SUMMARY

• A Multi Certified (CISSP, ISA, ITIL, etc.) Security SME with 13+ years of background as a security subject matter expert and security executive consultant with security architecture and solutions as well as infrastructure and other end to end product development across various industries including financial
• Single handedly created, framed, managed security policies, compliance, risk and procedures for IAM, Cyber, Enterprise Systems, Building Structures, User Access and Applications NIST 800 - 53 guidelines for State of Delaware (DHSS). Single handedly certified State of Delaware and completed DHSS’s security assessment and certification required by CMS for business continuity and Federal HIPAA guidelines to service all the citizens for the State of Delaware.
• At Confidential (DHSS) - State of Delaware, led and Supported multi-million-dollar ($220+ million) 4 plus years program to lead enterprise systems design and citizen’s eligibility financial software automation projects for State of Delaware Health and Social Services (DHSS) department to increase productivity and reduce support costs.
• Led as Technical Program Delivery Manager and Enterprise Architect for State of Delaware overseeing multi-million-dollar Eligibility Modernization Project to convert IBM mainframe Medicaid Eligibility System to. Microsoft Net Client Server Private Cloud Platform in order to meet Affordable Care Act (ACA) Federal Mandate using US Code and Code of Federal Regulations (CFR) and NIST 800-XX guidelines
• Helped drive Steering Committee Agenda, resolve impediments, assist in quick resolutions of high priority issues across business units. Help prioritize, strategic coordination and collaborate throughout the agency, staff and third-party entities.
• Led Program Delivery to convert, Eligibility Platform across MMIS (Medicaid Management Information Systems), Medicare, Child Support, State’s Eligibility Portal, Internal Case Worker Eligibility Enterprise Platform, Provider Enterprise Portal, Purchase of Care, Reporting, Enterprise Services and integration across State Agencies like DOJ, DMV plus federal agencies CMS, IRS, SSA and FDA
• Worked directly with management (CIO, Directory of Technology (DHSS)) for Confidential, State’s business unit managers, application team, training team and centers, remote office workers, state workers, infrastructure teams and security team to document gaps, analysis, review architecture blue prints, assess quality and design across multi-vendor platform integration products.
• Participated in drawing up product launch strategies and deployment timelines for Medicare products.
• Led vendor managed resources and support personnel.
• Consulted upon and drove hardware, software and support service level agreements with Vendors and Partners.
• Participated in developing budget, cost reduction, software automation, product optimization and marketing across divisions.
• Helped develop program budget and manage expenses across business units for Delaware Health and Social Services to increase productivity and reduce support costs throughout the implementation.
• Strong Insurance and healthcare domain knowledge who drove enterprise Solutions with Blue Cross Philadelphia, Horizon Blue Cross New Jersey and P&C Insurance providers (Liberty Mutual & NJM) using ETL tools and Data Warehouse platforms models using Informatica, Guidewire, Corticon, MCI, Oracle, .Net SQL Server, SalesForce On-Prem/Cloud, SharePoint On-Prem/Cloud and Custom CRM platforms.
• Sound knowledge with Mobile Device Management (MDM) as well as performing security assessment and testing for client facing mobile applications and its infrastructure backbone for Citigroup and Confidential among others
• At Citigroup, he worked hand in hand with team members to combine 17 client facing applications into a secure mobile delivery product to assist sales and marketing group deployed in Confidential Group’s Internal Cloud Computing Platform for iOS and Android
• Well versed in conducting security gap analysis, developing and implementing security procedures, policies, standards and plan of action and milestones in accordance with corporate policies
• Adept at designing and integrating security solutions to mitigate corporate, cyber and traditional security risks

TECHNICAL SKILLS

Development Lifecycle Methodologies: RAD ~ Agile/Scrum ~ Waterfall ~ Extreme Programming ~ DevOps

