Printing tool Download PDF

sugunavathy Victoria Devadason

Information Security Manager





Work experience


Information Security Manager, Group Information Security

  • Attached to the Application Security Delivery Domain.
  • Primary focus is to implement new strategies and projects for the department.
  • Function includes , implementation of Resource Provisioning whereby the workflow design is around the access of users based on the information from the Human Resource Database. Provisioning rules will be set based on the access roles and departments users belongs to.
  • End results, will reduce the need for manual access provisioning to be granted to users and eliminate granting of excessive rights.
  • The overall workflow design and process flow will need to be identified and configured before the implementation of access provisioning. Involves  identifying the risks and implementing mitigation plans to ensure that these risks are adequately controlled.



Penetration Testing (Infrastructure Vulnerability and Application Vulnerability)

  • Managed the Infrastructure Testing, carried out for all the perimeter network in the Bank (DMZ). This is done by assessing the network components and configurations to ensure that the Banks Network Boundry is operated securely. This will include the compliance to standards already set, benchmarking against industry Standards. The risk will be tracked with the various teams in the bank to ensure the risks are mitigated.
  • This project is implemented to ensure cost savings to the bank without compromising security functions.
  • Instrumental to ensure the process and procedure is clearly  defined and there are no operational issues. Over 500 devices are tested to identify security weakness that may compromise the infrastructure and the application hosted. Security risk assessment is performed to identify the potential risks and present this to the business. 
  • Responsible for monthly dashboard reports to be presented to higher management on the status of the Infrastructure and Applications.
  • Key Risk Indicators are highlighted for actions to be implemented to mitigate these risks.
  • Experienced in Risk and Compliance to identify and evaluation of signification exposures on environment, process and projects for stakeholders. Working on Audit Remediation program to ensure critical systems risks are mitigated to reduce exposure to external exploits.


  • Part of the Vulnerability Management team in Group Information Security. The vulnerability assessment is identified and tracked for various operating systems. Compliance issues are addressed to ensure the integrity of the policies and standards.  I am response to conduct the Security Acceptance Test for new AS/400 servers added to the Banks Application System. In addition to that I am also responsible to conduct the periodic Security Verification Test for all AS/400 servers to ensure that the servers are compliant to the Banks Standards.

2005 - 2007 : SECURITY ANALYST

  • Supporting AS400 Platform.

  • Role involves providing support for the user administration of the AS400 server, conducted security verification tests to ensure that server is compliant to standards.  Work with first level support group to manage any customer problems and requests.

  • Manage the administration functions of the AS400

  • To ensure that only authorized persons are allowed access to the system. Streamline the security systems and process to gain efficiency and comply with standards.

  • Provide reporting to management on state of security compliance of  operating system. Provide on call support to resolve problem reported during office and non office hours.


  • Manage a team of 18 staff on User Administration of the IT Security Department. This includes the team that manages the Access Request for the various applications used within the Bank.
  • Responsible to manage the Problem Management team who will manage the status of account, resetting of passwords. 


  • I was in the team which manages the User Administration of various applications used in SCB Malaysia. This includes managing the Access Request and also Password reset request.

Projects Completed

September 2013 - Application Vulnerability Test

  • Managed the Application Vulnerability Test for all Internet Facing Applications that was rolled out in the Bank. This was initially contracted with vendor and the project was undertaken to implement the Application testing with internal resources on a monthly schedule.
  • Worked with various domain stakeholders from Business and IT to understand the process flow of applications and project development process.  Various software's was sourced out and Proof Of Concept was done. The AVT was finally an on-going process done internally  and implementation was done in September 2013

  June 2013 – Infrastructure Vulnerability Test

  • Implemented the Infrastructure Vulnerability Testing for all the network perimeter devices within the Bank. As these tests were carried out on-site with vendors, a project as initiated to design the workflow to carry out these tests from a single remote site. These involved understanding the network design and working with respective stakeholders to analyse and design a process flow that can complete the required test without any impact to the infrastructure.
  • Over 60 Infrastructure Gateways and 500 devices were to be tested for vulnerabilities and report to management was submitted to indicate the status of the Infrastructure. This included reviewing the Sans Top 25 vulnerabilities and the OWASP Top 10 vulnerabilities.

 2003 - Resource Provisioning Tool

  • To ensure that access is accounted for all systems and services in the Bank. This involves collection of data andbuilding a database that will hold the various applications used in the Bank and the list of authorised users. 

2002 – Transition Project

  • Transition Projects for Singapore, Thailand and Indonesia. I was responsible to understand the workflow and process of administration for these countries and migrate the job functions to the service centre in Malaysia.

Jul 1999Sep 2001


  • System Administrator Function for AS400, NT Servers, Windows 98 OS, Mail Server,Internet Server. User Access & Rights for AS400 and NT Server Users, System Backup, Maintenance and House-keeping of AS400 and NT Servers. Maintenance and Enhancement of Network System (Local Area Network & Wide Area Network), Computer Systemand Shipping Related Softwares. Set-up and Maintenance of Leased Line and ISDN Line-Setup between the HQ Officein Shah Alam and branch offices – inclusive of Router Maintenance (CISCO), ISDN Gateways, E-Mail System, Proxy Servers. 
  • User Manuals , Technical Manuals and Training for Staff Maintenance and Interface of Electronic Data Interchange(EDI).  Development, Trouble-Shooting and Enhancements of Local Web Page. Periodic visits to branch offices in Penang, Johor, West Port and North Port for installation, maintenance and review of existing systems.
Mar 1996Jun 1997


  • Analyse, Design and Development for Interactive Voice Response System Maintenance and Enhancement of Call Centre Installation, Testing and set up of environment for a call centre based system.
  • Prepare User Manual, Technical Manual & Training for End Users and Technical staffs


  • Outstanding Performance Appreciation Award for Group Technology Operation 2012

  • 10 Years Loyalty Award 2012

  • 5 Years Long Service Award 2006


  • Secure Your Web of Insecurities           (2014)
  • Culture of Execution (COE)                     (2010)
  • Strategic Negotiations Skills                 (2009)  
  • Penetration Testing:Tools and Countermeasures  ( 2008)
  • Microsoft Excel Functions and Formulas ( 2008)
  • Successful Project Management         (2007)
  • Being a Talented Manager                     (2005)
  • ITIL-Service Management                      (2003)
  • First Line Managers Development Programme  (2003) 
  • GK-Network Security and Firewall    (2003)


Ben Line Agencies                                                                     2000      Secretary, Sports Club

Toowoomba Committee of International Students   1998      Committee Member

Malaysian Students Society                                                  1998      Committee Member