Samitha Amarasiri is a leader in the Protiviti Security and Privacy solution area with over 20 years of experience building, transforming and operating cyber programs at leading banks and insurance organizations.
Noteworthy accomplishments include transforming cyber security programs to embrace modern business and IT opportunities, efficiently demonstrate regulatory compliance, and effectively managing threats and risks.
- Cyber-security program strategy: Iteratively developed multi-year overall cyber security program strategies in partnership with key business, IT, and risk stakeholders; delivered board presentations that resulted in multi-year, multi-million-dollar funding commitments.
- Regulatory compliance: Evolved cyber security programs to effectively demonstrate compliance to evolving cyber security regulations.
- Program establishment: Established comprehensive, multi-year data privacy and protection, privileged access management, identity and access management, and cyber defence programs. Successfully obtained multi-year funding commitments from the C-Suite. Established delivery frameworks for successful program execution.
- Program assessment and standardization: Established security baselines and continuous improvement programs based on standard industry frameworks such as CIS CSC, NIST CSF, and the Cyber Kill Chain.
- Innovation enablement: Transformed cyber security programs to enable organizations to embrace innovations such as containerization, cloud, mobile computing, and big data while protecting critical information assets. Enabled adoption of new paradigms such as agile, CI/CD and Devops.
- Cyber crisis management: Established cyber crisis management protocols for the C-suite, and led table top exercises to assess and refine cyber crisis management processes.
- Automation: Automated highly manual risk management processes enabling organizations to handle expanded regulatory requirements without increasing spend. Automated routine, manual assessment and testing processes enabling banks to reduce compliance costs.
- Breach response: Led post-compromise root-cause analysis, remediation, and board presentation efforts.
Areas of Expertise
- Cyber Security
- Technology Risk
- Program Management
- Cloud Computing
- Capital Markets
- Information Technology
- MS in Electrical Engineering and BS in Computer Engineering – Kansas State University
Professional Memberships & Certifications
- Certified Information Systems Security Professional