Summary

• Experience in Chemical, Financial, BPO, Health Care and Retail Industries
• PCI DSS, HIPAA and Sarbanes Oxley compliance programs
• FISMA, FIPS 140-2, FIPS 200 compliance assessments
• Security Certification and Compliance Review Process
• A former PCI DSS QSA with experience of auditing multiples level 1 organizations
• Experience of being involved in security breach and incident response situations
• IT and Security Risk Assessments
• Interpret security requirements and design/implement remediation plans
• ITIL and understanding of Change and Configuration Management processes
• Segregation of Duties analysis for ERP systems
• Over 10 years experienced managing IT Teams and leading IT department

EXPERIENCE:

Confidential

• Developed an information security and risk management program for Afni
• Developed combined control framework to meet PCI DSS, HIPAA and SSAE16 compliance requirement
• Achieved and maintained PCI DSS level 1 compliance for four lines of business
• Developed a security awareness program, provided training and presentations to all employees including targeted training for Executive Management
• Respond to RFPs and ensure that security program meets all client requirements
• Developed security and privacy policies, standards and procedures
• Work with IT, operations and management teams to remediate security gaps and ensure continued robust security posture.
• Developed and execute vendor security management program
• Perform security risk assessments
• Configure and security tools like nCircle, TriGeo SIEM, OSSEC, Kismet, BackTrack and other open source security tools to monitor and test security

Confidential

• Responsible for compliance HIPAA Security compliance leading patient satisfaction and clinical quality measure services provider
• Perform Security Risk and Compliance Reviews of applications and systems using PCI DSS, HITRUST, FIPS 140-2, FIPS 199 and FIPS 200 compliance
• Took leadership rule in upgrading file transfer solutions to FIPS 140-2 compliance
• Worked with Privacy Counsel in implementing HIPAA privacy rule
• Part of team that successfully obtained meaningful use certification
• Developed and help run an security and privacy incident response process
• Helped define security requirements for cloud deployment of sensitive health care applications

Confidential

• Work as Consultant on IT Security and Risk Analysis Team
• Perform Security Risk and Compliance Reviews of applications and systems with focus on PII, PCI DSS, SOX and HIPPA compliance

Confidential

• Created security IT audit plan according to client requirement
• Performed the testing of security controls and provided a comprehensive report and recommendations

Confidential

• Created risk assessment template/tool using meeting FFIEC, PCI DSS, Cobit and NIST requirements
• Performed security risk assessment and identified high risk areas
• Created a comprehensive report and recommendations for managing risks

Confidential

• Performed SOD analysis for purchasing, sales, inventory, financial close/reporting, and fixed asset business cycles
• Developed databases and wrote SQL queries to automate the manual testing process. This resulted on increase accuracy and reduction of testing time more than half
• ERP applications included SAP, JD Edward, Hyperion, AR2000 and Oracle Financial

Confidential

• Created risk assessment questionnaire and risk assessment templates
• Performed IT controls risk assessment and identified high risk control
• Provided a comprehensive report and recommendations for mitigating identified risks

Confidential

• Created self assessment questionnaires, documentation requests and IT audit plan
• Provided a comprehensive report and recommendations

Confidential

• Performed SOX IT general control testing for Windows, Oracle and AS400
• Performed Application controls testing and performed SOD analysis using Approva Bizright GRC tool for Hyperion, JD Edwards, and Island Pacific applications

Confidential

Position: Senior Compliance Analyst

PCI DSS and Sarbanes Oxley Compliance Program

• Instrumental in ensuring PCI DSS Level 1 and SOX 404 compliance for four lines of business DSW Shoes, Filenes Basement, Value City Department Store, DSW.COM
• Worked closely with IT teams and provided leadership for meeting compliance objectives
• Performed gap analysis, and used risk analysis
• Initiated work towards Unified Control Framework for all compliance requirement
• Started and successfully implemented vulnerability management program
• Developed risk assessment templates and testing for plans point of sales systems
• Perform periodic audits, assessment and gap analysis recommend appropriate actions
• Worked closely with change management and project management teams to assess impact of changes/new projects on compliance
• Develop short term and long term compliance action items for the management
• Serve as point of contact for all compliance related request, queries and deliverables
• Implemented and administered compliance tools - Tripwire, Qualysguard and Vontu

