Omkhar Arasaratnam is an experienced cyber security and technical risk management executive. He has over 15 years of Information Technology experience. Omkhar has had a long history of leading global, multi billion dollar projects. He has lead organizations to realize their business goals while effectively managing risk and compliance requirements. Omkhar has experience leading Enterprise Security Architecture organizations at financial and technology institutions. In this capacity, he has revolutionized the effectiveness of security architecture. Omkhar is also an accomplished author with several granted patents and has led contributions to several international standards. Key Skills: Enterprise Security Architecture Cloud Computing Security Cyber Security Mobile Security Big Data Security Enterprise Risk Management Executive Program Management Leadership Regulatory Compliance

CTO of CISO and Global Head of CISO Cyber Security Strategy, Architecture and Engineering @ • Re-established the Security Architecture Board as a 2LoD governance board. • Rebuilt the Security Architecture team, providing security support to major projects. • Established the Security Solution Architecture team, providing solution architecture support to CISO Cyber Security projects. • Realigned CISO Cyber Security projects to adhere to SDLC principles, deliverables and methods to improve delivery and quality. • Appointed as the Chief Technology Officer (CTO) for CISO, member of the CTO Council. • Led innovation through partnering with universities, VCs and startups to incubate and improve new security technologies. • Led Security Engineering in an interim capacity from May 2015 - .... From September 2014 to Present (1 year 2 months) Greater New York City AreaChief Security Architect @ • Led the Enterprise Security Architecture team at the bank. • Provided strategic security architecture decision support for the bank. • Led development of the Security Reference Architecture Model (SRAM) – An enterprise architecture designed to support the risk posture of the bank. • Developed a management and continuous improvement system to govern usage and quality of SRAM assets. • Provided security architecture guidance for key projects at the bank, such as: o Payment Card Industry (PCI) o Data Loss Prevention (DLP) o Security Information and Event Management (SIEM) o Fraud Analytics o Cyber Security o Mobile Wallet • Adviser on key information security topics to senior executive management. • Governed security within the architectural community at the bank, ensuring alignment with security and architecture principles for all projects. • Spoken at numerous conferences regarding Risk Management, Security Architecture and Cloud Computing. From October 2012 to August 2014 (1 year 11 months) Toronto, Canada AreaIndustry Architect - Pensions, General Business Enterprise @ Responsible for bringing cross IBM (Software, Hardware, Services, Research) capabilities to address business challenges within the pension industry - covering both plan administration and investment. From July 2012 to October 2012 (4 months) Toronto, Canada AreaGlobal Chief Security Architect, SmartCloud Enterprise+ @ • Led the overall security architecture for the design, development and deployment of IBM’s SmartCloud Enterprise+ (SCE+), a managed Infrastructure as a Service offering. • Led development of the security architecture, principles, policies, procedures and standards used globally for SCE+ • Led ground breaking work in the application of SCE+ to IBM’s Deep Analytics engine (Watson) • Coordinated multiple global development work streams from IBM Research, Software, Hardware and Services divisions to provide a secure enterprise grade Cloud offering • Co-led projects jointly with IBM Research regarding Cloud security • Responsible for overall compliance and risk posture with SCE+, including external regulatory compliance (PCI, HIPAA, SSAE16) • IBM Global lead for contributions to ISO/IEC Sub-committee 38 Working Group on Cloud computing • IBM Global lead for contributions to ISO/IEC Sub-committee 27 Working Group on Cloud computing security and ISO 27001 refresh From January 2011 to July 2012 (1 year 7 months) Toronto, Canada AreaLead Senior IT Security Architect @ • Thought leader, architect and trusted advisor to CIO, CTO and CISO regarding information security and risk management • Led an organization of presales architects and security delivery personnel for Canadian security services • Had profit and loss responsibilities for business development and delivery of security services in IBM Canada • Led architecture and development of the largest security deals in Canada, including Government of Alberta ($19m) and Project Phoenix ($30m) • Canadian Cloud security thought leader, presented at several conferences, universities and customer briefings • Developed cloud security assessments and training for IBM worldwide • Lead security architect for multi-million dollar complex security opportunities involving multiple business units across IBM. • IBM Architecture (Team Solution Design) method advocate for IBM Security Service in Canada • Canadian lead for Smart Grid security From December 