Summary

• Senior consultant with 15 years of combined Operational, Tactical and Strategic experience in Information Security, IT Governance, Risk Management, Privacy and BPM. Former security consultant for Ernst Young TSRS services. US Citizen and eligible for necessary security clearance process.
• Information security risk management solutions towards Intellectual Property/Data Breach, Cybercrime, Outsourcing/3rd party, Corporate Internet, Cyber Threat Intelligence, and Emerging Technologies. IT GRC strategies utilizing OCEG, CAG, CoBiT, NIST SP - 800-30, OCTAVE, ISO27002, ISO27005, RiskIT ISACA and Microsoft frameworks. Security incident management design using SANS/CERT prescriptive guides.
• Security Privacy compliance frameworks including Banking Finance GLBA, FFIEC, BASELII, FTC Redflag, Credit Card PCI DSS, EU Directive on Data protection, SOX, US Federal Privacy SPAM, COPPA, US State Laws, MA 201 CMR 17, Critical Infrastructure Protection NISPOM, NIPP, General CoBiT, ISF, ISACA, CERT, IIA, NIST, ISO and UCF frameworks.
• Operational IT Security Controls management including Network and Infrastructure Firewalls, Routers/Switches, VPN/Remote Access, IPS/IDS, Web Security, Servers/Desktops, endpoints, Data Encryption/Transfer, Security event/log management, Server Security AD/Unix, DNS, Patch management.
• IT General Controls Audit of various systems using global audit methodologies. IT Change Control Process framework implementation utilizing VisibleOPS philosophy. Test environments include Windows AD, AS/400, SAP, Oracle, UNIX, Linux, SQL, ERP SoD for SAP, PeopleSoft and Oracle utilizing Approva/custom tools.
• Information Security Policy Development and support including Standards, Guidelines and Procedures. Develop necessary controls and administrative procedures to enforce and audit policy compliance and audit.
• Enterprise Security Architecture development using SABSA Zachman frameworks. Analyze and design the Enterprise Security Architecture to meet the security, technical and business requirements and align with the Enterprise Infrastructure Architecture including Identity Access Management IdM, Identity Federation etc.
• Vendor IT/security solution design with IBM, HP, Cisco, Oracle, SAP, Microsoft, Qualys, Fortify, Metasploit, CheckPoint, EMC, RSA, Symantec, Strohl Systems, Ernst Young, CERT, CMU-SEI. Special knowledge of Oracle Database Security products Database Firewall, Database Vault, Audit Vault, Advanced Security
• Advanced Penetration Testing Methodologies with functional coverage for Load balancers, deep packet inspection, IDS/IPS, Web applications, Application Firewalls, LAN/NAC, workstations/GPO, host based IDS/IPS, AD control, Database etc. Framework design based on SANS, EC-Council, NIST 800-53 controls, OWASP, Qualys, and white hat tools for networks and applications infrastructure.
• Secure Software Development SDL reviews utilizing Microsoft, CMU-SEI, SQUARE, NIST methodologies. Web Application, Database Secure Coding using IIA, CMU-SEI, OWASP, .NET/J2EE guides.
• Secure Software Program Management using BSIMM Maturity Model and software security frameworks for Governance Strategy and Metrics, Compliance and Policy, Training, Intelligence Attack Models, Security features and design, Standards and Requirements, SSDL Touch points Architecture Analysis, Code Review, Security testing, Deployment Penetration Testing, Software Environment, Configuration and VM .
• Unified Network Communications pre post sales engineering support in complex in-house and SaaS environments including VoIP, Server and storage Virtualization, Multi-media and Wireless, Network Perimeter Security zone Architecture Policy Management.
• Disaster Recovery/Business Continuity Management lifecycle design including Business Impact Analysis, RPO/RTO metrics, IT Design, Qualitative/Quantitative risk analysis, tabletop exercises.
• IT-Business Strategy Consulting for small to large businesses in areas of Business innovation, IT enablers, Enterprise Risk management, Sales, Marketing, Human Capitol and Employee retention.
• People Organizational change development focused on building and delivering capabilities in areas of change management, organization design, sponsorship/leadership development and coaching, workforce strategies, communication, training in conjunction with the HR function.

