We provide IT Staff Augmentation Services!

Security Administrator Resume Profile

3.00/5 (Submit Your Rating)

SUMMARY

Information Security Specialist with extensive experience in a Fortune 100 corporation. Expert in enterprise security administration and role based Access Control RBAC . Proven abilities in performing user provisioning and access control. Experience in creating and implementing solutions that protect, data, users, systems, and information assets. Detail knowledge of security tools, technologies and best practices.

TECHNICAL SKILILS

  • Security Technologies:
  • CA Top Secret, Mainframe, TSO, ISPF, JCL, DB2, RACF, Novell IDM, LDAP, NT , Active Directory , Entrust PKI, Entrust Empower ID, Smartcard, Sentillion Provisioning, Sentillion Single Sign-on, IDPRO.
  • Anti-Virus Tools Norton, Symantec, McAfee, etc.
  • Systems:
  • AS400 Mainframe, CICS, SAP, PEGA, Unix-Based Systems, BMC Remedy, Business Objects. AIX, Solaris, Linux, BSD Windows all
  • Networking:
  • AS400 Mainframe, LANs, WANs, VPNs, Routers, Firewalls.
  • Software:
  • Security Vulnerability and monitoring tools:
  • Security Certifications:
  • MS Office Word, Excel, Outlook, Access, PowerPoint .
  • IDS, IPS, Firewall etc.
  • CA TOP Secret MVS Basic and Intermediary- Computer Associate 2009, Advanced Information Assurance and Security Villanova University 2012,

PROFESSIONAL EXPERIENCE

Confidential

Information Security Risk Consultant

  • Role: Worked with the Identity and Access Management Security team for Chase Card Services to proactively identify information security risk and help drive the remediation of applications, platforms and databases across the IT environment to comply with Sarbanes Oxley regulations. Provides subject matter expertise and consulting regarding the deployment of IT security solutions to meet risk management objectives. Collaborates with Corporate IT organizations and Card businesses to mitigate and resolve security risk.
  • Assist in automating various Global Identity and Access Management programs to control end user's accesses.
  • Advocate and promote information security and privacy standards, policies and procedures ensure that these artifacts are disseminated, understood and implemented across Technical Operations and other various groups within the organization.
  • Participate in audit related activities as they pertain to Identity Access Management.
  • Interface with Information Risk Managers to identify and mitigate access control issues.
  • Answer general inquiries regarding information security practice or security accesses. Make recommendations for implementing desired level of access controls.
  • Assist in implementing RBAC Role Base Access Control to address access automation based on end user's roles and responsibilities.

Required Skills:

Confidential

Access Management/Contractor

  • Role: Worked with Credit Suisse Access Management group to plan, coordinate and implement access control and information security measures for about one hundred and fifty financial application across the bank. Assist in the automation of application provisioning and ensure the bank is compliant with federal regulation for example SAS 70 and SOX regulation. Provide 2nd and 3rd level support for about 10,000 clients across the bank. Comply with Sarbanes Oxley and Dodd Frank guidelines to ensure the bank's information, integrity and confidentially are maintained.
  • Implement Access Management Controls: Create access profiles, user groups, roles and access function for many financial applications and then assist in implementing them into a request system so user's application accesses can be requested, approved, tracked, audited, and removed on a timely basis.
  • Application Automation: Assist in automating application provision for hundreds of application profiles by using tools like Active Directory, LDAP, IDAPPS, Entrust PKI etc., to manage end to end access provision and de-provisioning of user's access without any manual intervention. The application automation controls has provided cost savings in both dollars and time. In addition, the automation process enable each business applications to be compliant with federal regulations like Sarbanes Oxley and Dodd Frank guidelines.
  • SOX Checks: Run daily reports on leavers and transfer to ensure leavers accesses are de-provision on a timely basis. The daily checks also ensure that transfer user's accesses correlates with their new job responsibilities.
  • Provide 2nd and 3rd level support to the User Provisioning group, Help Desk and Application support teams to ensure end user accesses and application rollouts occurs on a timely manner.
  • Use Entrust PKI and Smartcard technology to configure single sign-on and authentication on user's Desktop.
  • Troubleshoot user's access issue, application problems and failures. Use BMC Remedy to document root causes of issues and work with the related support teams to document and fix permanently or create scripts to fix issues on an ad-hoc basis.

Confidential

Security Administrator/Contractor

  • Role: Worked with the Virtua Information Security group to plan, coordinate and implement security measures to Provision user's access through RBAC Role Base Access Control for over 15,000 clinical users across multiple Siemens and other Clinical Systems. Comply with HIPPA guidelines to ensure patients information, integrity and confidentially are maintained.
  • Created, deleted and changed end user's accesses for about 60 clinical and medical applications for Virtua Hospital, Medical Partners and affiliates.
  • Use Active Directory to manage user's Network Accounts, File Folders, Email Boxes, Shared drives etc.
  • Actively involved in troubleshooting of problem tickets and phone calls from the user's community, critical in resolving problems and finding root causes of access control failures.
  • Use Sentillion Provisioning request tools to validate role base access according the users job function and responsibilities.
  • Reset user's passwords on a timely manner based upon security restriction and user identification.
  • Create user groups roles and function access within Siemens Clinical systems that enable medical users to execute specific job responsibilities.
  • Use the Magic ticketing system to validate access request and end users problems as reported by the Help Desk.

