SUMMARY:

• 12+ years of experience in Information Security, GRC, Compliance, SOC, IT infrastructure, Application and Cyber security, Vendor Risk Assessments, Archer, Privilege, Identity and Access management, CSIR, SSP, IT security audits.

PROFESSIONAL EXPERIENCE:

Infrastructure Security and Risk Management

Confidential

Responsibilities:

• Monitor ITSM security incident tickets, incident responses, DOHsecurity operation Center (SOC), SIEM enterprise Splunk dashboard for infrastructure and applications, systems to discover the source of anomalous security events, logs (LINUX, (web logic) application server and access logging activities, security gap analysis, data power access logs, firewall, network logs/transactions) unauthorized access, confidential data exfiltration and disclosures.
• Manage GRC functions for DOH Shared solutions, elicit infrastructure security requirements, architect solutions for HCS applications, ITGC, account onboarding process, user, API authentication, IAM, privileged access management
• Ensure Confidential policies are adhered to required baseline security controls, Federal Health Data requirements, IRS, FTI, User logging process SAML authentication and authorization security, Review office 365 security assessment, Testing office 365 Security controls based onSCSEM recommendations, SecurityAudit of office 365/AD with NIST/SCSECM recommendations.
• Lead the development, update and compliance of Information Security standards, USGCB Configurations Baseline Security (Microsoft and Red hat), information security standard operating procedures with CIS Top 20 controls, STIGs, IRS PUB 1075 SCSEM, CMS - Information Security Acceptable Risk Safeguards (ARS), PII, HIPAA privacy rule, NIST rev 3 and 4, Confidential Technical state law and applicable regulatory compliance frameworks.
• Perform Vendor/Third party risk management compliance to business agreements, develop IT/IS policy, evaluate (Azure) SOC reports, due diligence, cloud security (Azure), internal/external security control and risk assessment reports with SIG, CSA, CCM, Conduct vendor’s and software development information security assessments.
• Compliance with all applicable legal requirements towards security and technology control solutions from an end-to-end (across platforms, application, data and networks), WS-security, federated identity systems, IDM, role-based access control, MFA, AD group policy, SSO, Web logic, Data power, Database security.
• Knowledge of standards (e.g. SAML, OAUTH2, LDAP, Kerberos, PKI) and SOAP and RESTFUL web services.

GRC- Enterprise Security Risk

Confidential, Chicago

• Worked as GIS Lead/Developer Specialized in enterprise Security risk assessment, risk management framework-RMF, implementation of GRC - RSA Archer VRM processes - Governance, Risk and Compliance process, security policies, procedures and other elements required for vendor risk, IAM security controls and IT security Auditing.
• Overseeing annual vendor risk and compliance programs, vendor risk assessments, SOC evaluation with potential risk exposure due to outsourcing operations, Risk Management, Policy Management, issue management processes, Data security and governance management, collect artifacts, organize and ON board - Vendor Management Process
• Vendor/third party risk assessment with Cloud Security Alliance CSA, CCM cloud control matrix, ISO27001/2, SIG 20014, Evaluate SOC 1&2, SSAE16/AT 101, gathering vendor data, review Data Protection, Secure Configuration Management controls, ITGC controls and regulatory requirements, Fed RAMP - POA&M, and CAP guidelines.
• Define security and risk management, risk identification and remediation process, review cloud technologies (IaaS, PaaS, and SaaS) on platforms Amazon AWS, Azure, EAA - Enterprise Architect, perform ongoing vendor risk monitoring activities, application risk and vulnerability assessments, quality assurance, Server/Web application scanning, Web Inspect, QUALYS SSL, validate server configurations, access controls, identify security breaches
• Due diligence cloud hosted application controls, SOC security operation center with Automate security analysis, workflows, web service, security incident responses, Accreditation Information Assurance validations.
• Applicable Technical and operational security policies, standards, risk/threat models, IAM Identity and Access management process, Oracle and SQL database security controls, Logical access management, LDAP, SOD, SIEM, re process, change management, Authentications/Authorizations/Port Security,
• Monitor IBM SRP request, Information Security Risk Assessment (ISRA), providing business risk assessments, Risk identification, Risk Mapping, residual risk, testing controls, ON SITE assessments, Remote services, packaged products, custom developed, RTP - Risk Treatment and Mitigation process.
• ITcompliancereviews- User and Administrative Access Reviews, Vendor Access Reviews, Profile Reviews, Reviews in line with Audit lifecycle guidelines, standards, Security Frameworks, regulatory requirements and UAT.
• Design & Implement Security Risk and compliance controls aligned with ISO 27001, NIST /37, Fed RAMP like NIST, Fed RAMP, ISO, COBIT, HIPAA, SOX, and ITAR, conduct documentation of the audit findings.

