OBJECTIVE:

• Information Technology (IT) thought - leader who is organized, seasoned and highly technical in the areas of Security and IDM Architecture, Audit & Compliance, IT Governance, PCI DSS Compliance, Risk Management, who has been entrusted with complex, multi-tiered projects within the IdM and Risk Management space(s) with a proven reputation for adept leadership, team building, IT security knowledge, communication and delivering timely results, who is seeking a challenging role in Identity Management and Governance.

SUMMARY:

• Highly experienced IGA SME with extensive background in Cyber Security and IAM/IDM, Audit and Compliance; a contributor overhauling and redesigning Identity Governance delivery engines within complexed matrixed environments (e.g., architecting integrations for 6 successful Identity Management Access and Security projects completed over the past 12 years), for major clients in the private and public sectors, those systems spanning both domestic and internationally.
• Collaborative efforts with business partners creating and executing POA&M related to IdM projects, review and assessment of SOW (both small and large projects); risk related assessments and audits within the IAM space, partnered product development teams analyzing value-added delivery engines to help customers transform their Identity Governance initiatives into realized business value. Provided guidance on a small and larger scale for the development teams to ensure complete alignment to corporate access management best practices and standards.
• Technically proficient, knowledgeable of Microsoft Identity Manager toolsets (MIM, PIM, and FIM), Azure, Active Directory, Active Directory Federation Services (ADFS), Microsoft Enterprise Mobility Suite (EMS), public key infrastructure (PKI), and 3rd party Identity lifecycle products e.g., CyberArk, Federation, Saviynt, SailPoint, SharePoint, ForgeRock, and Oracle IdM. Aptitudes to write, edit, and prepare graphic presentations of technical information for both technical and business personnel. MFA’s Authentication/authorization protocols ; access control logging and reporting systems ( OpenID Connect, OAuth, SAML, WS- Federation, JSON, REST, SOAP; HTML5, jQuery ), PKI, SSL Protocols and Online Status Protocol (OCSP), Software Design Review, Software Development Life Cycle (SDLC), Requirements Gathering techniques/protocols, Data Analysis, Digital Forensics, Malware Analysis, User Behaviors, System Architecture Design and Review, Provided IDM assessment services - including installing, configuring and maintaining the security infrastructure based on (Single Sign-On) technologies; coding Programming Languages (SQL/Sybase/Java/Vb.net)) with an understanding of scripting in UNIX and Perl, BMC Suite, Splunk AWS and VMware, deployment tools such as Vagrant and Ansible
• Developed and implemented risk management strategies (i.e. security and privacy policies, or risk assessments, or security and privacy compliance); Application security; (i.e. application security testing or security integrations with Systems Development Lifecycle (SDLC); OAM health standards, health checks and support; Infrastructure security; (i.e.- securing networks and servers or security monitoring); Data security or encryption; Provisioning Onboarding; Role Based Access Controls (RBAC) Authorization models; SSO WAC technologies Enterprise SSO; Federation; Privilege User Management; Directory Services Meta-Directory Virtual Directory.

TECHNICAL SKILLS:

SKILLS: Cisco, Juniper, web apps, databases, strong authentication, operating systems and network security protocols and procedures. ACL, MS Office (Word, Excel, PowerPoint, Access) AS/400, Red Hat Linux, Sybase, Solaris, Novell, Sequel, LAN/WAN, TSP/IP, MPLS, VPN, HTML, JavaScript Retina Network Security Scanner; VLAN, Visio, and Mainframe operations, SSH; SSL; Digital s; Anti-Virus Tools i.e., Norton, Symantec, Ghost, etc.

