We provide IT Staff Augmentation Services!

Sr. Business Analyst/security Analyst Resume

Chicago, IL


Excellent analytical and logical skills with 8 years’ experience in Banking, Financial services, Information security, and E - Commerce industry with emphasis in Project Manager, Product Owner, Business Analyst, Business System Analyst, Information Security Analyst, Requirement Management, Business Process Analysis, Modeling and Change Management in variety of SDLC methodologies. Analytical and astute problem solver with commendable comprehension skills that have expedited with adaption to new environments.


  • Agile- SCRUM
  • Bank Secrecy Act
  • Business Analysis documentation (Opportunity Assessment, Proof of Concept, Forecasting, Detailed requirements specification, HLRD, LRD, BRD, SRS, FRD, ISO, RTM, RACI, OCM, Lessons learned)
  • CCPA
  • Data Analysis
  • Data Profiling
  • DLP
  • GAP Analysis (As-is and To-be)
  • Identity Life-cycle management
  • Incident Response and handling
  • Intrusion systems
  • Kubernetes
  • Network Security
  • NIST SP 800-53, 181, 190, 210
  • Payment Card Information Data Security Standard (PCI DSS)
  • Performance Management
  • Python
  • Return of Investment (ROI)
  • SAFe 4.0
  • SQL
  • SSO
  • Strategic Planning & Forecasting
  • Acceptance criteria
  • Anti-Money Laundering
  • Architecture design document
  • Cloud control framework (CCM)
  • Conditional Access Policies
  • DevSecOps/DevOps
  • Email Security
  • Estimation techniques (Planning poker, T- shirt sizing)
  • Firewalls and data encryption
  • Confidential Investigation
  • GDPR
  • Impact analysis
  • Information Security
  • Intrusion detection systems
  • ISO 27001
  • Prioritization techniques (MoSCoW and Kano)
  • Product Backlog
  • Risk Assessment
  • Risk Management
  • Sprint Backlog
  • Suspicious activity reporting (SAR)
  • Technical Documentation
  • UML Modelling
  • User stories (INVEST)
  • Vendor security assessment
  • Vulnerability Assessment
  • XML
  • Active Directory
  • API
  • Business Development
  • Change Management
  • CI/CD
  • Cost-Benefit Analysis
  • Data Warehousing
  • DLP
  • Privileged Identity Management (PIM)
  • Identity and Access Management
  • JSON
  • Multi-factor Authentication
  • OAuth
  • O365 Migration
  • Pivot Tables
  • Problem Resolution
  • Product release chart
  • Requirements Gathering
  • Shadow IT
  • Security Information Event Management (SIEM)
  • SOC 2 (SAAS)
  • Sprint Velocity (Burn-down, Burn-up chart)
  • Training & Development
  • Waterfall
  • Web services/SOA (REST & SOAP)


Project Management: MS Project, JIRA ALM, Rally, TFS, Clarity

Modelling Tools: MS Visio, Balsamic, Axure RP

Security Tools: FireEye EX, Cisco IronPort, Carbon Black, Phantom Security, Proofpoint, CyberArk IAM, Azure Active Directory PIM, Azure MFA, Imperva CounterBreach, Splunk, RSA Archer GRC, Proofpoint DLP, Qualys vulnerability management

AML & Confidential monitoring Tools: NICE Actimize, NetReveal, Oracle Mantas, Safe Banking Systems (SBS), Bridger XG

Repository Tools: MS SharePoint Server, TFS, Confluence

Testing Tools/ Defect Tracking Tool: HP QC/ALM, HPUFT, Selenium, Bugzilla, TFS, HP Load Runner, Cucumber, Jenkins, Bamboo, Junit, Postman Plugin, Swagger, SOAPUI

Database: MS SSMS, IBM DB2, MySQL, Oracle DB, Netezza

Big Data Analytics: Apache Sqoop, Flume, Kafka, Storm, HBase, HDFS, Hive, Pig, Atlas, Splunk, Netezza (IDP)

