SUMMARY:

• Experienced Senior IT Business Analyst with emphasis on Security / Risk / Compliance / Cyber Security / IAM professional with over five years relevant experience in industries of retail, healthcare, finance , security , compliance and practice management, care coordination, patient communication, business development, human resources, and budget supervision.
• Complete Understanding of Software Development Life Cycle (SDLC), involved in various phases like Requirements, Analysis/Design, Development and Testing.
• Highly experienced with Agile and Waterfall methodologies
• Highly experienced in analyzing, management, and validation of requirements throughout the projects.
• Expert in writing Functional and non - functional requirements
• Extensive experience gather requirements in Identity and Access Management area with Oracle Identity Manager (OIM) and Sailpoint IIQ
• Worked closely with various project stakeholders, product managers, SMEs, functional analyst, and Customers to understand Business & reporting/ Integration requirements and design specifications for new applications along with enhancements to the existing applications.
• Highly proficient in writing User stories , creating Use Cases, Use case diagrams, Workflow Diagrams , Sequence Diagrams, and Class Diagrams etc. Strong experience in training of end users and Documenting Training Manuals
• Experienced on implementing compliance SOX / HIPAA / SAS70 standards.
• Expert in identifying gaps, which require operational change in order to optimize system solutions by GAP analysis.
• Proficient in Acting as liaison between management and development team and QA team for requirements
• Proven effectiveness in building and maintaining a strong rapport with primary decision-makers: physicians, chief officers, directors, frontline practitioners, and healthcare administrators.
• Familiarity with information systems, regulatory compliance issues and business operations in an academic and medical setting.
• Perform information security risk assessments and assess security posture of systems infrastructure in order to correct vulnerabilities in the most efficient manner
• Highly motivated, organized and capable of working in groups, as well as, independently with minimal or no supervision.
• Vast experience of working in the area data management including data analysis, gap analysis and data mapping.
• Good organizational, analytical, interpersonal and communicating skills, team-player and self-starter.

TECHNICAL SKILLS:

Methodologies: SDLC, Agile, Scrum, RAD(Rapid Application Development)

Documentation: Business Requirement Document (BRD), User Stories, Story board, Use cases, Functional Specification Document (FRD), Data Mapping, Risk Analysis, BVA, Requirement Work Plan, RACI matrix, UAT Test Plan

Diagrams: Wire-frame, Activity, Block, UML, Collaborative Swin-lane, Business Process / Flow, Decision Tree/table, Entity Relationship, Sequence, Class, Cause and Effect, Data flow

Modeling Tools: IBM Rational Rose, MS Visio, Erwin Data Modelling

Other tools: MS Project, Project Link, Project Link, Business Objects

PROFESSIONAL EXPERIENCE:

IT Security Consultant / Identity Access Management

Confidential, MN

Responsibilities:

• Work in the Identity Access Management team, responsible for defining, documenting, and improving Access Management integration processes, procedures and controls. Supports Oracle Identity Manager (OIM) and serves as an Access Management Subject Matter Expert (SME) within Target and continually overseas the integration process to ensure adjustments are properly made to the ever-changing business and security requirements for IAM.
• Collaborate with client stakeholders to gather information needed for business applications maintenance
• Gather requirements and create system level requirements documents for SOX applications
• Work with IT and audit teams to gather information necessary to determine the appropriate method for access provisioning and create system test cases to perform system testing
• Develop and maintain “ role base access control ” for applications being onboarded or currently in use.
• Integrate role-based access control with enhancements including single sign-on , end-user provisioning, and synchronization services with the existing applications and systems
• Identified application owners, entitlement approvers and security administrators and worked closely with them when needed
• Consistently brought IT security best practices to identify data owners, custodians, approvers, and approvers along with managing all related documentation and records in an appropriate manner
• Developed an onboarding documentations and user guides and functional training materials for new hires
• Develop project documentation such as requirement documents, process diagrams, end-user guides, and strategy presentations
• Assist with application integration, external vendor management security controls, and audit recommendations and identity risk and opportunities to improve internal controls
• Assist in the documentation of security policies, procedures, standards and guidelines related to the eight domains of security