Software: Oracle ~ SQL Server ~ UNIX ~ LINUX ~ .NET ~ JAVASCRIPT ~ HTML5 ~ SENCHA EXTJS - Microsoft Azure Cloud ~ AWS (Amazon Cloud Web Services)

Platforms: Windows .NET (9x / NT / 2000 / XP / 10) Tibco, Citrix, Oracle IAM, Oracle DB 11g/12c, HP ArcSite (SIEM), BizTalk, Red Hat Linux, Sun Microsystems UNIX, Microsoft SQL Server 2003/ 2005 / 2008 /2010 / 2012 , Apache Web Server, WebLogic Server, Dell Blade Servers, EMC Storage, BMC BladeLogic (Remedy, Discovery, Atrium), HP Asset Manager, Tom Cat, IBM AS400 / IBM RS600 Servers, IBM Mainframe

Mobile, Cloud and Open Source: Microsoft Azure Cloud Computing, AWS (Amazon Cloud Web Services), Sencha EXTJS, AngularJS, Xcode, Apple iOS SDK, Android, HTML 5, Blackberry, Drupal, Joomla, Magento e-Commerce, Silverstripe, PHP, m-Commerce, e-Commerce, Jquery, No SQL, Objective C, Java, SQL Lite, LAMP Stack, PHP, PERL, Zen Cart, PayPal, PCI, PCI-DSS, PCA-DSS, Credit Card Authorization, First Data, Entrust

Tools: & Software: Oracle dB 7.x / 8i / 10g / 11g, Microsoft Project, Lotus Notes, Peachtree, Dreamweaver, Fireworks Studio, Rational Suite (Rational Rose, Robot, Unified Process), POS Systems, Microsoft POS, TIBCO Business Works (BW), iProcess Engine (BPM Tool), TIBCO Business Studio, TIBCO General Interface (GI), BEPL, Oracle SCM, Oracle IO Optimization, Oracle ASCP, Oracle ERP, Oracle e-business suite, Oracle Access Management Suite (Oracle IAM), Oracle Fusion HCM Approval and Workflow Management, Guidewire & other P&C, Health Insurance Products by Prudential, Aperture Vista SP2, WCF, RIA Services, WPF, C#, Silverlight 4, XAML, SOAP, WSDL, .NET Framework 3.5 / 4.0 /4.5, SQL Server v1.0-v12.0, Sybase DB, MongoDB, Hadoop, Advent Geneva, Koger NTAS, Hyland OnBase, ASG Mobius, Sage Saleslogix, Documentum Archival & Workflow, Crystal Reporting, Crystal 10 & BOXI, SSRS Reporting, CA SiteMinder, CA Identity Manager (IAM), CA Scheduler Job Management- IBM Main Frame Centric, Atlassian JIRA, Confluence, Telelogic Doors, Mercury Quality Center (QA, SCRs, RCRs), Struts MVC, Sybase, IBM DB2, IBM Websphere, IBM Commerce, IBM AS400/RS600, IBM Mainframe, IBM AppScan/Security, HP Fortify, HP WebInspect, Kerberos (Client-Server Auth.), Microfocus, CyberArk, Fortinet, Qualys, OpenIdb, Cryptography/Key Management Tools, Two - Factor Authentication (Symantec), C/C++, Developer/2000, Visual Studio 2008, BMC Remedy ITSM, BMC Reflection X, Microsoft.NET, .NET Web Services, BizTalk Web Services Framework,, JSP, ASP, Java, EJB, JavaScript, HTML, XML, XSL, PERL, CRM / CRM Tools, Interwoven, Vignette Portal, J2EE v1.2-v7, Cold Fusion, UNIX Scripting, Site Minder, EJB Custom Workflow, (Telecom Applications Billing, CRM Network, ERP, IS&S, IVR and the CCA desktop), VMware, TCP/IP, Networking, SAN, LAN, NAS