IT Security and Risk Compliance

Confidential, NYC

Responsibilities:

• Liaise with Confidential & Confidential for streamline IAM/IDM solutions, process, security and compliance requirements, design project scope and approach documents, discover inventories, analysis from all IT platforms, identify risk profiles, administrative Access and re process, TPAM solution for password management, implement IAM
• Gathering IAM business system requirements, process As-Is /To-Be data analysis, design BRD documentation, use cases, Traceability plans, implement PUM/ PAM privileged user access, data integrations and validations.
• Deploy PUM-SAIL POINT solutions, AD, LDAP, Role management, expanding schemas upon platform attributes, manage tomcat application server, IAM workflows, business rules and policies, data management with MY SQL
• Managed HR data, Authoritative data, Identities, privilege, nonfunctional and functional accounts (System, Service and shared), Logical access managements from platforms like UNIX, RACF, AS 400, Windows, AIX, Mainframes, Top-secret, Databases MSSQL, Oracle, Sybase, AD, entitlements, RBAC engineering using SAILPOINT.
• Migrate all privileged and functional accounts into IDM platforms, identity analytics, testing IAM internal governing control effectiveness, analyze business and technical risks, evaluate operational process, policies, procedures, identify control weaknesses, develop Security controls where gaps exist, ON boarding users, applications
• Administration Identity with Flat File Collection, direct and custom connectors, provisioning/ DE provisioning process by automating life cycle events for JML- Joiner, Movers and Leavers, mapping with identity, application accounts, extending attributes, correlation rules, aggregation tasks, policies for privileged accounts, implementing security controls for data protection, user access, permissions and user activities, AD cleanup LDAP synchronization.
• Perform risk assessments, risk dashboard reports, test effectiveness of internal controls, risk remediation processes, perform internal compliance assessments for SOX and Federal Reserve regulatory, facilitate external audits.
• Administrate TPAM password vaulting, Service Now integration, incident and change tickets, workflows,, disable inappropriate access, enforce “minimum necessary” privilege principal for administrative accounts, Standardize the lifecycle process for privileged accounts, UAT and sign off process

Information Security Risk

Confidential, NYC

Responsibilities:

• Designed IAM architecture, gathering and analyze Health regulatory requirements, solution scope opportunities and translate into technical solutions, BRD/FRD documents, ON boarding and integrating business applications.
• Lead Information Risk Management programs IRM, Security operational and Risk frameworks, assessment, demonstration, develop various risk mitigation/remediation processes, security incident tickets, IAM issues, analyzing privilege account and access violations, provisioning /de provisioning user accounts, password, lock, UAT, reconciliations, adapters, custom process, approval workflows, digital Session management
• Liaise with Health application owners implement security policies, data and RBAC access validation, authentication and authorization rules, UI customization, SOD segregation of duties, role engineering, mapping and entitlements.
• Configure Oracle for 11g, administrate ORM solutions, integrate OID/ODSEE/GTC Connector, approval process SOA/BPEL, web logic, JBOSS server, request templates, automated workflows, Access group policy, OIM Identity and Access reports with BI publisher using SQL queries.
• Manage data migration, AD cleanup, LDAP query, GPO, Varonis data modeling, Vulnerability management, scanning Nexpose, Qualys, Nmap for IP, port, operating systems, protocols, services, controls for applications.
• Monitor log management SIEM- ESM MacAfee reports, alert, solar winds (network management), security Incident, threat and malware analysis, review all security controls breach incident tickets with ITSM7 client.
• Manage HIPAA regulatory requirements, HIPAA Security Rule practices, KPMG audits, follow up audit reports, ensure systems comply with IT Security Standards and frameworks like ISO, ITIL, COBIT.