IT Business Analyst / Security & Compliance

Confidential, MN

• Project involved working in the security and compliance space on various issues and plan and perform compliance review activities that independently evaluate the adequacy and effectiveness of critical end-to-end process and controls relevant to Well Fargo’s Consumer businesses.
• Assisted with planning and compliance validation activities that independently the adequacy, comprehensiveness and effectiveness of corrective actions taken by consumer businesses to remediate critical regulatory issues.
• Identified risk, developed a “clean desk audit” protocol and met with various levels of management to continue discussing its implementation
• Identified deficiencies and recommend solutions to complex issues
• Lead or assist in investigating and reporting issues, as needed, conducting inquiries, obtaining and reviewing necessary documents and interview team members, as appropriate
• Designed a tool to capture procedure gaps and contributed in creating job aids to enhance the business process and mitigate risk
• Assist with the development of compliance and policies training materials
• Maintain an understating of business operations and regulatory guidance and expectations
• Developed business requirements and leading implementation efforts on ad-hoc AML projects
• Develop and maintain an understanding of LOB policies and procedures, and applicable risks spanning all risk areas
• Identified application owners, entitlement approvers and security administrators and worked closely with them where needed
• Created application security profiles based on the individual application access including Role-Based Access Control (RBAC), Permissions and Entitlement, User Rights etc.
• Understood the entitlement provisioning and elicited requirements to populate application
• Created documents providing examples of adequate control evidence
• Conducted risk assessments on various Lines of Business (LOB)
• Acted as team lead for interns during preliminary round of quality assessment
• Ensured that segregation of duty (SOD) roles are properly administered
• Produced reports detailing information on request regarding assessable units, focal points, and BMA status
• Provided the required access to Archer on request to specified employees
• Conducted the appropriate follow up of issues identified through the risk assessment process or audits/examinations
• Participated in joint meetings where high profile risk cases are flagged and resolution process can be determined
• Functioned as expert in determining findings from observations, and associated risk levels
• Consistently brought IT security best practices to identify data owners, custodians, approvers, and approvers along with managing all related documentation and records in an appropriate manner
• Ensure that system owners correctly process timely removal or modification
• Execution of information systems audits, including data privacy, data security or network security
• Usage of GAA remediation tool combined with V-lookup in Excel to discover discrepancies
• Collaborated with ticketing system to determine system gaps and laps in performance
• Routine usage of active directory (AD) to determine & assign access level or groups
• Database analysis regularly reviewing global customer base

Confidential

IT Business / Security Analyst

Milwaukee, WI

• Conducted JAD sessions with stakeholders throughout SDLC to resolve open issues.
• Conducted interviews with key business users to elicit, collect and manage requirements and prepared business process flowcharts. Created RFPs and evaluated vendor proposals.
• Developed business requirement and specification documents as well as high-level project plan and translated business requirements into data and process models.
• Created detailed level test scenarios on HIPAA compliance testing. Gathered business requirements from business users such as Insurance Policy Managers and drafted business requirement document (BRD).
• Worked with the management for improving and giving new ideas for designing future processes of the HIPPA format dealing with EDI transactions, claim adjustments, claim processing from point of entry to finalizing, claim review, identifying claims processing problems on Facets Platform.
• Assisted Quality Analyst in preparing Test Plans and Test Cases.
• Set up work flowcharts using UML, and worked in close conjunction with Business Process modeling tools for users for the procedures in claims with the help of SMEs.
• Performed relational database design and modeling and conducted multiple SQL querying.
• Participated in meetings with Developers, Project Managers and Quality Analysts to discuss business requirements, test planning, resource utilization and defect tracking.

Risk and Compliance Analyst

Confidential,Milwaukee, WI

• Implemented and maintained compliance programs, policies procedures, and programs manual, including documentation
• Supported 4 projects management of corporate compliance initiatives
• Performed a quarterly internal compliance audit
• Acted as a Subject Matter Expert on compliance and regulatory laws for employees and management
• Facilitated the annual certification training for employees in accordance with state and federal laws
• Facilitated management monthly meetings; documented and communicated business needs and proposed solutions to the president of the Confidential
• Designed an effective tool to reduce scheduling errors which optimized team member performance
• Maintained current knowledge of laws and industry guidance that impact the Confidential compliance program