Confidential

Information Security Manager,

  • Managed the user provisioning and access control for over 14,000 users within Chartis AIG. Ensured user's accesses were controlled through authorization and authentication. Oversaw and monitored access request for over 100 different business systems and applications within Underwriting, Claims and accounting business units. Devised enterprise security strategies safeguarding information assets and ensured compliance with regulatory mandates such as Sarbanes Oxley act and SAS 70 regulation. Continued to created, deleted and changed end user's accesses for about 140 business applications for underwriting, claims and accounting divisions within AIG.
  • l Create Security Standards and policies: I was involved in developing and deploying user id, password and RBAC Role base Access Control security standards and policies for business applications that operates on Windows, Mainframe, AIX Unix and Linux systems
  • l Identity Systems: Assisted in the development and launch of secure, recoverable and fault-tolerant systems for data access and identity management for dozens of internal organizations. The Identity Systems is able to identify user's data from HR and downstream it to multiple security tools and request systems.
  • l Security Compliance Audit: Serves as the liaison or primary point of contact for all application security related audit functions, including SOX, SAS 70, internal audits, and any additional compliance requirement as needed. Assist in researching, evaluating, designing, testing, recommending, and planning implementation of new or improved controls to keep Assurant current with industry standards and compliance requirements.
  • l Request System: Configured and assisted in the development and launch of Service Now to meet the needs of all business groups when submitting requests for systems and applications accesses. Service Now maintains access and authorization artifacts for Internal Audit and federal compliance for Logical User Access. This implementation enabled Global Services to validate 99 of all requester and access requests. Since its implementations in 2009, there was zero negative audit finding.
  • l Self Service Provisioning: Assisted in the creation, development and implementation of an in-house tailored provisioning system that provides automatic authorization, authentication and access control for multiple claims systems and applications.
  • l System Monitoring: Constantly monitored user's accesses and data integrity through user's recertification, system violations and access violations reports. Reported daily violations, which are reviewed for security breach and security capabilities. Annual re-certifications were completed on multiple financial systems to ensure access control.
  • l Hands on Security Administrators: Once the system install and deployed I was actively involved in managing the creating, deletion and changes of users accounts in operation systems such as Windows, Mainframe, AIX Unix and Linux operation systems. I was involved in securing user's role based access for about 140 business application that operates on systems such as Windows, Mainframe, AIX Unix and Linux etc.

Confidential

  • Supervised a group of Security Administrators to meet and exceed the access and provisioning needs for over 100 business divisions across the division. Developed and implemented provision procedures and policies to govern logical users accesses. Created, deleted and changed end user's accesses for about 140 business applications for underwriting, claims and accounting divisions within AIG. Provided high level security support in a fast pace environment to ensure business users have the necessary access to conduct business on a timely manner.
  • l Involved in the creation, development and implementation of a Security Application Matrix SAM and an approval hierarchy list to govern role base access control. These implementations were critical in meeting best practices for authorization and authentication of logical user accesses.
  • l Developed and Implemented Logical Users Access Control documentation on how to provision accesses for about a 130 business applications. The documentation was critical in training new security administrator quickly and efficiently, providing internal and external auditors detail information on how accesses were controlled within the organization.
  • l Created request tracking and reporting mechanism for the Security Group, which provided detail information on when a request was submitted and how long the security administrator takes to process the request. The request report mechanism was critical in providing information on how specific security administrators were performing. Both the request tracking and reporting mechanism provided critical data to senior management about the user communities and the security group.
  • l Created and implemented a QC procedure to complete daily quality control on security group to ensure procedure and policies are enforced when accesses are granted. The QC procedure enabled the security group to review request that was done incorrectly indentify the root causes of access control within the organization. It also provided external and internal auditors a snap shot of how issues were indentified and mitigated.

Confidential

  • Worked with the Information Security group to plan, coordinated and implemented security measures to control logical user's access. Regulated and restricted user's accesses to computer data and prevent unauthorized modification, destruction or disclosure of information. Created, deleted and changed end user's accesses for about 140 business applications for underwriting, claims and accounting divisions within AIG. Troubleshot problem ticket and phone calls from the user's community, critical in resolving problems and finding root causes of access control failures. Reset user's passwords on a timely manner based upon security restriction and user identification. Ran and reviewed violation reports on user accounts to look at suspicious behaviors and system integrity, ensuring that the systems security tools are functioning effectively.
  • l Create mainframe, LAN, Top Secret, UNIX, IDM and LDAP accounts for about thirty users on a daily bases. Creation of new security accounts ensure new users receive access to their business environment as soon as they arrive to work on their first day.
  • l Involved in modifying data sets, VSAM files and CICS programs to ensure they are Y2K compliant. Involved in modifying thousands of data sets, VSAM Files and hundreds of CICS programs to meet Y2K deadline.

We'd love your feedback!