PROFESSIONAL EXPERIENCE:

Confidential, Houston, TX

Identity Management (IDM) Architect - Technical Lead

Responsibilities:

• An IDM Architect responsible for defining and executing on the IDM strategy and methodology to ensure a successful installation, integration and deployment of the vendor software/tools in the client’s environment. Provide proof of concept- project lifecycle.
• Managing engagements, teams and responsible for the integration design and to work closely with both clients and consultant / development teams to meet the requirements set my multiple parties.
• Ensure that projects are delivered properly using our specific project methodology and best practices.
• Responsible for playing the technical lead role in the successful installation, integration and deployment of SailPoint IdentityIIQ solutions (scripting, building connectors, customization) in the client environment and assisting the Identity, Credentials and Access Management (ICAM) team in that process.
• Provide IAM domain experience in areas such as identity management, provisioning, authentication, authorization, /governance, monitoring along with experience in security best practices
• Participate in translating business requirements into implementation design, requiring a keen interest in understanding our business drivers, goals, constraints, and pain points to design effective solutions
• Communicate critical technical choices, specify requirements and constraints for design and implementation, and provide input for scoping the level effort for development projects.
• Analyze application design and performance metrics and propose improvements and redesigns
• IDM Tool Development and Configuration:
• Create internal methodology and tool set for Linux, Mac OS X, or Windows O/S for running code (e.g., Ansible as configuration management tool for scripts) in the same operational environments, against the same applications, all configured the same way by employing Vagrant File Manager to configure parallel coding environments for deployment of IdM tool such as SailPoint, Oracle OIM, OKTA 1.4.0 (as a single integration point to cloud and web-based application AD and LDAP integrations), SharePoint and Saviynt. Incorporating OAuth secure authorization protocols for third party applications to access user data; e.g. Login with social media accounts, banking and like platforms, etc.
• Develop and implement identity access manager solutions of the SailPoint IIQ software product using Java and develop custom connectors and interfaces with other enterprise or cloud-based systems like OKTA, DUO, ServiceNow.
• Testing:
• Lead user-acceptance testing and defect tracking (debugging) process for software enhancements following change management protocols.
• Develop use cases, perform testing & debugging in addition to support & maintenance. interface with the client on requirements, customizations, product functionality and feedback
• Lead code reviews with team and set coding best practices and standards.
• Lead demonstrations on configurations and customizations and product features

Confidential, Bothell, WA

Identity Management / IdM Governance Advisor (SME) - Consultant

Responsibilities:

• Responsible for successful execution of an integration engagement, working directly with clients individually, or as part of a larger team.
• Deliver successful engagements, identify standardization and improvement opportunities, supported peers as they encounter delivery obstacles, and meets maintenance and support SLAs - all while effectively communicating status, issues, and risks.
• Provided support to sales during qualification and scoping of engagements, delivers instructor-led, contributes to product/service engineering efforts, and identifies other opportunities to add value during client engagements.
• Performed installations and complex custom configurations - and demonstrated product functionality, aligned to customer need, while troubleshooting complex product issues and executing test plans related to integration of these technologies.
• Provide IAM domain experience in areas such as RBAC identity management, provisioning, authentication, authorization, /governance, monitoring along with experience in security best practices
• Participated in gathering and translating business requirements into implementation design, requiring a keen interest in understanding our business drivers, goals, constraints, and pain points to design effective solutions
• Communicated critical technical choices, specify requirements and constraints for design and implementation, and provide input for scoping the level effort for development projects.

Confidential, Hanover, MD

Consultant (IDM SME - Technical Lead & Compliance)

Responsibilities:

• Technical Lead: charged with conducting detailed vulnerability assessments of existing IdAM systems, driving the Architecture, Design and delivery of the IAM solution enhancing the current state capabilities; made recommendations for upgrading those systems from requirement, design, testing to implementation and administration.
• Participated in the implementation of SailPoint Identity IQ real-time user management life cycle automation and Implemented SAML-based authentication in SharePoint Server 2013 - as an added layer for Identity and access management that included compliance and password management, analytics, and user provisioning for more than 32 critical applications.
• Conducted analysis of the roles and responsibilities (RBAC) created; evaluated the SOD internal policies created within IdM application to ensure access control policies in the Application Access Controls Governor (AACG), exert both preventive and detective effects; the run tasks and analyzed the task results, debugging errors related to those tasks.
• Application definition and testing connections sending ICMP echo request packets ("pings" - MS POWERSHELL scripting) to one or more internal sources to ensure connectivity for uploads or downloads were complete.
• Conducted full assessments of the entitlement catalog, the reporting features within SailPoint, the identity warehouse, how the Administrator managed access from user base; evaluated the export/import objects (User data) from SharePoint into OIM and SailPoint IdM solutions; and assessing the access request process.
• Provided analytics around security controls over the existing IdM infrastructure, processes and procedures, which included a clear analysis of existing risks such as (SODs), Provisioning / De-provisioning and RBACs. Made recommendations for improvements and provided the roadmap to completing the process.
• Recognized by client leadership as a strong technical leader, staff mentor, and 'go to' resource with a passion for client service and consistently exceeding expectations.
• Defined and delivered user sessions for the newly designed SailPoint IdM tool, which included over 300 participants from Access Owners, mid-level management to executives.
• Created processes, policies and procedures to align with IT needs and environment that meant industry and regulatory standards (i.e., ISO, NIST, CoBiT, SoX, etc.) Governing the end client.