Reporting & Analytics Tools: MS Excel, Tableau, SAS, IBM Cognos

Languages: HTML, XML, SQL /HQL, Python, Java


Sr. Business Analyst/Security Analyst

Confidential, Chicago, IL


  • Work with project teams to communicate Business needs and requirements with respect to data acquisition, quality, and availability.
  • Played an integral part during the PI planning to assist the team in resolving the interdependencies and Defining SOW
  • Assisted the PO in Prioritization, grooming and maintaining the Product Backlog by using the prioritization techniques such as MoScoW and Kano
  • Efficient is writing User stories and assisted the team with writing Acceptance Criteria by ensuring DOR (Definition of Ready)
  • Kept track of team status, maintained various dashboard, calculated metric report and to write User story through Jira and used Confluence as a repository for business related requirements
  • Planned actions and adapted them to the plans of the other teams by regular status updates on interdependencies and impacts on ongoing projects and took voluntary initiatives in Community of practice
  • Gathered requirements using elicitation techniques like Contextual Inquiry, Interface Analysis, Focused Group study, One-on-One interviews with SME's and Brainstorming
  • Gathered security requirements to parse data through Splunk to RSA Archer GRC platform for performing data protection impact assessments and tracking regulatory and data breach communications of cyber-attacks.
  • For Windows Active Directory, implemented Authentication and Authorization to applications, file services, printers, and other on-premises resources that uses protocols such as Kerberos and NTLM for authentication and LDAP to modify and query items in the Active Directory Databases.
  • Implemented User groups on Azure AD for Office 365 cloud services and Saleforce.com with various authentication (SAML 2.0, OAuth 2.0, OpenID Connect, WS-Federation)
  • Captured ingesting PowerShell security related logs (Security, Windows, and transcription) information to Splunk (across all platforms of Windows/Linux servers) to feed into Phantom Security, Carbon Black for monitoring and detection for end users in Security operations center.
  • Captured Messaging and Security Engineering requirements to enable and integrate Proofpoint modules TAP (Targeted attack prevention), TRAP (Threat-Response Auto pull) and CLEAR (Closed loop email analysis and response) for enhancing existing email security.
  • Captured Office 365 requirements from Security and Messaging operations team to migrate from Exchange server 2013.
  • Worked on requirements related to email routing, administrators, or users to configure desktop computers, security and compliance, permissions and cutover domains for migration to Office 365.
  • Worked with SCCM team (Security center configuration manager) for patch management requirements.
  • Worked on ITIL engagements that helped improve our security standards on projects which includes CounterBreach, CyberArk, PowerShell & Proofpoint SAAS.
  • Email securities for capabilities such as Anti-Phishing, Directory Harvest attack prevention (DHAP), Single sign-on (SSO), Email malware sandboxing
  • Sandbox attachment and URL, Advanced threat protection, Centralized quarantine, URL reputation score, Domain Keys Identified Mail (DKIM), Domain based message authentication, reporting and conformance (DMARC), Sender policy framework (SPF), Forged Email detection (FED), Mailbox remediation, URL filtering, Message tracking and reporting, Retrospective file analysis, Password protected/encrypted mail content, File type blocking, integrate with recall messages and Anti-virus/virus outbreak filter.
  • Data migration to Hadoop for end applications NetReveal, Actimize, Oracle Mantas, SBS, Bridger XG
  • Worked on capturing critical credit card information for end user analytics. (ACH, Wire transfer, SWIFT)
  • Created usecases on requirements for PowerShell logging to RSA Archer and Argus
  • Elicited ITIL service operation requirements enforcing on incident management, event management, access management, request fulfillment, problem management.
  • Use of basic Linux/Unix commands to validate IAM access management and server repository LOB’s access rights.
  • Worked on ServiceNow requirements for transitioning our ticketing tool from accelerator portal
  • Collected Splunk requirements for logs to be ingested to Archer for identifying and monitoring security incidents.
  • Password management for many accounts on ESXi and HPiLO accounts and provide ability to connect from CyberArk PSM to HPiLO and ESXi endpoints.
  • Using Proofpoint SAAS and CounterBreach, ensured the vulnerabilities and malicious code were identified and are monitored by following principles of risk management.
  • Driven Vendor Security assessment, Risk Assessment, Security assessment and security engineering assessment on new products.
  • Worked with Architecture review board as part of Infrastructure, Security and Cloud requirements alongside Architecture design document.
  • Worked with Model management and data management on adapting tools like Dataiku and Datameer (analytical tools) on existing data consuming applications to detect irregularities of load.
  • Coordinate with Data Governance team to ensure that metadata Hub is updated with critical data inventories for all data fields, drill down on key/critical data elements that are used within business, baselining the existing rules of data quality with data owners and STO (Senior Technology Officer) when new data acquisition takes place to AxiomSL.
  • Work within the Data Management team to study PCI data quality issues, Analyze the existing feeds of tables/schemas that feeds into consuming application and build business logic to ensure proper controls are in place. Documenting business field name, field name, load time, landing zone and business logic with various LOB’s.
  • Built UML diagrams using MS Visio to create use case diagrams, process mapping diagrams, entity-relationship diagram, activity diagrams, state chart diagrams, sequence diagrams and collaboration diagrams.
  • Worked with OCM to in corporate new changes to end users by providing support guides and end -user training manual.
  • Created wireframes, mockups and protypes for UI/UX developers
  • Analyze user needs and software requirements by coordinating with system architects on design feasibility. Updating SES (Source extract specification) by providing data mapping spreadsheets of source and target fields with physical naming standards, datatypes, volumetric, domain definitions and corporate metadata definitions.
  • Familiarized with Atlassian - Confluence(admin) and JIRA to log project updates, track ongoing gaps and update meeting minutes.

