SUMMARY

• Close to 9 years of experience in Information Technology with key focus on Business Analysis in Information Security Domain.
• Have good experience in Gathering and Analyzing client’s requirements in Information Security domain, especially in Identity and Access Management domain: Identity Management, User Provisioning, Identity Lifecycle Management, Self Service Management, Access Request Management, Policies and Procedures, Auditing, Reporting, Access Governance and Recertification, Privileged Access Management, Workflows, Role Management, Entitlements management and Compliance & Reporting. Expertise also includes security streams such as Authentication & Authorization, Vulnerability Assessment and Remediation Coordination, Infrastructure Security including Security Incident Monitoring and Threat Intelligence.
• Experience in gathering requirements using standard techniques including workshops, stakeholder interviews, questionnaires, existing process documents etc.
• Proactively interact and collaborate with stakeholders to analyze business needs and deliver Business Requirements Document
• Liaison with stakeholders throughout the SDLC process and act as a single points of contact between development and business
• Good Experience in analyzing functional and non - functional requirements and creation of use cases, business scenarios
• Good Experience in Responsibility Matrices like RACI, RASCI Models
• Identification of Key Risks in project and arriving at key mitigation strategies to address the same by doing root cause analysis.
• Create high level process flow, workflow, use case diagrams using Microsoft Visio
• Understanding the existing Access Governance process, Privileged access accounts and their workflow and create access policy documentation
• Good Experience in Banking Domain and Technology, regulatory and compliance needs such as PCI DSS, SOX etc.
• Acted as the main liaison between Development Team and Client Business/Application Team during various phases of Development Life Cycle
• Prepared Entitlements Specification for Application Onboarding, Application Status Tracker, Defect Tracker, and Requirement Traceability Matrix for Access Governance Requirements.
• Strong understanding of SDLC methodologies, IT infrastructure access control mechanisms
• Experience in analyzing Identity and Access Management Products and recommending best fit solution based on client’s business needs
• Good understanding of identity and access management components and modules such as entitlement management, user self-service management, user provisioning, password management etc.
• Identity and Access Management related use case creation and analysis
• Good understanding of ITIL concepts and incident management processes
• Aligning requirements and best practices to the security needs of the organization
• Basic Knowledge in IT infrastructure security areas such as Security Incident and Event Monitoring, Log Monitoring, Threat Management and Reporting
• Possess good communication skills and have worked in fast-paced environment for multinational clients
• Possess good capabilities in problem solving, team building skills and ability to learn
• Knowledge in platforms such as Windows, UNIX, Middleware, Databases etc.

PROFESSIONAL EXPERIENCE

Senior Business Analyst

Confidential

Responsibilities:

• Gathered business requirements from client stakeholders: Business SMEs, Application Analysts, Risk Management team by conducting workshops, whiteboard sessions, questionnaires and converted it into technical requirements
• Acted as the main liaison between Development team and Business team and ensured the technical solution match the business/functional requirements
• Performed requirements analysis and converted them into multiple use cases in form of application onboarding questionnaire
• Created onboarding templates for applications based on the SailPoint connectors: AD, Flat File, JDBC, SalesForce, Custom Connectors (Robotic Process Automation (RPA) Based Framework)
• Onboarding Templates Covered: Application Type, Application Owner, Data Owner, User details, Stored Procedures/API details, Application Schema, Entitlements requested, Risk Rating, Aggregation, Certification Requirements, Workflow Approvals, Approval Workgroups, SOD Requirements, Approval Policy, Provisioning Policy, Application Roles to Entitlements Mapping, Password Policy Requirements etc.,
• Prepared, validated and delivered business requirements document, use case document, functional specification document
• Conducted sessions with the Service integration team to transfer the technical requirements using whiteboard sessions, demos, KT sessions
• Created application onboarding roadmaps, application integration trackers periodically and reported to Senior management
• Prepared Requirements Traceability Matrix, UAT Test Cases
• Coordinated UAT Process and conducted demos to the business owners and application owners on implemented solutions
• Prepared metrics and dashboard to management on application onboarding progress, impediments tracker and mitigation strategies
• Prepared and presented post production issue tracker and daily management dashboards for Business Risk Office
• Performed initial analysis of post-production issues and provided root cause analysis to the Level 3 support personnel

