Summary of Qualifications: Extensive experience supporting security access rights within worldwide Enterprise Systems. Ensuring security in the Enterprise Environment using my expertise provisioning and enforcing Information Security policies, controls, standards and procedures. Assuring Business, Regulatory, Legal, and Audit Compliance of Information Systems and Assets. Expert identity management and access control provisioning, providing security access for end user, servers and applications. Assigning Active Directory Domain level access, NTFS file system rights and permissions, provisioning security access according to MAC, DAC, RBAC role and rule based access controls.

PROFESSIONAL EXPERIENCE:

Confidential

Security Administrator

• Security Administrator Corporate IT Department, providing support for Enterprise Systems Security of GC Services Systems, Personnel, Clients, and Business Partners. Managing Risk through assessment of risk factors, vulnerability and gap analysis to maintain security and assure compliance with Legal Compliance.
• Account set up and maintenance of Active Directory, MS Exchange, RSA VPN Security, and Windows NTFS file share systems, and others. Administration of security through Authorization Manager for RBAC access according to business need. Granting access to correct Domain through Remote Administration of local machines and servers, and Active Directory administration. Use of MRE, Web Focus application for correct access to roles, cost centers and domains. Cisco Cloud Based access for administration of Scansafe application providing Internet access through exceptions, blacklisting and whitelisting.
• Administration of network id security, RSA and VPN access
• Provisioning security access rights on NTFS file share systems
• Provisioning access requests for Active Directory security groups.
• Granting access requests through NOVA People Soft ticketing, People Soft Financials and Oracle People Soft systems, HT Ticketing Customer Service.
• Creation of User accounts, OU groups, GPOs, Security Groups, Distribution Groups and lists.
• Providing security access according to RBAC role and rule based access controls.
• Management of MS Exchange Administrative Console
• Providing security access for end user, servers and applications
• Cleanup and maintenance of NTFS file system and server permissions, including creation and placement of security groups for access to shares.
• Creation, placement and permissioning of folders and shares on NTFS file systems.
• Administration of rights and access for Cell Phone usage and synchronization with the network.
• Providing assurance of PCI DSS, PII, Legal and Regulatory Audit compliance.
• Support for projects

Confidential

Reveille Technologies for Mindtree Consultants

• Providing experienced service to internal stakeholders to achieve successful program outcomes for Audit Assurance and Regulatory Compliance. Provided Risk and Vulnerability assessments to identify gaps within existing structure. Reviewed regulatory compliance and assured alignment with ISO 27000 series, FFEIC, PCI DSS 2.0, and SSAE16
• Responsible for review and structure of the Access Control Audit Program and applications used within Client infrastructure.
• Performed internal audits to validate compliance with computer security policy.
• Conducted control, process, and policy assessments as necessary.
• Reviewed Access Rights Management Systems including IDM, IAM, McAfee ePO for accuracy and correctness of information. Made corrections within applications and provided instruction for ongoing maintenance of information contained within, to assure integrity and Regulatory Compliance.
• Assess and provide recommendations for Information Security controls relative to access control processes and procedures.
• Created new Audit Program Policy and Standard Operating Procedure to be used in Offshore Auditing of access within Client environment.
• Provided training of offshore team to properly apply Audit Program Policies and SOP to effectively perform Audit.
• Providing vulnerability assessment and gap analysis for control weaknesses.
• Providing guidance to assure relevant standards and guidelines are in place and followed.
• Assisting Management with issues to ensure all are effectively managed to closure.

Confidential

• Advised Sprint customers of account information on cell phone, home phone, air rave devices, mobile hotspot, broadband and network coverage.
• Accessed information systems and applications through the use of Citrix XenApp Systems. Provided network troubleshooting through Service Trender, Network Event Board, and CTMS ticketing system for network issues.
• Helped customers with ESN swap for device changes. Troubleshooting and education for device features and usage for customer cell phones.
• Assisted customers with billing issues, adjustments, account changes, activation and feature changes in ICARE Compass Solutions tool.
• Assured all Personal Information was held in compliance with Privacy and PCI DSS 2.0 Regulations and Guidelines.
• Set up and review of corporate discount information through use of NVP web discount form.

Access Control Analyst, Network Security Team

Confidential

• Supported Network Security Team to ensure access, server security and reliability for end users on Network. Used GSAF Change ticketing system, ITAMS work list administration, and Service Manager 9.0 to work and resolve Change and Incident tickets.
• Provisioned Network Security for worldwide network of servers.
• Created and permissioned network shares on servers
• Granted and set server permissions and access for end users on network.
• Granted administrative access to network servers using Computer Management.
• Created Active Directory OU groups for access on network servers. Granted and removed group and domain level access to users in Active Directory.
• Performed security and compliance monitoring and reporting of Active Directory.
• Used Remote Desktop for creation of shares and moving of folder content for users.
• Facilitated all legal hold requests and requirements regarding MS Exchange, Outlook, and User Home drive directories.
• Created Network ID's in Exchange Management Console.
• Granted and revoked network ID's through ITAMs worklist administration.
• Verified user status through the use of SAP production applications.
• Extended user access with Oracle Identity Management, OIM and OAM.
• Used Exchange Management Console to create: functional mailboxes, service accounts, user mailboxes, distribution lists, and mail contacts.
• Used powershell for scripting permissions in Microsoft Exchange.
• Vulnerability and Patch Management
• Facilitated Disaster Recovery testing to assure consistency with Business Continuity Plans.

