SUMMARY:

• Seasoned Industry leader and evangelist of GRC, Information Security, Risk and Compliance, Security and Enterprise Architect offering in - depth acumen in Enterprise GRC, Security, Risk, Governance programs and Architecture practices culled from over 18 years of experience. Capable of building, guiding and adeptly leading top-notch IT Security
• IT Service and GRC programs and teams. Leading figure in the industry and gives numerous presentations, seminars, and presents case studies. Excel at conceptualizing, developing and deploying leading-edge enhancements to enterprise-wide IT and Security processes, Security and Risk programs, Security and IT solutions and integrations. Vast and broad-based knowledge and experience of implementing major industry standards, best practices and frameworks. Technical proficiencies include…

TECHNICAL SKILLS:

Expertise and Competences: GRC Programs (Security and Risk GRC, IT GRC, Corporate GRC), Strategic GRC Journeys and Technical Architectures, Security and IT Roadmaps and Architectures, Enterprise and IT Risk Programs, IT and Security Compliance Management, Policies and Process Development, Portfolio and Program Management

Standards & Methodologies: ISO 27001, SSAE 16, COBIT, ITIL, RiskIT, ISO 38500, PCI DSS, TOGAF, OCEG, UCF (Unified Control Framework), Balanced Scorecards, RUP, SOA, SCAP, Confidential SIG/AUP, OPM3, COSO, OCTIVE, PMBOK, Zachmen

Tools: and Platform:GRC Platforms (Metric Stream, RSA Archer, Modulo), Risk Management (Risk Fabric, Brinqa, Rsam), SIEM Solutions (RSA Security Analytics, ArcSight, Splunk), Next Generation Firewalls (Palo Alto, Fortinet, F5), Malware/APT Protection (Fire Eye, Source Fire, Fortinet), Vulnerability Management ( Confidential, Rapid7, Confidential trust), End Point Protection ( Confidential SEP, Bit 9), Data Protection ( Confidential DLP, Data Insight, Guardium), Automation Platform (CSG Invotas, Tufin Orchestration, Firemon, Altiris Work Flow), IT Compliance Tools ( Confidential CCS, Confidential ESM), Application Security (AppScan, HP Fortify, Web Inspect), Architecture Tools (Telelogic System Architect, Rational Rose), Program Management (MS Project, HP Portfolio & Project Management, Rally Dev)

PROFESSIONAL EXPERIENCE:

IT Risk & Security Governance OFFICER

Confidential - NJ

Responsibilities:

• Was responsible for architecting, designing, implementing and integration different information security and compliance solutions.

Global GRC (Governance, Risk, Compliance) and Security Officer

Confidential

Responsibilities:

• Building Center of Excellence composed of organization’s leaders by providing strategic platform for evangelizing common approaches, tools, frameworks and experts in core competencies
• Implement Federate Enterprise model balancing coordination of shared resources and services with distributed business unit management of functional silos and centralized oversight.
• RSA Archer and Metric Stream GRC Program:
• Re-architecting End-2-End integrated GRC solution based on distributed, federated and agile architecture approach using RSA Archer and Metric Stream in compliance with OCEG GRC technology architecture best practices and standards.
• Leading the solution designing, development, configuration and deployment of core and customize modules including policy management, compliance management, risk management, issues management, vendor management, regulatory change management, risk portfolio management etc.
• Build integration middleware for GRC systems using API/SOA gateways using OCEG XML schemas for different backend data and system feeds.
• Build secure amazon cloud platform to deploy Archer and Metric Stream in distributed architecture both on premise and cloud and operate a centralized GRC systems
• Next Generation Security Program
• Introducing and evangelizing next generation Security and IT architecture standards, architecture tools and security operating standards like SABSA, EA, TOGAF, UCF, ISO 38500 etc.
• Automation and End-2-End Integration as part of agile architecture leveraging Integration and Orchestration platforms .
• Promote Innovation as Norm for Security and IT technologies and leveraging architecting best practices and emerging disruptive technologies to develop competitive advantages.