Assistant Vice President

Confidential

Responsibilities:

• Managed GIS, report to VP, gather IAM/IDM business and technical requirements, develop BRD/FRD documents, dashboards, functional use cases, OIM - Identity, privileged, Access Lifecycle Management, Re process, implement SOD, RBAC, design integrate automation and custom workflows.
• Global information security (GIS) Risk Assessments (ORA), Identify threats and risks associated with application, vulnerabilities (Operational weakness), review security and IT general controls and risk mitigation actions, RCA Risk Control Assessments, continuity and disaster recovery programs, provide IT Audit reports to Risk Committee.
• Develop IDM solutions, application and infrastructure IT security and internal controls, SSA security self-assessments, session management, remote logging, integrate user accounts, Provision and De provision user access, rules and permission levels which comply with IT security policies, standards, Pre/Post Implementation reviews.
• Manage enterprise-level user Identities, accounts, passwords, reconciliation issues, ON Board applications and user accounts, error handling, data validation, log management, automated and request based provisioning workflows.
• Manage OIM, PAM, LAM account and access management, authentication and authorization based on access policy, ONE Cert, feed configurations, database connectivity, LATTE, ACL reports for users, systems, Database, Infrastructure Sybase, Share/Functional/user groups, logging security, RSA Secure Tokens.
• Administrate Active Directory, GPO, LDAP, Active Role Server, Privileged accounts creation, Revoke, amendment, access and approval workflows, functional and share groups, closure of noncompliance issues.
• Periodically review the minimum baseline Security and administrate processes for Data and Access, standards, identify the information assets, risk mitigation control, RCSA and ensure all controls are in place, BAU and BCP activities, ticketing systems - REQUEST, ESP, Service Now, HP OVSC, provide problem management reports.
• Develop test cases, SQL scripts (TOAD), UAT, security level testing to validate data, system controls, request releases and OIM DB patch testing, System Integration (SIT), Functional, Report level testing, UAT and Ad hoc changes, requests process, JIRA to support/manage software development projects and Bug tracking.
• Facilitate external IT security audits, follow up Audit trails and control issues, manage PWC, MAS, KPMG, RBI inspection and regulatory requirements, FCA, SOX compliance, MAS guidelines, ITGC security standards.

Sr. System Analyst

Confidential

Responsibilities:

• Lead implement security regulatory requirements, IT security policies and procedures, trading systems and applications security controls, Authentications and Access controls, compliance testing, Security risk assessments and mitigation plans, Identify, Analyze and Evaluate risks, impacts, identify threats, Vulnerability scanning.
• Liaise with IT and business owners, Confidential IT Governing Council for auditing internal security controls, Network and Database security, system file permissions, DLP for devices CD, USB network drives, Log information transmission, Log storage, analysis and disposals policies, IT audits, implement Audit trails, ensuring confidentiality for data.
• Administrate IAM Identity and access management, PUM analysis, Oracle RDB SQL, BCP documents, Latency, Functionality, IWT and Regression testing, defect management (HP QC) develop disaster Recovery process
• Security setting on HP-Open VMS Cluster, Active directory, remote file transferring policies, Session management, monitor data flow, DLP - protection of sensitive data, Network gateways, penetration (SQL injection), OS hardening.
• Support Trade floor, BAU, SIEM Log and Event management, BMC console, systems health checks, Oracle RDB, Client-Server connectivity, Accounts/ID, Access controls for Internal/External gateways, ILO administrations.
• Managed Nasdaq OMX Confidential Derivatives Quote, DMDF market data systems for Secure Clearing and positioning, Settlement, Risk Evaluation, Margining Market Orders, Dissemination and Deal Capture trade systems, Market Data Validating, monitor HP RTR (transaction router) for Data Transactions, Data connectivity testing for SAN EMC, OMnet process, API, CLICK XT TRADE, APPSMIND, BMC PATROL, Integrity Blade ITANIUM, AMT.