Standards/Frameworks: Software Development Life Cycle (SDLC), Agile Software Development / SCRUM, Rational Unified Process (RUP), Extreme Programming (XP), Rapid Application Development (RAD), Software Configuration Management (SCM), UML Standards (OOD, OOA, OOBM, DM), Capability Maturity Model Integration (CMMI), Service Oriented Architecture (SOA), EA (Enterprise Architecture Standards) by TOGAF, Zachman, Data Warehouse, Data Integration & Reports

Security Domain / Regulations and Standards: Standards & Regulations HIPAA, ISO 27000, NIST 800-53, SSA, IRS, CMS, Penetration testing (Tenable Nessus Network Security Scan); IBM Security AppScan, Physical (Building) Security Assessment, User Access to Physical Security Assessment, ISO 27002, COBIT, ITIL; PCI, HIPAA, GLBA, SOX and compliance assessments; Security response and forensic services; Web application assessments; Security architecture and design; Security program development (CISO/CSO background a plus); Security awareness program and training; Systems administration (UNIX/Windows/network devices); Desktop Security and Monitoring Services, Network architecture design; Security device implementation (i.e., firewalls, IDS/IPS/ IdM, DLP, encryption, PKO, etc.); Security code reviews and Risk management experience.

PROFESSIONAL EXPERIENCE

Sr. Information Security SME Executive Consultant & Architect

Responsibilities:

• Lead the security governance for the client organization. Create new and/or update corporate security standards.
• Lead, analyze and develop risk analysis and standards for Cloud apps and On-Prem based apps.
• Lead security steering meeting agenda and help set and prioritize security containment plans.
• Lead security enforcement across practice for end clients to mitigate security breaches.
• Lead forensics plan of action against the threat and systems under siege.
• Create a reconnaissance and mitigation plan of action across, AD (Active Directory), endpoint security, systems, network and mail infrastructure systems
• Gather and analyze IAM, PAM security requirements, identify gaps in security architecture and recommend best practice processes and solutions in large and complex enterprises
• Help research tactical solutions, latest and greatest security tools and technologies
• Help develop best practices defined by Vendor, Regulatory, Compliance and Corporate policies
• Help develop the operational, support documents, security guidelines and DR planning

Confidential, Charlotte, NC

Sr. Information Security SME Executive & Enterprise Solutions Architect Consultant

Responsibilities:

• Led information security program delivery and enterprise conceptual and solutions design architecture for the organization from ground up to facilitate entire cloud-based platform implementation across multi-vendor system integration.
• Single handedly created GRC using IBM OpenPages (Governance, Risk, Control and POA) guiding security audit principles and standards for the organization.
• Help implement SaaS Vendors solutions over cloud platforms - AWS, AZURE, SAS, SAAS, MSP across cloud technology on multi-vendor platform technologies ranging from SAP HANA, SAP FS/RI, Salesforce Lightning Cloud, Skype for Business Cloud, Birst Analytics with SAP EIP/EDIP service layer with conversion from Oracle EBS Financials/ERP/HCM and securing cloud implementation over IBM CIS ISIM (RBAC), ServiceNow Cloud (ITIL Service, IT Operations, Security Operations, Asset Manager, Analytics and GRC (Governance, Risk & Compliance ), Fortinet, Nagios and SolarWinds. Help solution entire telephony systems delivery via Azure and MSP Cloud.

Confidential, Lansdale, PA

Sr. Information Security SME Executive & Enterprise Solutions Architect

Responsibilities:

• Led enterprise software automation for a 3PL Logistics Transportation Company and paperless conversion of legacy desktop .NET forms application to full scale Azure Cloud Computing Digital Paperless Payment and Tracking Platform implementation on B2B, B2C and V2C facing website with over 100k+ visitors in 1st year.
• Supported the Information Technology Security, Cyber Security Risk Management for 3PL logistics cloud technology by understanding emerging cyber security threats, vulnerabilities and control techniques to direct security policies and define IT security architecture based on different client applications on Azure Platform and its infrastructure backbone support
• Led Azure web service security solution integration for partners and providers
• Led security solutions for (PII) related big custom data repository (mainframe db2), transactional batch post and exchange (ETL) and cross-site data exchange with national carriers, clients, partners and vendors.
• Enhancement of data privacy programs
• Privacy impact and gap assessments
• Data inventories and data flows (contract and sensitive transportation data)
• Privacy and Corporate Security Standards & Rules
• Helped design RBAC security solution for module access (Employee, Client, Vendor, Carriers)
• Creation of privacy incident response plans based on ITIL processes and SIEM architecture rules
• Review of third-party data exchange/ international agreements with North American Transportation Carriers and Clients across North America
• Cross-border data transfer issues, including Model Contracts and Privacy Shield
• Investigations and investigatory responses to data privacy and security incidents with regulatory agencies.
• Project work pertaining to compliance and reputational risk mitigation, emphasizing US and international Privacy, Data Protection and Information laws and understanding the privacy risks
• Understanding of emerging technologies, such as cloud, Internet of Things (IoT) and advanced analytics
• Enterprise Architect on selecting digital web & mobile platform (.Net with HTML5, Xamarin Mobile Platform), designing solutions and integrating paperless solutions using .Net Framework with SQL Server, XML, JavaScript, Custom SOA, DocuSign, SalesForce.com Cloud and SharePoint Cloud integration in Azure Cloud Computing Environment
• Led and collaborated with global development teams to assist with deployment, integration, solution of web services for quotation, booking and delivery of transportation nationally across national freight lines.
• Helped integrate 3rd party paperless invoice, billing and payment solutions for vendors looking to help clients ship and pay on-site using retail POS solution (equipped with EMV - Europay) Chip Systems and Apple/Android contactless payment methods.
• Led and helped support PCI DSS security assessment and standards in collaboration with Vendors based on the PCI Security Standard Guidelines Assisted with 3rd party certification process, including attestations, documentation and penetration testing.
• Help implement security and (P2PE) point to point encryption tools needed to deploy EMV services as per recommendation by Square Trade Payment Systems Gateway. Used 256-bit web-service authentication and certification issued by Entrust Certification Authority.
• Assisted with setup, install, co-ordination and solution of IT services across various development teams, infrastructure and security teams, vendors and business leaders to ensure successful delivery of the program.
• Assisted with setup of training and test environments.

Confidential, DE

Sr. Information Security SME Executive Consultant

Responsibilities:

• Supported the Information Technology Security, Cyber Security Risk Management for the Department by understanding emerging security threats, vulnerabilities and control techniques to direct security policies and define IT security architecture based on Federal NIST Guideline Publication 800-53 for different client applications including for Android and iOS platform and its infrastructure backbone support
• Supported multi-million-dollar Infrastructure systems security and citizen’s eligibility financial software automation projects for State of Delaware Health and Social Services department to increase productivity and reduce support costs.
• Worked with teams for the State of Delaware overseeing $212 million Eligibility Modernization Program Project to convert IBM mainframe Medicaid Eligibility System to client server in order to meet Affordable Care Act (ACA) Federal Mandate. Participated to solution Physical (hardware) and Logical (software) Environment Architecture and Implementation across multiple data centers.
• Enterprise Architect for the Department with primary sign-off responsibility for all blueprints, design, and implementation across security, infrastructure, application, web services, risk and compliance.
• Senior member of Change Advisory Board (ITIL Process Improvements) and PMO Governance team.
• Advised and collaborated with CMS and State on development of business continuity and disaster recovery plans, audit, and compliance standards based on Federal NIST 800-53 Guideline.
• Single handedly help implement Oracle Identity and Access Management Solution for the Department.
• Single handedly created, framed, and managed IT security policies, compliance, risk and procedures for Cyber, Enterprise Systems, Building Structures, User Access and Applications based on NIST 800-XX guidelines.
• Single handedly completed DHSS’s security assessment and certification required by CMS for business continuity and Federal HIPAA guidelines to service all the citizens for the State of Delaware.
• Led State’s Data Centers and Private/Public (Azure & AWS) Cloud Infrastructure systems security solutions architecture supporting IAAS and PAAS to internal and external business partners which included CMS, IRS, SSA and community partners provided eligibility services to the citizens.
• Led Azure & AWS web service security solution integration for partners and providers with State’s XML service gateway
• Led security solutions for (PII, PCI, PHI) related big data repository (MCI), transactional batch post and exchange (ETL) and cross-site data exchange with federal and internal agencies, partners and vendors.
• Helped Architect, Lead and Solution State’s Security and SIEM platform using Oracle Identity Access Management Suite (IAM) Security Product and help with solution and integration of HP Arc Site for SIEM (security information event management).
• Created Information Security Risk Assessment documentation and certification for CMS (Centers for Medicare and Medicaid Services), IRS.Gov, FDA.Gov and SSA.GOV.
• Helped solution, architect and test security guidelines for department’s first AngularJS Mobile Website (Purchase of Care) (iOS/Android) - for State’s Care Provider Agencies to enter child’s daily attendance and manage business profile using self-service login and authentication provided by Oracle Identity Manager(OIM).
• Created and Assessed Independent Security Risk Assessment Portfolio for the State of Delaware and Certified State as an independent assessor to meet Federal NIST Guideline Publication 800-53.
• Created Plan of Action and Milestone Process Guide Matrix for CMS (POA&M) to address mid to high level Security Risks as required by CMS under Federal NIST 800-53 Guidelines.
• Independently certified web services and data exchange guidelines put forth by Cyber Security guidelines and standards from CMS, IRS, SSA and other federal agencies for Delaware State Citizen Medicaid and Medicare Eligibility Services using ASSIST.
• Managed State’s application BizTalk Services using Security Guidelines by CMS to allow internal and external agencies and partners to use XML Appliance Gateway to call State’s Internal Medicaid/Medicare Eligibility Web Services.
• Worked with DTI (Department of Technology) XML Firewall Team to solution and implement Confidential external web service policies.
• Partnered with Vendor to Solution the conversion of User and Application Request from Paper and Pencil to Online request form by automating creation of user and their application request using Oracle’s Identity Manager Approval Request and Provisioning Application (RBAC) part of Oracle Fusion Middleware Software Suite. New User Account created in Microsoft AD (Authoritative Directory Store for the State of Delaware)
• Led quality assurance and helped set up test labs across the State of Delaware for Workers to get familiarize and educate on using Eligibility Software.
• Led vendor managed solutions from Microsoft Product Book (ASP.NET 3.5/4.0 Framework, SQL Server, SSIS Packages, BizTalk Services), Oracle Security Product Suite (OIM, OAM, OAAM, Oracle DB), Dollar Univer$e (Batch Scheduler), HP Arc Site (SIEM), IBM APPSCAN, Oracle Middleware Fusion Suite (Identity Approval and Request Provisioning), Oracle OEG Web Gate (Oracle Enterprise Gateway) and more.
• Responsible for timely and accurate review of vendor solutions through architectural blueprints, road maps, standards, and guiding principles that aligned with SOA, TOGAF and ITIL. Led vendor managed resources and support personnel.
• Led vendor managed resources and support personnel.
• Achieved over 50% increase in productivity and support costs across infrastructure systems/application product portfolio.

Confidential, Philadelphia, pa

Global PMO & Sr. Enterprise Architect

Responsibilities:

• Led ICD-10 govt healthcare reform mandate technical implementation from solutions architecture and delivery across enterprise system applications.
• Own the overall execution and delivery process.
• Led the overall information systems solution implementation using holistic approach for ICD-10 program across overall enterprise applications like Trizetto Facets, Healthcare Provider and Payer Portal, Billing & systems portfolios
• Drove ICD-10 changes to Provider Portal where Eligibility & Benefits, Claims, Code Inquires, Referral, Authorization request, Electronic Payments, Admission and Pre-Drug Auth. Requests were processed.
• Drive architecture systems and application solutions thru Enterprise Architects, Development Team, Business/Technical SMEs and Technical Managers
• Direct reports Technical Managers, Developers and Architects approx. 25 people
• Provide key Infrastructure and systems solutions to MDs, PMO/PMs and ISD Management.