Senior Consultant Business Analyst

Responsibilities:

• Conducted multiple workshops to gather current role management processes, business layers, job functions, application entitlements, AD groups created
• Validated requirements with the key stakeholders from Business and InfoSec team
• Created Role engineering processes for Business Role and Application Role
• Involved in creation of Business Roles for various Line of businesses
• Defined Standards, Guidelines, Processes and Procedures for Role Management
• Created Role Governance Council charter
• Created processes, workflows for Role Lifecycle Management, Role Recertification, Access Request workflow
• Defined entitlement matrix template with procedure for creating entitlement matrix
• Created entitlement matrix by adapting CRUD framework
• Defined business to application role mapping
• Delivered Role Management Framework for managing user access request based on roles

Business Analyst

Confidential

Responsibilities:

• Conduct multiple requirement gathering workshops with client stakeholders - SMEs, Application owners, Architect and gather business and technical requirements
• Analyze gathered requirements and convert them into Use Case Document, Business process document
• Conduct multiple requirements validation sessions with the SMEs and Architects and validate captured requirements
• Create Requirements Specification document and Use Case document for Identity Management need for below Modules.
• User Management - Joiners, Movers, Leavers scenario
• User Provisioning and Deprovisioning
• Password Management
• Registration
• Password Policies
• User Self Service
• Application Access Request Framework
• Access Request Forms and Custom Work Flows
• Service Desk View and Administration of User
• Identity Data Migration
• Third Party Management - Groups and Custom Workflows
• User Onboarding Automation
• Termination Process Definition
• Delegated Administration and Segregation of Duties (SoD)
• Policy Management
• Mobile Application
• Create AS IS and TO BE process diagrams for scenarios such as Create, Modify, Delete using Microsoft Visio
• Defined process for Third Party Organization Management and Delegated administration
• Requirements Traceability Matrix, UAT Test Case Preparation and co-ordinate in UAT Process
• Gathered requirements specific to access request form
• Acted as the main liaison between Development Team and Client Business Team during Requirements Gathering phase
• Organization Change Management and Training Needs
• Work with client in understanding Change management requirements and prepare communication plan and training plan
• Work with stakeholders in understanding training needs and audience catering to various business units
• Prepare Training Materials using tools such as Camtasia, uPeform
• Prepare Instructor led Training Presentation, eLearning Courses, Learning Videos for core functions of Identity Management
• Co-ordinate training activities and ensure availability of training environment

Business Analyst

Responsibilities:

• Requirements Gathering and Prioritizing Application Onboarding Requests based on their criticality and complexity
• Discuss with stakeholders on Application Criticality and gather details required for Application onboarding
• Creation of Entitlements Specification and getting sign off from the Application owners and initiating application onboarding
• Gather functional requirements and creation of use cases around Identity and access governance
• Workflow for Access Request Approvals
• SoD Policy Definition based on roles and Privileged accounts
• Identify, prioritize and respond to toxic combination of system entitlements
• Creation of use cases around privileged access management
• Defined Business process for auditing of privileged accounts and session
• Manage CAIR (Task, Defect Logging Tool) and track the items created by Adoption team and Onsite BAs for Application Onboarding, Defects, Enhancements/Change Request
• Track the applications that come for Onboarding and update the status of same on a daily basis
• Acted as the main liaison between Development Team and Client Business/Application Team during various phases of Development Life Cycle
• Communicate the queries raised by offshore development team via CAIR and facilitate a response to continue the Onboarding process
• Track the defects posted by Adoption Team post deployment in DEV, QA and UAT until its closure
• Coordinate bi-weekly calls with the Customer
• To discuss on the application onboarding progress
• Any open items that needs clarification
• Communicate with client Business team in case of any clarification required on Onboarding process
• Preparation of Requirements Traceability Matrix (RTM) for each phase
• Manage Application Onboarding status tracker, Defect Tracker, Review Efficiency Trend Analysis