Confidential

Access Operations Center

• Provisioned, monitored, maintained, IT Security Access within, and for Worldwide Employee base. Provided Security level of access for users within Enterprise Architecture for daily use of software and operating systems. Verified correct data, and required systems, along with level of access and managerial approvals per user instance in compliance with business, regulatory, legal and audit standards including:
• Security Policies, Standards
• Awareness training
• Audit Management and Compliance
• SAP Controls
• Security Incidence Response and Prevention
• Risk Analysis, Vulnerability and Patch Management
• Governance of outsourced Security Services.

Supported Technical Security Architecture by providing:

• Identification,
• Authorization,
• Audit
• Event Management
• Termination process and procedures.
• Compliance with standards for SOX, COBIT, ISO 27001, NIST, HIPPA, ANSI 5010, PII, PCI DSS

Projects:

• Audit, review, verification, update and revision of Federal Employee Program for accuracy of information current and expired member access.
• Reviewed, provisioned and terminated employee access and security level per Audit requirements for SAV Reports semiannually to assure Regulatory Compliance with HIPPA, ISO 27001, PCI DSS 2.0 standards.
• Authored Company Documentation for Termination Procedures according to Legal and Audit Requirements for Active Directory, FEP Direct, FEP Streamline, FEP Express, Amisys AIR, AIM,AMMS, VSoft Security , People Soft Hyperion GL, HR, AP/PO/AM
• Performed internal SOX audit in Access Operations Center for regulatory compliance, and participated semi-annually in internal audits producing SAV reports for external auditors.
• Participated in security projects that implemented infrastructure, applications or systems security solutions to ensure delivery of functional, technical and security requirements within SLA guidelines and on budget.

Daily Operational Workflow:

• Created users, groups, OU groups, GPOs, server accounts, system admin accounts, and computer and domain controllers for use in Active Directory. Provisioned accounts, group access, end user access, security rights, permissions and roles. Created policies for use on servers, NTFS file shares, domains, and networks. Verified user information, remote access, user/group rights, permissions and privileges. Conducted system and user audits using PowerShell scripting for update, clean up, and changes in groups, directory store, forest, trees, and domain containers.
• Created and permissioned users in Oracle Database Client for all users, system admins, application policy admins, policy domain admins, operators, and self-operators for modifying permissions in self registration. Permissioned add, delete, rename, browse, return for users and groups. Managed privilege rights of view, construct, Manage read, modify, delete and search. Managed attribute permissions of read, write, obliterate, search, compare, and make. Accessed backend server for Oracle through Access, SQL Server, and Microsoft Windows Open Services Architecture.
• Configured application security controls, access, rights and permissions for use on servers.
• Reviewed, verified, updated and revised Federal Employee Program for accuracy of Information current and expired member access. Assured regulatory compliance of provisioned and terminated employee access and security level via the creation of semi-annual SAV Reports.
• Managed the revocation, termination, renewal and re-issuance of expiring Verisign Trust Certificates and RSA/VPN Tokens RSecure access keyfobs.
• Authored IT Security policy and procedure documents according to legal and audit requirements for use within the organization.
• Created user accounts, security profiles and provisioned user security rights, permissions and privileges for use in NTFS file systems and applications including, but not limited to:

Confidential

MRM Warehouse

• Handled Vendor Account maintenance: Verified receipts and shipments in and out of Warehouse. Matched receipt and bill of lading for materials inbound to Warehouse per individual Vendor Accounts. Prepared outbound paperwork and bill of lading for shipments out of Warehouse as well. Recorded inbound and outbound materials to maintain running physical inventory within warehouse per account and per Master Inventory record.
• Performed Audits of Inventory and Financial reporting associated with each account and master data for Warehouse.
• Maintained financial records for all accounts in Warehouse. Prepared quarterly financial records tax withholding and escrow accounts for IRS reporting responsibilities. Audited and balanced books monthly. Prepared and distributed payroll to employees including allotments to FICA, Medicaid/Medicare, Workers Compensation, and Unemployment for quarterly taxes.
• Inventory control and processing. Balance and reconciliation of physical vs logged inventory. Shipping and receiving merchandise in warehouse. Logging receipts, preparing bill of lading, arranging outbound shipments using UPS World Class Shipping Software.
• Billing services, posting receipt of monies. General Journal General Ledger Accounts Payable and Accounts Receivable.