PROFESSIONAL OBJECTIVE AND SUMMARY:

• To assist global corporations in architecting and maturing Governance, Risk and Security Management Programs.
• Core focus is integration with business leadership to remove ambiguity and prioritize high profile initiatives within Risk, Information Security and Privacy functions.
• My expertise resides in the Governance Risk Management specialty areas to establish holistic technical stack and lead technical risk implementation and roadmaps leveraging frameworks like COBIT, CSF, ISO 27001, HIPAA, NIST 800 - 53.Delivery of global communications and change management processes to various business functions as part of implementing multi-year Risk Technology Program roadmap.
• Cyber Risk Transformation with technology integrations
• Transformation leveraging Archer GRC, MetricStream and OpenPages
• Business advisor to Senior Management across various functional units
• Risk Reporting - KPI’s, KRI’s and various Risk Metrics Management
• Governance Risk & Security communication and strategy

EXPERTISE IN:

Risk Transformation ServicesIndustry lines

Financial Services

Investment Banking

Pharmaceuticals

Hedge Funds

Automotive/Heavy Manufacturing

High Tech

Retail and Consumer

PROFESSIONAL EXPERIENCE:

Confidential

eGRC Archer Architect

Responsibilities:

• Designing and managing end to end Archer 6.X Use Case design and development for Cyber and Risk Programs
• Re-visiting existing operational Use Cases and advising business stakeholders to gather requirements for optimization during the Archer 6.X in-place upgrade
• Managing end-to end life cycle for eGRC implementations ranging from inception to deployment
• Solution architecture for implementing GDPR and Privacy Portal in Archer for Europe and US based business units
• Designing Information Compliance Center (leveraging CSF, COSO, NIST, SIG, ISO27001) to tackle external client and third party privacy requests related to security risks, digital information and data privacy risks
• Leading 5 member cross functional global team to manage following Cyber Security and eGRC integration
• Enterprise Management - Asset Integration with Remedy and Qualys
• Risk Management (Top Down and Bottoms up Risk Assessment, Risk Register)
• Internal Audit Management with Service Now
• Cyber Security Integration Program Management
• DLP integration with Archer GRC
• Dell Secure Works Integration with Remedy via API
• SpotFire Integration with Net Witness

Confidential

eGRC Archer Manager

Responsibilities:

• Managing end to end Archer Implementation lifecycle and platform for our clients ranging from Archer Control Panel Operations, Environment Synchronization and version upgrades
• Liaison with Business partners i.e. 17 risk areas ranging from Procurement, Finance, Export, Information Security, Trade Secrets, Operations, Supply Chain to develop common Risk Taxonomy and Technical Strategy (STACK) for Confidential (compliance and regulatory) integration, defining and measuring risk reporting principles for Business
• Lead the communication and strategy for Archer release function with various Lines of Businesses / Divisions (CAT Solar, Finance, Mining, and Dealer) to align technical architecture with Enterprise wide Architecture initiatives (GIS)
• Prioritizes and manages risk (all pillars) exposures as an interrelated risk portfolio rather than as individual “silos”
• Key interface to VP, Legal Counsel and Chief Privacy Officer (CPO) to help drive the security and privacy risks remediation effort leveraging corporate risk charter
• Assisted in development of a structured process via Risk Acceptance Program for the management of all risks (primarily quantitative or qualitative in nature) throughout Business Functions
• Demonstrated leadership in working with C-Suite executives, particularly in the Enterprise Architecture, Ethics and Cyber Risk discipline, experience establishing and implementing departmental strategy, managing short-/-long-term projects and professional staff.
• Responsible for overseeing development and implementation of Risk Management/GRC technology stack, operating model, and policies to analyze and report risks, and to manage information risk faced by the company.
• Oversee and develop the process to gather, analyze, and report RM metrics and KPI’s to VP’s, peers, and senior management

Confidential

Enterprise Risk Architect

Responsibilities:

• Risk rated (Risk Register) more than 400 internal and 200 external customer facing products (tools) for Microsoft leveraging Risk and Controls Self- Assessments (RCSA)
• Lead architect to align Nokia eGRC stack (Archer and Metric Stream) with Microsoft eGRC technology stack during the merger of two corporations
• Development of custom application framework for designing GRC stack (SWITCHBOARD) and executing Risk Control Self Assessments for Microsoft Services across all Global Business Units
• Design and architected worldwide services Incident Management Integration with Netwitness, DLP and custom application stack for Cyber Security Incident Center
• Designed and enabled Tools assessment and Controls Assessment for cyber security risk mapping with Risk Register, Exceptions, Issues Management and findings leveraging RSA Archer technology
• Lead architect to design SLA’s for their Incident Management Team supporting Cyber Security Services for Corporate (Global Solution)
• Liaison with worldwide teams, especially with NOKIA services to establish centralized “Risk ID” and Risk Treatment framework