Sr. System Integration

Confidential

Responsibilities:

• Reported to APAC Market Data Head, managed stock exchange market data flow real time issues, system integrations projects; implement Security controls, Risk assessments, IT Compliance checks and System Audits.
• Lead service improvement data projects, integrate applications, IT Infrastructure, VAP, LAN, WAN, network and malware analyze, IDN network, Feed RDF-D, deploying Reuter Instrument Code (RIC, SIC)
• Managed Singapore/Beijing -Thomson Reuter’s system integration team, vulnerability scanning, VPN configuration, Integration QA testing (SIT) with manual or automated scrip in HP QC, Defect tracking and bug fixing, EQUITY valuations, data injection, UAT, Functional, Performance, Regression, Load, stress testing
• Managed APAC Stock Exchanges tickers, validate data transactions, Reuter’s 3000 xtra, KOBRA trading applications, Direct Integrates with Reuters Market Data System (RMDS), new data processing methods, OCM operational control, exchange/venues, handling incident, reconcile trades and position breaks.
• Manage Integrated Digital Network and Reuters Tick Capture Engine enhancement projects, VAP up gradations, Settlements and clearing financial instruments, integrate RTCE with Reuter’s data (DFC, DFR, DFH, Tick History), administrate Intelligence Line switching process, Day-to-day Market Data Operations, configured HP blade Server health, system and network capacity, IDS, Bandwidth, Network Latency testing, CPU and Memory Utilization.
• Manage Release administration, roll out, planning, procedures, prioritizations, compliance for process adherence, Patch and Global Change management process - Ad hoc change tickets, RFC’s, CR, SCM, and pre-CAB meetings.
• Manage IT Security Audits for System, database governance and applications, review and validate data access, comply with IT security standards. Provide various audit reports and evidences and follow up with IT audit issues.

Engineer Order Management- Operations

Confidential

Responsibilities:

• System Analyst for Global Network Operations, NOC, Data migration, Application testing, network connectivity, Integration Projects, Manage Data feed connections, validation and implement Security Compliance procedures.
• Design and develop Operational procedure, SOC, Solution Implementation order desk SIOD, Network analyze for Cable and Wireless UK, tracking SLA, technical support, Troubleshooting LAN, WAN, TCP/IP Data like IPVPN, Switched, IPLC, Leased line, Development team, Release management, RFC (change request form) for production.
• Support the Security incident tickets, Service Request like Installation, configuration, Implementations, monitoring for Networks Operational issues, escalations and outages, provisioning and Cessation of services.

Network Engineer

Confidential

Responsibilities:

• Managed security implementation of core trading CTCL VLAN in catalyst switch CISCO3550 layer3, NOC, network switches, access control for trading systems, trade floor support, user, infrastructure and applications.
• Managed LAN, WAN, VSAT, Leased Line, TCP/IP, UDP, ISDN, VPN, VLAN, Troubleshoot Hub/Router CICSO 2900, 3550 switches, network data operations-NOC, configurations, IDS, Testing-UAT, network and malware analyze, database client and server connections, monitoring System health checks, Network traffic and interface’s.
• Providing access to remote login, file management from multiple sites, Vulnerability scanning, packet/protocol/Port analyzer, Network traffic with Ethereal Sniffer, capacity, data validations and backup & restoring process.