Technologies/Environments: Splunk, Azure Active Directory PIM, Conditional Access Policies, RSA Archer GRC, NIST 800-53, 181, 190, 210, PowerShell, Phantom, Cisco IronPort, CyberArk, IAM, FireEye EX, Carbon black, Imperva CounterBreach, Proofpoint, Carbon Black, NICE Actimize, NetReveal, Oracle Mantas, Bridger XG, Safe Banking Systems, Clarity, Jenkins, Kubernetes, Hadoop, Azure AD, Windows AD, ServiceNow, Netezza, Jira, Confluence, MS SharePoint

Business System Analyst/ Security Analyst

Confidential, Atlanta, GA


  • Played an integral part during the PI planning to assist the team in resolving the interdependencies and Defining SOW
  • Kept track of team status, maintained various dashboard, calculated metric report and to write User story through JIRA and used Confluence as a repository for business related requirements
  • Led focused group meetings with SME's and management to realize SOA and Technical silo’s awareness within the company
  • Monthly obtained essential information from SMEs from Audit team and Data management team regarding compliance issues
  • Researched and Analyzed transactions to detect for money laundering activity by reviewing customer transactions and behavior based on system generated alerts compared them with transactions generating the alert
  • Gathered requirements for digital banking experience for mobile platform (PCI, creating dashboards, Zelle, Bill pay, Card Management)
  • Validated data moved into SAR by comparing it with query output and reconciliation between Oracle Mantas and Norkom to ensure data is transferring without errors
  • Segregated risk scoring level based on Due Diligence level, i.e; CDD, SDD, EDD for KYC Analysts, Unit head, MLRO, AML committee
  • Assisted in transforming and augmenting core operational systems and infrastructure (POS, origination services)
  • Conducted user interviews and RAD sessions through prototyping, workshops or focus groups and early, reiterative user testing of designs
  • Ensured that an upgrade repository was maintained for all servers (Windows/Linux) in the bank
  • Facilitated in the design of business engine by creating business rules in XML format using XMLSpy
  • Provided identity and entitlement management functions for centralized business applications and infrastructure technologies residing on Client's mainframe and distributed network platforms.
  • Completed security access requests in a consistent and thorough manner within stated turnaround time with minimal mistakes.
  • Completed setup, transfer, and termination of security access. IDs are established for Client associates, select subsidiaries, and external contractors on supported applications and systems.
  • Applied research, troubleshooting, problem analysis, and existing knowledge of security and enterprise infrastructure to independently identify and resolve security issues.
  • Identified and presents all possible solutions and recommended a course of action for security requests and issues that require management escalation.
  • Identified and address non-compliance to security policies and standards when processing requests and providing security consulting.
  • Questioning inappropriate or invalid requests regardless of approval granted by an area Security Coordinator or a business owner.
  • Effectively communicated with the requestor and Security Coordinators in a thorough and courteous manner, providing clear security explanation and guidance as needed regardless of the associate's seniority or technical level.
  • Responded to time critical security technology processing with a sense of urgency.
  • Provided after hour (24x7) on call security support on a rotational basis for Client's enterprise network.