Confidential

SaaS Vendor Risk Program Architect

Responsibilities:

• Spearheaded Global Vendor Management Program from inception to execution spanning across 22 countries and incorporating one global vendor master augmenting 25,000 vendors from spend database, A/P, Ariba and SAP and consolidating them into Archer’s Vendor Risk Management system
• Designing the solution dependencies within the corporate environment and writing business rules to in corporate various financial and regulatory checks for creating vendors holistic risk profile globally
• Review the SSAE 16, SOC 2 and design custom criteria’s and Agreed Upon Procedures to design control based risk assessments which are targeted to the SaaS based vendors and global tiered vendor
• Provided a strategic advisory role to the “C” suite to design their global vendor management operational phases and execute the program 24*7*365 as a “Managed Service” with consulting resources tapering off after the launch Leveraging Archer’s Risk Register to create a dynamic Heat Map based on vendors characteristic and key business drivers to stratify vendor population and create a risk profile on global vendor inventory listings

Confidential

Risk Program Engineer

Responsibilities:

• Program lead for implementing core nine modules in Archer GRC ranging from Incidence management, Risk management, Vendor Management, Third party management, Enterprise Infrastructure, Threat and Vulnerability management.
• Led several groups in the realm of application security, network security, security operations, and compliance to develop and integrate security into an end-to-end enterprise architecture
• Functional lead for Enterprise Infrastructure Module comprising of global CMDB’s, Global Facilities and Contacts integration with Problem and Incident management module in Archer.
• Simplified Complex Manual Business Process Flows into Automated Solutions Using Archer and Data Modeling skills.
• Well versed in analyzing business and functional requirements for designing custom archer solutions and assessments ranging from Control Self Assessments, Risk Assessments, Third Party Assessments and Vendor Assessments
• Mapped PRC matrix with Unified Control Framework integration from various regulatory frameworks maintaining compliance within global organizations
• Integrated Qualys and Nessus for Threat and Vulnerability management relating to asset level compliance
• Architected integration with security systems like Envision, DLP, Green plum, Netwitness, RSAM and Loglogic into Converged Single Incident management solution of Archer
• GRC technology enablement, integrating/automating risk capabilities, risk assessment and compliance transformation, continuous controls monitoring and controls optimization
• Support end-to-end compliance reviews and where risks cannot be appropriately mitigated; assist in preparation and execution of the Risk Acceptance process, describing the level of risk, areas of non-compliance, and identification of mitigating controls

Confidential, MD

Infrastructure Consolidation Lead

Responsibilities:

• Working with the core GSO leadership team (VP’s and above) on the high visibility proven Gateway Reduction and Enterprise Risk project which had international Scope
• Travelling to various sites across the globe and performing Risk assessments based on NIST 800-39 methodology
• Assessing the Business Organizations various risk functions and leveraging NIST guidance to consolidate it one central enterprise level Risk management function
• Liaisons with “C” level executives for understanding the various gateway risks from a Mergers and Acquisition standpoint
• White boarding and laying out strategies for re-routing both Associate and hosted internet traffic off the edge to senior architects and program manager in turn saving $ 3 Million annually for Global Network Services (deployment cost) and $ 1 Million to Global security for securing the edges worldwide
• Designing the Advance Database System and intelligent metrics mechanism to populate 123 Confidential gateways worldwide and generate KRI’s and KPI’s
• Being an active member of the “Gateway technology and Compliant Standards and Gateway Costing” for Confidential Global Enterprise
• Deriving the Cost to Secure vs. Cost to Reduce (Financial Risk Management) using advance derivatives and costing algorithms
• Working with CBSO and CRO teams worldwide to understand and comprehend the Business, financial and systems risk by reducing the unwanted gateways

Confidential

Deployment Manager

Responsibilities:

• Design and developed process flows for understanding various authentication mechanisms across Confidential as a global enterprise.
• Understanding the risk involved with leveraging new authentication measures and concepts along with two-factor authentication and Tier 0.
• Collaborating with Design team of “EASY PAYNET” to customize and optimize the application and also the authentication gateway for adaptive authentication of external users.
• Currently managing 7 million unique users into the adaptive authentication, setting up access rights, customizing rules and align the system for adhoc and custom users.
• Designing and modulating the rules for users interested in performing payroll from advance mobile devices like Ipad and Iphones and blackberry and Galaxies.
• Currently actively conceptualizing the framework to deploy RSA-AA across two other internal Confidential applications and fine tuning authentication rules for the users.