Srivatsan Raghavan serves as Chief Information Officer at OHLA USA, a national heavy civil and vertical construction company operating across New York, Illinois, California, and Florida. Over 15 years with the organization, he has led cloud migration, in-house software development, and a zero trust security transformation. Srivatsan oversees a lean IT team that spans help desk, infrastructure, security, business intelligence, and ERP. His leadership blends pragmatic frugality with engineering rigor, turning lessons from a real cyber incident into award-winning programs in identity, automation, and document security.

• How a small, focused IT team supports a multi-company construction enterprise

• Why zero trust and identity hygiene became the foundation after a breach

• How OHLA USA eliminated its corporate WAN and leaned into cloud and zero trust

• A practical matrix for mapping projects to NIST functions and zero trust pillars

• Just-in-time identity creation using Power Automate and a rules engine

• Zero trust document management with Graph API and role-based folder access

• How to align innovation with frugality and measurable operational outcomes

• What executive teams learn during breach response and regulatory follow up

Srivatsan outlines OHLA USA’s scale and complexity, with seven operating companies, dozens of job sites, and both heavy civil and mid-rise vertical projects. He explains how a small IT team supports 30-plus business applications while building custom tools for process automation and reporting.

He then shares the turning point. After a breach during the 2021 COVID period, the company reframed security around identity, endpoint, and cloud controls. With help from Microsoft tooling, they adopted a zero trust mindset. Srivatsan connected the NIST framework to zero trust pillars and used that matrix to plan and prioritize projects across identify, protect, detect, respond, and recover.

Finally, he details two award-recognized programs. First, just-in-time identity creation that handles decentralized onboarding at job sites and joint ventures using Power Automate and a rules engine. Second, zero trust document management that creates standardized project folder structures via Graph API and maps granular permissions to roles, enforcing least privilege from day one through termination. The result is a playbook any resource-constrained IT team can adapt.