORK ASSISTANT (Trainee)
SJMS Associates, Deloitte Touche Tohmatsu, Deloitte Lanka
07.2009 - 01.2011
IT AND NETWORK SUPPORT ASSISTANT
WPA World Class Service (PVT) Ltd
01.2008 - 06.2009
Data Processing Officer
WPA World Class Service (PVT) Ltd
10.2007 - 01.2008
Data Processing Officer (Trainee)
Ade Lanka (PVT) Ltd
01.2007 - 09.2007
University of Gloucestershire
Master of Science from Cybersecurity
International Institute of Cambodia University of Technology
Bachelor of Science from Computer Science
Informatics Academy
International Diploma in Computing from Computer And Information Sciences
Cardiff Metropolitan University
MBA from Business Administration And Management
Similar Profiles
Imanka HikkaduwageImanka Hikkaduwage
Asst Mgr-Cards Business Develpmt & Portfolio Mgt at Hatton National Bank PLCAsst Mgr-Cards Business Develpmt & Portfolio Mgt at Hatton National Bank PLC
Eric EmmanuelEric Emmanuel
Lead Credit Analyst at Hatton National Bank plcLead Credit Analyst at Hatton National Bank plc
Fathima Shermin NawazFathima Shermin Nawaz
Junior Executive at Hatton National Bank PLCJunior Executive at Hatton National Bank PLC