Confidential, McLean, VA

Consultant (IdM Architect / Administrator / Governance)

Responsibilities:

• Lead a technical project team in major efforts to streamline central identity management systems via the implementation of an up-to-date IBM ISAM platform supporting internal/external IdM protocols - set of business processes, policies, data governance, and supporting technologies that enable appropriate and timely creation, maintenance, and use of digital identities.
• Lead the Implementation of IBM ISAM version 9.0 (Hyper-Cloud Environment):
• IBM Security Access Manager Platform - Web Services Security platform (required functions):
• Web Reverse Proxy
• Layer 4/7 load balancers
• X-Force Protection
• Distributed session cache
• Advanced Access Control Module - Mobile Services Security platform (functions implemented):
• Authentication
• OAuth 2.0 API protection
• Context-based access
• Device fingerprinting
• Device registration
• HOTP and TOTP Key Manager
• Fine-grained authorization / XACML 2.0 - Access Control policies
• Federation Module - Supportive Service for Single Sign-On Users Across Enterprise Applications (functions Implemented):
• SAML 2.0
• Open ID Connect
• Module chains / STS modules
• Access Manager Supporting Components - Supporting Functionality for Local interfaces and Policy Server
• Appliance Manager
• REST APIs - Web services Documentation
• Policy Server - Admin Tasks
• Embedded LDAP server
• Authorization Server
• Reviewed Product requirements to ensure compatibility with current state system requirements and appliance specifications for the solution.
• Testing:
• Lead as QA tester, overseeing quality-assurance testing and teams for client software and systems development project.
• Performed system, unit, performance, load, regression, stress and data interface testing.
• Provided developer teams with detailed reports on quality metrics, identified bugs/flaws and recommended fixes.
• Lead design of multiple simultaneous projects, develop and maintain core architectural constructs, provide architectural leadership to development teams, and serve as the primary application architect resource.
• Results:
• Created client’s first comprehensive database of documented test defects and procedures to enable accurate replication and ensure compliance with standards.
• Documented software defects using bug tracking system and reported defects involving program functionality, output, online screen and content to software developers.
• Delivered thorough QA testing reports that determined product quality and release readiness.
• Responsible for the technical design and delivery of IBM Security Identity Governance & Intelligence solutions to manage the automated Joiner, Mover, Leaver (JML)process for all identity types across multiple business organizations.
• Lead the Implementation several emerging technologies around IdM (OIA/OIM, SharePoint) and standards addressing various aspects of the problem of security in SOA (service-oriented architecture), e.g., WS-Security, SAML and XML. OOTB connectors deployed (e.g., REST APIs, ACF2) to ensure secure mobile backend communication with external services - aligning Mobile backend to Platform APIs (e.g., Mobile User Management (MUM)., Data Offline (@ rest) & Sync, Analytics, Application Policies, Storage, Notification, Databases, Location, etc.).
• Responsible for the technical design and delivery of a new IBM Security Identity Manager solution to integrate with the provisioning aspect of targeted 264 applications spanning across multiple backend technologies and multiple authoritative data sources requiring complex workflow construction, data modelling and many extensions to the core ISIM offering; overseeing the implementation of IBM’s Identity Governance & Intelligence tool (IGI) v.5.2.
• Collaborated on and monitored the activities of a variety of IAM-related project and initiatives to confirm coordination of efforts, appropriate integration, and synchronization of key project timelines, product/service implementations, and system enhancements.
• Developed and defined the requirements definition and system design of an IdM system with redundant site architecture (fail-over) to address Financial Institution’s Identity Management System’s needs. 360 Degree DevOps” focused on four major stakeholder groups, identifying their pain areas, needs for improvement and expectations while designing a robust solution.
• Established an effective approach to collaborating and communicating IAM/IdM risks with business and technical stakeholders to ensure that risks were clearly characterized, effective remediation plans are established, remediation milestones are met, and risk acceptance processes were appropriately followed per organizational and regulatory standards.
• Managed third-party risk management programs, including collecting and reviewing information and artifacts from third-parties, analyzing potential risks, presenting findings to key business teams, and supported the negotiation of any necessary contract security provisions as directed.
• Oversaw the correlation and threat analysis of security data, such as vulnerability assessments and threat service feeds, security tool output, and configuration management system data, to identify, evaluate, and prioritize remediation of potential risks, and segregate exceptions
• Identified control gaps and developed remediation plans. Streamlined documentation by eliminating overlapping information. Analyzed GRC and Segregation of Duties (SODs) reports over financial and system controls, issues and developed corrective action plans (CIPs), followed same through remediation process.
• Implemented tool sets to augment RBAC reviews throughout businesses applications and platforms - ensured compliance around SODs; identity and access privileges - developed identity management strategy, process flows and implementation through-put. Managed the integration of access solution(s) e.g., RSA Cleartrust, RSA IMG for MAC Pro, Windows, and Linux O/S environments.
• Provided Identity and Access Management solutions support with the development, architecting and implementation of Identity Access Management solutions (OIM/OIA) for client(s); with more than 350 internal and external customers, starting from requirements stage to go-live.