Key Words:

Security/Risk Consultant, Security Architect, IT Risk Manager, Manager/Director Information Security, Sr. Information Security Analyst, Security Engineer

Contact Information

2703 Chelsey Court

Cranberry TWP, PA 16066

Sivaram.NR gmail.com

Peer Networks

• ISACA, ISSA, IAPP, OCEG,
• SANS, OWASP, iTSMF,
• CMU-SEI, CERT-CyLab, DHS, FBI,
• Infragard, FEMA, TRCPA,
• Gartner, IDC, Forrester, CSO/CIO forum,
• Cloud Security Alliance, Dale Carnegie,
• Pittsburgh Technology Council,
• Chamber of Commerce, ABA.ILTA

Key skill areas

• People Organizational Management
• Business Innovation Creativity
• Leadership Training Development
• Entrepreneurial Excellence
• Pre post-sales engineering
• Security Policy Development
• IT Governance-Risk-Compliance
• Information Security Auditing
• Identity Access Management
• Enterprise IT Security Architecture
• Data Privacy/loss prevention
• Mobile Wireless Security
• Messaging email Security
• Application/Web security
• Cloud Computing Architecture
• Secure software development
• Vulnerability Threat Management
• Basic coding Javascript, VisualBasic

WORK/PROJECT HISTORY

Confidential

Information Security Consultant/contractor

• Operation Security Risk Consultant for Wells Fargo 3rd party vendor Risk Management program information Security Assessment
• Risk and Information Systems Control Consulting Risk Identification, Assessment and Evaluation, Risk Response, Risk Monitoring,
• Information Systems Control Design and Implementation, Information Systems Control Monitoring and Maintenance
• Review, audit, and validate information security policies, procedures and standards
• Perform cost effective pre and post system migration reviews
• Identity Access Management IAM Federation design, implementation and management
• Managed Security Services and cloud computing architecture design and assessment
• Information Security/Compliance Assessment for SOX, GLBA, HIPPA, PCI, ISO 27002 etc.
• Information Security Organization Structure, Strategy and Risk assessment
• Network and Application vulnerability management services including Attack and Penetration testing
• Security Code Review and Vulnerability analysis .NET, J2EE using OWASP and other frameworks

Sr.IT Security Analyst

Confidential

• Liaise with Internal Audit, General Counsel, e-Discovery, Corporate Security, IT Infrastructure, HR, Records Management on IT Security/IP protection
• Developed innovative IP Security Threat risk mitigation solutions and processes customized for Law firm threat landscape
• Manage Operational, and Tactical information security program management for the global enterprise across US, Europe and APAC regions
• Developed an auditable global IS Security Policy Procedures framework based on threat metrics, ISO27001 and CISSP domains
• Coordinated with Records Management group, IS, Corporate Security, PMO in developing Data Classification Policy for IT Security
• Managed global Operational infrastructure Network security solution deployments, change control, incident management
• Developed an effective network Threat Vulnerability management framework and procedures as part of risk mitigation
• Supported IT LAN/WAN, Desktop, Messaging, Storage, Application, Database, Project teams at the tactical security layer
• Operational management of Firewalls, AV, IPS/IDS, Proxy appliances, Microsoft AD, DNS, desktop/server security, TLS/SSL encryption
• Deployed global Web security, Secure File Transfer/Encryption, Internet egress consolidation, IPS/IDS solutions
• Developed Security Requirements for various Web Application architectures including PeopleSoft/Oracle and Windows systems
• Other areas of expertise:- Mobile MDM, Virtualization, Cloud, Storage, Exchange Messaging, Windows OS security, Full Disk Encryption security

Information Security Consultant

Confidential

• Design IAM architectures and RFP deployments for various directory structures and access control methodologies
• Conduct detailed Information Security Assessments based on ISO27002 and risk domains
• Design Information Security Functional and Strategic organizational roles and responsibilities
• Conduct client EY Global Information Security survey benchmark Assessment and present findings-recommendations
• Member of the E Y Global Information Security Architecture/service methodology team on ISO27002 and IAM services
• EY Author/presenter on PCI v1.2 Update for ISACA Rochester Security Summit, 2008
• Conduct Mobile wireless Security Audit for Blackberry Enterprise Server and 802.1x environments
• BCM/DR design strategies including BIA, Technical Architecture, Replication, Client Charter design
• Program Committee/Session Chair at the CMU-SEI, CyLab Making the business case Software Assurance workshop, Sep.2008
• SAP, PeopleSoft Application Security/SoD rule audit assessment using Approva/EY-Analyzer tools
• Contributing member of the E Y Global Information Security, Privacy, Forensics, Enterprise Architecture, Entrepreneur of the Year EoY, and People Organizational management Groups.