Global Information Security Officer

Confidential - New York, New York

Responsibilities:

• Architected, designed and implementation of integrated Data Loss Protection system using Confidential DLP Vontu 11.5 for internal systems, CloudLock DLP for Google cloud and Lumension DLP for mobile end point DLP.
• Data discovery and data classification using Confidential Data Insight and Altiris based entitlement management solution.
• Architecting access governance based on Gartner security best principles and leveraging SailPoint Identity management solution.
• ISO 2: Security Assessment: Performed an extensive corporate wide ISO 27002 Controls Assessment by engaging executive management, on-site interviews, observation of key technical controls, and documentation reviews. The purpose of the assessment was to assess and develop management awareness of the current state of information security control environment.
• Vulnerability, Threat and Compliance Management Solution:Implementation of Qualys Guard security scanner for external and internal vulnerability and compliance scans. Direct feed into Altiris incident management system which is tied into automated patch management and vulnerability remediation process. Integration with Tripwire Change and Configuration monitoring and Palo Alto active monitoring. Ensure complete visibility and management of all threat and vulnerabilities across the board.
• Information Security, Risk and Compliance Program: Initiated a formal Information Security, Risk and Compliance Program based on ISO 27001 and Confidential security policies. Developed management awareness, acquired sponsorship and secured budget for the program. A high level strategy, approach and risk framework was established with the issuance of Information Security Charter and Information Security Policy. Implementation roadmap and establishing of processes are underway for enhancing and improving security and technical controls to achieve target maturity.
• IT Governance Gap Assessment: Conducted an enterprise wide IT Governance gap assessment exerciser using COBIT, ISO 31000, ISO 27001, ITIL and COSO as applicable industry baselines. The purpose was to aligned business objectives with IT operations and services; steer IT initiatives and efforts for the better governance of IT Resources to facilitate business operations and customers.
• IT Service Delivery and Service Operation Management: Implemented ITIL v3 along with Altiris CMS, SMS, AMS and extensive set of customize workflows and processes to implement IT Service Delivery and Service Operation Management. This also include the language of decentralize local Service desk and centralized Global Service Deck. The objective is to achieve ISO 20000/ITIL v3 by end of 2014.

Snr. Principle Consultant

Confidential - New York, New York

Responsibilities:

• Confidential Data Loss Protection Solution:Architected, designed and implementation Data Loss Protection system using Confidential DLP Vontu 11.5 as the platform for Email, Storage and End point protection. Worked with information security, compliance and legal department for configuration of policies and remediation process.
• Confidential GRC Compliance Solution: Architected, designed and implementation GRC solution using Confidential CCS (Control Compliance Suit) for policy management, controls assessment, entitlement management and ongoing remediation.
• Integration of Compliance Solution DashboardArchitected and design the integrated solution for multiple compliance programs to provide single compliance dashboard. The level GRC tools like Confidential CCS and Archer where integrated using Archer as the dash board platform. The control level GRC tools like Confidential Vontu(DLP), Confidential Data Insight, Confidential End Point Protection (SEP) and ArcSight were integrated using Confidential Workflows.

Senior Information Security Consultant

Confidential - New York, New York

Responsibilities:

• Confidential ’s SCAP-based Vulnerability & Patching Solution: Played key role in Architecture, project management, planning, implementation and operation of security management solution for Confidential ’s Security Content Automation Protocol (SCAP)-based vulnerabilities management, threat detection, patch management and compliance management solution.
• IT Risk Assessment Modeling: Risk Assessment SME responsible to develop comprehensive risk assessment model based on systemic, franchise and inherit risk introduce by and to IT assets. Facilitate risk assessment process and mitigation efforts.
• IT Policy Gap Assessment: Conducted a department wide IT Security policies gap assessment exerciser using ISO 27001, FFIEC and Interagency papers as baselines. The initiatives included business service and IT services alignment, policy/procedures mapping to controls, control gap assessment and corrective actions.
• InfoSec Compliance for Vendor Management: Spearheaded the development of Information of Security Compliance Program for Vendors. requirement was used as part of compliance baselines. The program entailed vendor assessment, policy development, automated workflows, risk assessment due to noncompliance exposure, tracking of noncompliance and collaboration with Account Manager for risk mitigations.
• Architecture & Deployment Initiatives: Deployed Confidential Control Compliance Suit-Internet Security (CCSIS) security vulnerability scanners and Confidential Enterprise Security Manager (ESM).

