SUMMARY

• He has seventeen (17) years of experience in delivering Cyber Security, Risk Management and Identity Management solutions.
• With focus on both Enterprise and Consumer Identity and Access Management (IAM), He has held numerous leadership roles at large enterprises across industries to deliver IAM strategy, roadmap, design and deployment solutions.
• He has participated and presented at executive steering committees and architecture review boards at many of his clients to drive Identity Management change across the enterprise.
• He has industry experience covers Financial, Public Sector, Healthcare, Telecom and Retail

TECHNICAL SKILLS

Frameworks, Standards and Best practices: SOX, ISO27001, PCI - DSS, NIST, COBIT, ITIL, SABSA, RUP, UML, TOGAF, HL7

Software / Products: IBM Tivoli Identity Manager, Oracle Identity Manager (OIM), Oracle Identity Analytics (OIA), Active Directory, Exchange, Weblogic, JBOSS, Aveksa, Sailpoint, ForgeRock, Enterprise Architect, Nessus, Nmap

Security Services: Access Governance, Identity Management, Server Hardening, Security Auditing, Security Standards development, Vulnerability Assessment

Internetworking Technologies: TCP/IP, IPX, SNA, SSL/TLS, IPSec, FTP, SSH, SMTP, SNMP, Firewall, VPN, IDS/IPS, load balancer

Programming: Eclipse, Java, J2EE, JavaScript, JShell, BeanShell, AngularJS, Python

PROFESSIONAL EXPERIENCE

Confidential

ForgeRock Consultant, Solution Delivery

Responsibilities:

• Participated in CIAM Requirements sessions as part of the Channels Technology group at BMO
• Conducted design sessions with particular focus on ForgeRock OpenAM, OpenDJ, OpenIG and OpenIdM (versions 6.0 and 6.5)
• Installation and Configuration of ForgeRock AM 6.5, DS, IG and IDM.
• Hands - On experience in development/integration background in ForgeRock OpenAM.
• Developed and integrated an unprotected website to fully functional access management solution using ForgeRock OpenAM.
• Implemented basic user Self-Service feature, account lockout after multiple attempts, second factor authentication such as HOTP and push notification.
• Very Strong experience in creating policies to refine the access so that only some users can reach specific areas as per requirements on OpenAM.
• Executed extended entitlements using step-up authentication, transactional authorization and tightened access across the web portal.
• Technical experience with SSO.
• Expertise in extending services using OAuth2.0 based protocols namely OAuth2.0, OpenID Connect (OIDC), and UMA to show how low level devices and mobile applications can request access to resources and how those resources can be shared with third-party applications.
• Experience in installing, configuring and customizing Access Manager and Directory Server.
• Good knowledge in SAML based authentication with SP and IDP
• Strong fundamentals in Load Balancing/Clustering AM.
• Knowledge in Token Technologies such as: SAML, OpenID Connect, JSON Web Tokens.
• Demonstrated how the product can integrate with external identity stores, pull customer identity information from an external source, and have a bidirectional sync with existing identity using Forgerock IDM.
• Implemented Biometric authentication which is native touch ID and face ID ways of authenticating users.
• Integrated Forgerock IG as a proxy server which intercepts all the request that comes to the application and send it back to the Forgerock OpenAM for authentication, which acts as a policy decision point to allow the requested resource.
• Installed Forgerock Amster tool which is used for importing and exporting configuration from one AM instance to another AM instance.

Confidential

ForgeRock Consultant, Customer IAM Strategy

Responsibilities:

• Responsible for offering advice and consultation in relation to Customer Identity and Access Management (CIAM).
• Reviewed and provided input into CIAM Capability model and Use case definition.
• Focused on key use cases that covered - Registration, Authentication, Authorization, and Policy Administration
• Delivered, as part of a team, detailed functional CIAM requirements that led to a competitive RFP to select the future CIAM platform.
• Conducted research and prepared a PoC plan based on vendors that included - ForgeRock, ISAM, Okta, Ping and Transmit Security.
• Facilitated current and target state workshops, and sought input from various stakeholders including - CIAM tech lead, enterprise architect, solution architect and business analyst
• Reviewed BMO’s current CIAM processes across Lines of Businesses (Retail, Wealth and Commercial) and across various self-service channels (Online banking/web, Mobile, Tablets, IVR)

Confidential

SailPoint Consultant and IAM Strategist

Responsibilities:

• Facilitate an end-to-end deployment of SailPoint IdentityIQ, by ensuring Confidential ’s priority functional capabilities were well articulated and represented via proof-of-concepts
• Features and capabilities included during PoCs: Identity, accounts and entitlement reconciliation, configuration of connectors to key target systems (AD, LDAP, Oracle), Integration with ServiceNow and Workday.
• Demonstrated HR event based triggers into IGA supported by RBAC, Access policy, and certification campaigns.
• Configured Workday Connector, ServiceNow Integration, AD connector, LDAP connector and Oracle connector.
• Deployed IIQ on CentOS and Tomcat app server
• Defined upstream authoritative book of record (HR) feed, extended attributes, connector specs, hibernate files, and identity status attributes
• Using above on-boarded employee and contractor identities
• Defined downstream target system requirements by defining request-able, attestable and provision-able attributes
• Configured reconciliation rules and identity mappings and collected accounts and entitlements
• Demonstrated and configured Orphan account management processes, certification campaigns and role discovery techniques
• Integrated ServiceNow with SailPoint’s native REST APIs to trigger Joiner lifecycle event.
• Developed custom Java Beanshell scripts to query extended attributes from target REST endpoints during execution of provisioning policies
• As an independent advisor, responsible for the definition of the Enterprise IAM capability model and development of Confidential ’s IAM Strategy over the next 2 years
• Offer independent opinion on the current state of IAM processes from maturity standpoint, in all key domains under Identity Governance and Administration (IGA), Access Management (AM) and Organizational structure
• Develop a forward looking strategy, through facilitated workshops with stakeholders from IAM Core team, PMO, Vendor Management, Trading Support, Client delivery etc.
• Leverage various analysts research (Gartner, Forrester etc) and industry knowledge to vet and advise on available IAM product suite.

Confidential

SailPoint SME and IAM Strategist

Responsibilities:

• As an independent advisor, responsible for the definition of the IAM reference model and development of Confidential ’s IAM Roadmap/Strategy
• Offer independent opinion on the current state of IAM processes from maturity standpoint, in all key domains under Identity Governance and Administration (IGA), Access Management (AM) and Organizational structure
• Develop a forward looking strategy, through facilitated workshops with stakeholders from Architecture, IAM, Risk, Audit, Operational security and Regulatory Compliance
• Ensure IAM strategy considers emerging technologies and disrupters including - Blockchain, IoT, Robotic Process Automation (RPA), Distributed Trust framework, Customer IAM, Behavior Analytics and Mobility
• Evaluate and provide opinion on leading IGA vendors including - Sailpoint, Saviynt, RSA Via, Micro Focus etc.

Confidential

Advisor/Solution Architect

Responsibilities:

• As part of the TRMIS - Identity and Access Management team, serve as the solution architect / advisor to the Role Management Interface project
• Responsible for the architectural blueprint and solution design specification
• Advise RMI team management on IAM best practices and industry lessons learned
• Responsible for artifacts in support of RMI’s transition to a centralized corporate support team

Confidential

Subject Matter Expert

Responsibilities:

• Lead a team of 25 Business Analysts, Team Leads, Developers, Testers, and Access Governance Analysts on a multi-year Identity Management project
• Expert understanding of Access Request Management and Role Management covering aspects of Technology implementation, Business Process and Change Management
• Responsible for the end to end coordination of all aspects of project management including - project scheduling, resource allocation, issue resolutions, risk management/escalation
• Lead executive status meetings, working committee sessions and served as primary point of contact for Lines of Businesses
• Responsible for the execution of the Access Request Management project, where the goal was to implement the processes and technologies using the RSA Via v7 (formerly Aveksa) solution
• Integration with the RSA Via Business Role Manager (BRM) and Automated Fulfillment eXpress (AFX) was also part of the scope

Confidential

Sr. Manager

Responsibilities:

• Led the Bank’s SailPoint PoC to demonstrate applicability of lifecycle manager, compliance manager and provisioning policies
• As part of the Identity and Access Management program, the Access Governance team is responsible for defining the access governance framework and operating model.
• Managed a group of Sr./Security Analysts and provided leadership in defining the mandate of the group, in particular by defining the access governance controls and risk monitoring framework
• Led the alignment of access controls within the Access Governance space and enterprise controls repository (Archer)
• Identified key Access Governance initiatives in-line with overall enterprise mandate. Key initiatives include - Access Governance standard and operating procedures development, AG framework and operating model, Implementation of the Access Request Management module (Aveksa ARM)
• Served as a key stakeholder in the Privileged ID management project and offered input into Priv ID management processes and use cases.
• Worked with various LoBs within the bank in advocating the Access Governance management standards
• Provided oversight in the execution of the Access Request Management project that was based on the Aveksa Access Request module.
• Led the promotion of the Access Governance Management standard through the IT Standards board and Enterprise Technology Governance board.
• Offered architectural insight by working in collaboration with developers and BAs.
• Participated in vendor selection of Priviliged ID management and access request management solutions.