Confidential, Washington, DC

Sr. Manager (IT Security & Compliance Audits)

Responsibilities:

• Developed or modified objectives, work plans, guidelines, scope, methods, staff requirements, and time schedules to meet project needs
• Oversaw report preparation and ensure effectiveness of presentation, adequacy of supporting data, and conformance with policies and SoX Auditing Standards.
• Reviewed audit programs, work papers, audits in process, and reports to ensure, (a) adherence to the audit plan and prescribed policies and SoX standards; (b) the quality and effectiveness (i.e. content, clarity, and conciseness) of individual work products; and (c) Directed revisions or corrective actions to draft reports and testimony as needed
• Lead audit entrance and exit conferences with multiple officials for client base to present findings and recommendations as appropriate
• Provided evidence to support conclusions and recommendations to negotiate/persuade management’s acceptance of results related to findings in audited areas.

Confidential, McLean, VA

Sr. Manager (IT Security Audit)

Responsibilities:

• Responsible for implementing, directing and overseeing the internal audit and compliance program for domestic and international offices.
• Conducted and directed audits and ongoing reviews of organizational internal controls, operating procedures, and ensured compliance with internal policies and local/state/feral regulations for end-clients.
• Reviewed and appraised the soundness, effectiveness, and proper application of IT, accounting and financial controls, compliance procedures and controls and timeliness of documentation generation.
• Assessed the adequacy and extent of programs designed to safeguard organizational assets.
• Complied and issued audit reports detailing conclusions and provided recommendations for improvements.
• Directed and appraised the activity of audit and compliance staff.
• Recommended client and modifications to internal procedures as needed.
• Served as Corporate/Agency liaison for all external auditors and regulatory agencies.

Confidential, Washington, DC

Consultant - (IT Audit)

Responsibilities:

• Directly responsible for directing the implementation of procedures and control to assure compliance with applicable regulatory and legal requirements as well as good business practices.
• Established and overseeing formal risk analysis and self-assessments programs for various information services systems and processes.
• Conducted client IT and financial audits to ensure that compliance with Regulatory and legal (i.e., PCI, NIST, CoBiT, FISMA, FISCAM, etc.) requirements were meant by each client/business.
• Established and oversaw a formal vulnerability and testing program, which serviced the end-client.
• Acted as a liaise with the internal Audit group, Corporate Compliance, Office of General Counsel and Risk Management to remediate new and outstanding issues; tracked security-related issues in the GRC systems.
• Oversaw end-client’s system security policies, standards, guidelines and baselines.
• Promoted and monitored end-client corporate wide security awareness program.
• Developed, promoted and monitored the end-client’s Record Retention program. Fostered data awareness, by working with end-client’s business units to ensure data was properly classified.