Security Manager / Project Manager / ITIL Consultant

Confidential - New York, New York

Responsibilities:

• Governance, Risk and Compliance GRC ( Confidential ’s CCS Solution): Provided architecture leadership and project management skills in implementing governance, risk and compliance (GRC) solution utilizing Confidential Control Compliance Suite (CCS).
• Steered design and deployment of Confidential ’s CCS for policy development, audit management and compliance program.
• Bolstered program implementation of policy, entitlement and response assessment modules.
• Authored, coordinated and deployed more then 40+ security policies along with their respective procedures and controls.
• Establish security dashboards indicating security and compliance status of environment.
• ITIL based IT Governance( Confidential Altiris Solution: Coordinated planning and execution of IT governance initiatives, including implementation of ITIL, ISO 17799 and COBIT.
• Recognized with “Best Performance” two months concurrently.
• Implemented 9 ITIL processes (change management, configuration management, release management, security management, service desk, incident management, problem management and IT service continuity) across multiple IT silos and departments.
• Achieved across the board Level 3 ITIL maturity.
• Vulnerability and Malware Security Solution ( Confidential and Confidential ’s End Pont)
• Implementation of Confidential End Point solution for Protection from antivirus, malware, personal firewall etc. across 2000+ nodes, 50+ Server and 3 Main Consoles
• Management and monitoring of Confidential based vulnerability assessment both at parametric and internal network level
• Integration with Confidential Altiris Workflows system to remediate security vulnerabilities,, malware and security incidents
• IT Security & Audit: Managed all aspect of security initiates including planning and execution of ISO 27001 security framework.
• Adeptly coordinated resolution of issues brought up in J-SOX compliance audit.
• Served as security manager and liaison to Enterprise Risk Management (ERM) department.
• Facilitated multiple 3rd party audits including PWC, Confidential and Touch and HORA.
• PMO Office Reassessment: Revamped PMO and its processes based on OPM3 methodology and implemented IT governance initiatives.

Project Manager and Security Manager

Confidential - White Plains, New York

Responsibilities:

• Spearheaded development and implementation of auditing program to remediate and implement recommendations of Confidential & Confidential and PricewaterhouseCoopers (PwC) audit firms.
• Lead the E-Discover compliance initiative to identify the critical business data and developed structured entitlement controls to managing privilege accesses

Information Security Consultant and ITIL Consultant

Confidential - Princeton, New Jersey

Responsibilities:

• Orchestrated PCI compliance initiatives, audits and application security assessments of Credit Card Process Systems (CCPS), Electronics Payment Systems (EPS), Credit Card Settlement Systems (CRDS) and various additional financial applications.
• Introduced ITIL processes for enhancing security of financial systems during development life cycle phases including change management, configuration management and release management.
• Architected and managed the deployment of security assessment tool IBM’s APP SCAN as part of software development life cycle.

Sr. IT Governance Consultant Manager/ ITIL Consultant

Confidential

Responsibilities:

• Implemented ITIL processes for service delivery and IT services support focused on call center, data center, service desk and field network support and operation.
• Performed in-depth analyses of IT infrastructures and recommended methods for optimizing technology and IT management processes to cutting costs and create process efficiencies.

Sr. Info Sec Consultant

Confidential

Responsibilities:

• Gap assessment and 2nd party audit for BS 17799/ISO 27001 security framework compliance
• Authored policies, procedures and operational controls to remediate the gaps.

Sr. IT Governance Consultant Manager/ ITIL Consultant

Confidential

Responsibilities:

• As EDP auditor, carried out review fraud audit for PPAS payment card systems.
• Conceptualizing, developing and delivery of IT Security initiative for Security SMEs within Confidential

Sr. Information Security Manager and Project Manager

Confidential

Responsibilities:

• Architected PKI infrastructure and implemented digital--based ACL for HR application.
• Orchestrated application audit, vulnerability assessment and penetration testing for banking applications such as Business BEAM, BANCS Saving, SOA Middleware ALAHLI Banking Portal and several additional loan management and core banking systems.
• Developed Security and Architecture guidelines for business system development group to be integrated within SDLC life cycle and project management framework.