Clients: Kent State University, NCR, High Mark, Corning, Crowne-Castle, Curtiss-Wright, Dicks Sporting, EDMC, Giant Eagle, HardingeConfidential

Chief Security Officer/Security Architect

• IT Contract Negotiations with Indian off shore companies for NREIS including Vendor Security Audit Policies
• SAS70 Type I/ II RFP Control Objectives development with EY, KPMG, PWC, Schneider Downs
• Governance-Risk-Compliance GRC strategies utilizing OCEG, CoBIT, Octave, Microsoft frameworks
• Information Security Risk Mitigation compliance framework utilizing ISO 27001:ISMS framework
• DR Coordinator/PM-BIA, BCP, and DR Testing with the hot site includes Virtualization Replication
• Business Continuity Management BCM Coordinator with framework based on BS 25999-2 draft version
• Enterprise Information Security Policy Procedures Development Enforcement
• Developed Security ROI computation Metrics for business guided by US-CERT, CMU-SEI, NIST research
• Identity Theft Customer Privacy Awareness Training rollout using FTC.gov best practices Best of Security Training Project 2007
• Initiated enforced a successful IT Change Control Process framework Best Access Control Project 2006
• Member of the Enterprise Content Management ECM team for establishing an Email Archiving Policy towards e-Discovery/ FRCPA compliance

Confidential

• Access Control for system users/IT personnel, Segregation of duties for system users/IT production, data backups/SAN replication, application security during systems development/SDLC
• SQUARE Security Quality Requirements Engineering with CMU/SEI-CYLab on SDLC security Methodology
• Web Application/.NET Security coding best practices utilizing Microsoft, OWASP and 3rd party tools
• Application and Database security Audit Assessment OWASP, IIA, Microsoft, CMU-SEI, 3rd party
• Network perimeter security Policy management including Firewalls, VPNs, Routers, DNS, IDS, Switches
• Vulnerability Management/Patch Management program institution utilizing white hat and Qualys/IBM
• Instituted a Penetration Testing Framework based on SANS, EC-Council OWASP practices
• Security Information and Event Management SIEM platform architectures RFP Deployment
• Implemented effective SPAM, Anti-X email/URL filtering MSSP solutions that resulted in a significant ROI

Confidential

• Managed entire RFP process and Deployment of an Enterprise SAN deployment Best IT ROI project 2006
• Lead Architect -SharePoint MOSS 2007 Project Collaboration, Enterprise Communications Business Intelligence
• Lead Architect- VMWare Infrastructure 3 Virtualization-Optimization, Business Continuity, Software Lifecycle Automation, Virtual Clients and Desktops
• Project Mgr-UPS Data Center Power Project Uptime Institute's TIER II III Performance upgrade

Confidential

• IT Asset Management solutions International exports
• Employee Incentive Performance Improvement programs.
• E-commerce Marketing strategies B2B B2C
• Web 2.0 marketing strategies Collaboration solutions Blogs, Wikis, Video over the web, Social net
• CRM, ERP e-commerce business ROI Models mySAP, Sales Force, Google
• International Business Development strategies UK, India, Asian markets

Confidential

Developed Practical techniques for protecting the security of an organization's Critical Assets, Tools/labs include PGP, SNORT/ACID, IPSec, SSH, Tripwire, ARPWatch, NMap, Nessus, DSniff, Ethereal/TCPDump, Honeypots, Cryptography, Firewall Deployment, Password Cracking, Hacking/Hardening of Linux/Windows/Cisco platforms, Wireless Security, PKI. Other topics: Security Policy Formulation, Security Assessments, and Network Security Design.