Confidential, Jersey City, NJ

Senior Financial Applications Security Expert Executive

Responsibilities:

• Cyber & Mobile Security - financial APPS, cloud hosted apps. risk, security and consolidation solutions)
• Helped to combine 17 client facings application in to a secure mobile delivery product platform integrated with big data analytics product repository to assist sales and marketing groups deployed in Confidential Group’s Internal Cloud Computing Platform for iOS and Android
• Responsible for middle office applications automation projects & teams to increase productivity, depth and harmonization across financial application security standards & development, cyber security operations, identify and access management, business risk and intelligence, solutions architecture for marketing and sales platforms while insuring Information Security is adequately represented across the line of business.
• Direct Responsibility of application and web service security standards to deliver secure ETL operational data to client. Worked with application and project teams to secure applications platforms and improve business continuity processes for security events using Confidential Groups Architecture Standards based on TOGAF implementation standards & Zachman architecture blueprint defining organization vision
• Worked with project team on Cyber Security Best Practices across on-premises hosted applications and Microsoft Private Cloud Hosted Applications (Azure Cloud).
• Led the project as Cyber Security Architect, Enterprise Solutions Architect, Sr. Development Group Manager, Technical PMO, Business Intelligence Solutions and Operations Executive for over 17 middle office applications.
• Senior member of Change Advisory Board (ITIL Process Improvements) and PMO Governance team.
• Planned automation projects to assist high profile clients to leverage middle office operations that include ETL processes, database integration/consolidation, third party business utilities and software applications integrated across the platform and operations delivery.
• Collaborated with global development teams, architects (Java, JavaScript, JMS Messaging, PHP, PERL, Python (LAMP Stack), SAP Business Objects, Hadoop distributed platform, .NET, IBM WebSphere, MQ Messaging for Security Execution & Recon Notification, third party financial integrated tools for reporting: (business objects, micro strategy and more) on securing assets and data protection, business intelligence solutions and assist senior leadership to create strategic product portfolio planning and roadmap.

Confidential, New York, NY

Senior Security Consultant Executive

Responsibilities:

• Oversaw global development and support engineering teams to lead security, risk and compliance planning, security optimization and controls in data center, data center conversions and data center consolidation
• Defined and engineered security product architecture and solutions using HP Arc Site, IAM Access Management, Authentication, Provisioning, Cyber and Information security regulatory requirements.
• Led the program to comply with AML, Compliance, AFF and DFS504 (Transaction Monitoring)
• Responsible for design and development of security application product framework in Private Cloud Services (PCS) to be used by global data center engineers as SaaS (software as a service) for asset management on Android based Mobile Product delivery model.
• Senior member of Change Advisory Board (ITIL Process Improvements), TOGAF Standards and PMO Governance team.
• Helped stabilize and execute Private Cloud Infrastructure (IaaS) provisioning process to assist application development groups to configure Platform as service (Paas) & (Saas) product platforms in Virtual Private Cloud. Approx. 6-8k VM’s / month creation.
• Helped secure, re-engineer and rescue the BEPL (Tibco Platform) & ETL Operation Solution, deployed application product framework in a private virtualized - cloud centric environment.
• Responsible for design and development of security application product framework in Private Cloud Services (PCS) used by global data center engineers as SaaS (software as a service) for asset management on Android based Mobile Product delivery model.
• Selected by Director to lead and manage numerous country specific local and regional initiatives to drive innovation. Lead global teams - development, service integrations, provisioning managers, and systems builders.
• Instrumental member of PMO enabling strategic planning and execution of critical initiatives focused on infrastructure security, applications access and authentication, technology enhancements, risk planning and mitigation, product compliance and improvements, adoption, and EOL software & hardware upgrades.
• Worked with PMO governance team and Infrastructure security team members to define the DMZ (De-militarized zone) server access architecture for development teams, vendors and contractors.
• Developed and executed disaster recovery plans, negotiated maintenance contracts and product enhancement RFC with vendors.
• Partnered with senior technology leadership, including C-Level Executives, Directors and MDR’s, to define long-term product objectives across the complete organization, negotiated, planned project financials and product resource levels to mitigate risks to overall delivery model.
• Boosted system stability via normalized security solutions and guidelines, from 80% to 99.99% within the first 8 weeks through vital workflow enhancements.
• Led efforts to achieve platform adoption across multiple data provisioning centers globally; improved adoption confidence from 50% to 80% resulting in 50% increase in project funding.