Confidential

Position: Technology Risk Management Professional

Confidential

• Performed security risk assessment of franchise stores POS systems
• Prepared Reports for managements for franchise stores in six states

Confidential

Full onsite audit PCI DSS Tier 1 Merchant

Confidential

• Full onsite audit for Visa/Master Card PCI DSS
• Performed Gap Analysis and Provided guided client on meeting outstanding requirements

Confidential

Performed Audit of Perimeter Security, firewall and IDS/IPS

Confidential

Application security, change controls and production support

Confidential

• Vulnerability Assessment and Penetration testing of external and internal network
• Penetration testing of Wireless Network using Kismet, NetStumbler, Airdump and AirCrack

Confidential

• Full onsite audit for Visa/Master Card PCI DSS
• Quarterly network vulnerability assessment as per Visa/Master Card PCI DSS Standard

Confidential

• Audit using COBIT Framework of Windows Platform, AIX, iSeries, Security, Mainframe Applications
• Recommended steps as to remediate the non compliant controls

Confidential

Performed Audit using COBIT Framework for B2B, EDI, ERP, Windows Platform, Networks Security and Mainframe Applications

Confidential

• Developed RBAC control framework for financial applications
• Reviewed ACL to determine best way to implement RBAC for each application

Confidential

Position: Practice Consultant, Microsoft Solution Practice

Confidential

Audit using COBIT Framework and helped establish vulnerability management program

Confidential

Implemented Web Monitoring, Domain and URL Filtering using Microsoft ISA Server 2004

Confidential

Configured MOM 2005 to provide real time alert and provide reports using SQL Reporting Services

Confidential

• Evaluated existing lockdown procedures for Data Center SQL Servers
• Recommended steps further lockdown

Confidential

• Assessment Active Directory, Windows 2003 and Windows 2000 Server OS Security
• Vulnerability assessment of internal and external network

Confidential

Installed and Configured MOM to provide reports for Sarbanes-Oxley compliance.

Confidential

• Implemented Microsoft ISA Server to provide secure internal/external access
• Implemented Microsoft ISA Server in Tri-homed DMZ configuration

Confidential

Position: Security Analyst/Software Integration

Confidential

• OMP application is Lucent Product for wireless network management
• Performed vulnerability and penetration testing on OMP on Solaris 8.0, Solaris 9.0
• Created minimum required security baseline for running OMP server in intranet and Internet environment at client sites. This enables Lucent Technologies to inform customers of minimum security required to run OMP application
• Carried out various scenarios based attacks on OMP servers to convince project leads to fix the security vulnerabilities in application.

Confidential

• Member of WFITS team responsible for design, development, upgrade and maintenance of the WFITS application using Borland C and Object Oriented design. I helped upgrade WFITS application and utilities to Borland VCL libraries
• Writing Feature Design Document and Design Unit Test Plans DUTP . Executing and documenting test cases for the Regression/System/Integration testing.
• Developed backup strategies to ensure integrity and recoverability of WFITS source code

Confidential

• Managed a team of IT professional comprising of a System Manager, three System Engineers and six technician.
• Consolidated LANs in various business units into an enterprise wide network. and securely connected Internet by using Firewall-1, Microsoft Proxy 2.0.
• Developed and implemented to DMZ Perimeter Network to host mail and web servers.
• Served as Project Manager for selection, evaluation, implementation and going live of Windows NT based editorial/advertising system running MS SQL 7.0 and Prestige editorial system with over 400 clients. This system replaced the mainframe system.
• Project lead for migration of mail and web servers from IBM AIX platform to Windows Platform using IIS 4.0 and Exchange Server 5.5.