2009 to January 2011 (1 year 2 months) Lead Enterprise Architect, Component Infrastructure Roadmap @ • Performed infrastructure assessments and roadmap planning aligned to client strategic business needs using CIR (Component Infrastructure Roadmap) technique. • Developed solution architectures which assisted IBM clients with realizing business goals through use of IBM products and services • Led organizational change management and adoption of strategic roadmaps • Created IT Service Management improvement plan for a Large US Financial Institution, projected to reduce operational expense by 35% over 5 years • Lead a $20 million dual data center / IT Service Management improvement project with Large US Retailer • Assisted a large US Energy and Utility company with converging Operations Technology and Information Technology objectives into a 5-year Smart Grid convergence plan. • Acted as Security subject matter expert for CIR content • Lead incubator team at the Open Group regarding Cloud security • Developed Cloud adoption model content for CIR method • Assisted with development and maintenance of the CIR materials and tools From October 2007 to December 2009 (2 years 3 months) Security & Privacy Architect @ • Acted as Chief Information Security Officer for key government and financial clients • Developed Security Program Offices for several financial and government clients • Assisted several clients with regulatory compliance projects (Sarbanes Oxley, Bill 198) • Developed and augmented policies, procedures and standards for clients based on ISO 17799-2005 and ISO 27001 • Created Enterprise Security Architecture for several key clients • Member of the Open Group SOA Security Architecture working group • Canadian lead for IBM’s Data Centric Security Architecture initiative • IBM Enterprise Security Architecture working group leader • Developed solution architectures to meet client security needs • Performed security compliance reviews for various operating systems • Conducted forensics investigations. • Performed security related code review. • Lead Ethical Hacking team from 2005-2006, generating over $1 million in revenue across Canada and the Caribbean • Performed ethical hacking / penetration testing for numerous customers From December 2004 to September 2007 (2 years 10 months) Team Lead, Intel Server Services @ • Contributed to IBM global internal security standards for Linux Acted as Linux Architect for several large account customers. • Conducted coaching sessions and root cause analysis when service outages occurred. • Actively participated in process improvement exercises to ensure optimal team performance. • Lead study of patch automation tools, which reduced security workload by 60% across the business unit. • Reduced server build time by 30% using unattended build process for Windows. • Architected server consolidation plan, reducing 32 Intel servers to two pSeries. Saved over 73% in operating costs. • Architected and implemented the first Linux/Oracle RAC cluster in Canada. From January 2004 to December 2004 (1 year) Windows and Linux System Administrator @ • Performed System Administration duties for Intel based servers supporting internal and IGS Canada customers. • Served as Linux technical lead for service delivery center. • Worked with Account teams to migrate outsourced legacy Windows servers to Linux. • Successfully maintained Internal Security compliance for over 30 Linux servers. • Lead successful migration of all servers from Red Hat consumer distribution to Red Hat Enterprise Linux in a timely manner. • Developed web based on call paging system. Implemented using PHP and MySQL. • Developed KickStart based deployment method for new Linux server builds, reducing build time by 50%. • Mentored team members with Linux skill building. • Facilitated vulnerability scanning for all servers maintained by department. • Contributed to Internal Linux Security standards. • Assisted account team with VMware consolidation project. • Served as technical lead for Blade Center deployment. From September 2002 to December 2003 (1 year 4 months) US Mobiles Technical Support @ • Provided second level and supervisory support for technical support call center. • Coached and mentored agents to improve customer satisfaction metrics. • Addressed customer escalations. From December 1998 to August 2002 (3 years 9 months)

Omkhar Arasaratnam is skilled in: Security, Information Security, Cloud Computing, Network Security, Solution Architecture, Computer Security, Enterprise Architecture, Servers, Enterprise Software, IT Service Management, Security Architecture..., Architecture, Information Security..., Data Center, IT Strategy, Penetration Testing, Virtualization, VMware, ITIL, Firewalls, System Administration, Hardware, Infrastructure, Linux, ISO 27001, Identity Management, Windows Server, Governance, Leadership, Risk Management, Security Assessments, Network Architecture, AIX, IDS, Vulnerability Assessment, Change Management, Information Technology, Solution Design, Unix, Vulnerability Management, IPS, Architectures, Organizational Change, IT Governance, Technical Leadership, Network Design, Cloud Security, PCI DSS, SDLC