Confidential, Oaks, PA

Sr. Software & Risk Development Consultant

Responsibilities:

• Held full responsibility for managing internal and external hedge fund portal (.com project) middle/back-office platform (enterprise application framework, user security access control, platform security and compliance) comprised of processing 6-8 billion dollars’ worth of investments portfolios (hedge funds, fund of funds, private equity, fund portfolio accounting), data collection, back-office operations workflow, investor services and data distribution components across global data centers.
• Motivated and mentored on- and off-shore team (US, India & Ireland) of architects, developers, and project resources for multiple large-scale projects with a strong focus on exceeding client expectations.
• Worked with infrastructure group and information systems security personnel to prioritize the growing needs and threats to the distribution of the information.
• Led and partnered with sys admin to solution, design, develop and implement CA SiteMinder- IAM (identity and access management) solution for the entire product platform.
• Led and partnered with sys admin to solution, design, develop and implement IAM (identity and access management) solution for the entire product platform.
• Led the security policies, guild lines, access controls and standards for the product platform.
• Led, developed and executed yearly business continuity and disaster recovery plans for the platform.
• Responsible for Data Hardening, Penetration Tests, Risk Assessment, Firewall and Application Code Security.
• Assessed cyber and information security risks and mitigated security controls through auditing and tracking
• Led, mentored, and recruited top talent. Supervised and trained global development, quality assurance and performance, business process outsourcing teams.
• Responsible for complete platform access control to drive the infrastructure and information security, risk, compliance policies and procedures.
• Created uni-direction flow of data with access only to services within the platform to adhere to strict information flow in and out of the financial platform to comply with ISSP (information systems security standards), SAS 70 compliance and SOX auditing principles.
• Created homegrown financial security audit engine within the platform to monitor all the activities of the user within the modules. Dual security access control administered by application and CA SiteMinder single sign-on.
• Led security reviews, audits with corporate security and executive management. Also helped executive management drive privacy, information security policies and procedures concern throughout the org.
• Responsible for creating and reviewing ADM, ITIL and Zachman architecture standards which can adhere to strict Federal, SEC, SOX and AICPA guidelines.
• Solution application/component architecture design, help implement platform and application security processes and guidelines, documenting requirements and business logic.
• Created scalable SaaS (software as a service) Model delivery over the internet for financial reporting to service 159 clients worldwide.
• Delivered custom enterprise content management system (CMS) using combination of custom SEI and Struts Framework to organize documents, financial customer data and investor/investment portfolio trades which achieved streamline access, maintained data integrity and optimized delivery; thereby achieving enterprise level security and compliance governance.
• Delivered high volume enterprise financial data delivery mechanisms for client delivery to: mobile blackberry platform, secure ftp (FIX Protocol Standard to transfer Order Execution Reports & Allocation), email, on demand/scheduled batch processes, extracts, flat files, data dumps and more.
• Conceptualized process automation and application platform enhancements resulting in improved service delivery, record client satisfaction, faster report / data delivery, state of the security and risk compliance, 30-40% cost savings, and elimination of 100+ labor hours ($5M+ annually) across multiple business units.