  • Completed team projects and participated in enterprise wide projects as assigned.
  • Independently manages the execution and completion of assigned projects of medium to high complexity and wide-ranging scope (e.g. implementation of new enterprise software, significant upgrade of existing software). Project tasks are typically not well defined and require independent research and testing.
  • Provided security administration and knowledge of existing processes and procedures to support project work being completed by senior members of Information Security or IT. These projects could include adding new security technologies, upgrades and enhancements, or sun-setting of existing security technologies and processes.
  • Provided mentoring and training, maintained the Information Security Services training curriculum and resources to ensure they remain in line with an ever-changing environment.
  • Provided emergency or escalated support of security functions for Client associates, select subsidiaries, and external contractors.
  • Effectively diagnosed problems by asking relevant questions and actively listening to the facts communicated. Applied research, problem analysis, and existing knowledge to resolve incidents and consulted with other support teams when necessary.
  • Acted on behalf of the customer to ensure that incidents are resolved as quickly as possible communicating status updates to all customers in a timely manner.
  • Contributed to the integrity and validity of security access for business applications and infrastructure technologies residing on Client's mainframe, distributed network platforms.
  • Performs periodic security monitoring and maintenance on existing systems and technologies in a consistent and thorough manner.
  • Helped ensure that security access is appropriately granted and removed such that the integrity of supported systems is maintained.

Environment: Agile, Scrum, SAFe, Java, HTML, XML, Confluence, JIRA, CyberArk IAM, MS Visio, SQL, SOAP UI, Rally, TFS, XMLSpy, ServiceNow, Selenium, Jenkins, IBM-DB2, Tableau, Informatica Power Center, API, Webservices

Business System Analyst



  • Recommended changes to procedures and protocols based on cost benefit analysis, resulting in 30% improvement to ROI.
  • Worked on Data Modeling - Conceptual, Logical and Physical modeling for both OLAP and Data warehousing environments
  • Created wireframes, mockups and protypes for UI/UX developers
  • Developed and supported the Extraction, Transformation, and load process (ETL) for data migration using Informatica power center
  • Acted as User Acceptance Testing coordinator and monitored business testing and interfaced with the development team regarding defect status and fixes daily
  • Conducted DRP sessions to ensure smooth flow of business by constantly getting in touch with Business Continuity team
  • Prepared Lessons learned document, training guides for the project

Environment: Microsoft Office Suite, Balsamic, Hadoop, Apache HBase, HDFS, Hive, Apache Sqoop, Flume, Kafka, Storm, JavaScript, SQL, NoSQL, MYSQL, Bugzilla, Informatica Power Center, OLAP

Jr. Business Analyst



  • Performed Requirement Analysis by gathering both functional and nonfunctional requirements based on interactions with the process owners & stakeholders and document analysis, represented them in Requirements Traceability Matrix (RTM)
  • Conducted Joint Requirement Planning (JRP) sessions as a facilitator to gather requirements from the business area and conducted JAD sessions
  • Established Positive and Negative test cases
  • Involved in UAT, Test plans, documentation of Test reports ; Assisted in QA and Integration Testing

Environment: Waterfall, Java, HP ALM, Ubuntu, Azure, SQL, MySQL.

Hire Now