SUMMARY:

• 15+ Years of experience as Senior Manager in Cyber Security Privileged Identity & Access Management, IDAM (Identity & Access Management).
• Expertise as a Senior Manager Project Delivery with LTI ( Confidential & Confidential ).
• Delivered 3 tracks for Life Sciences project Confidential from Inception to Invoicing for: -
• Confidential IDM Operation
• Confidential IDM Engineering
• Confidential Identity Governance & Reporting
• Expertise in Confidential Trust Password Safe & PAMUL for Project NETS Denmark A/S
• Expertise in RSA Aveska Identity Governance & Oracle Governance for project Mercer
• (MARSH & McLENNAN)
• Expertise as a Global Revenue Enabler for ESRM (Enterprise Security Risk Management)
• IDAM (Identity & Access Management) Tower for Confidential Mumbai.
• Expertise in calculating Profit & Loss Summary for IDAM (Identity & Access Management) Tower
• Expertise as a Practice Head for AVASOFT achieved Oracle Gold Partnership
• Expertise as a Confidential Trust Technical Consultant for W.L.Gore & Associates USA
• Expertise as a Business Leader Consultant & a Key Custodian for Confidential Data Center
• Expertise as a Technical Architect for Confidential
• Expertise as a IDAM Mainframe Consultant for GE Capital International Services.

TECHNICAL SKILLS:

Technology and Tools: PAM(Privileged IDAM) Identity Governance & Reporting Notifications IDAM Scrum Agile Methodology FINANCE 1 Confidential Trust Version 7.2 (a)Password Safe (b)PMUL (c)Bomgar Micro Focus NetIQ Version 3.6 & Version 4.5 ORACLE 10G & 11G Scrum Master Jira Stories Tasks Bugs Profit & Loss Summary EBITDA Monthly & Yearly Cost RLS Bought Outs Project Costs Commercials Pricing Models Delivery Contingency 2 Cyberark RSA Aveksa Mainframes RACF ACF2 Topsecret 3 Thales HSM Saviynt Tivoli 4 Arcon RSA Archer Tandem 5 Tripwire Novell IDM 6 SAP 7

PROFESSIONAL EXPERIENCE:

Confidential

SENIOR MANAGER

Responsibilities:

• Senior Project Manager Delivery for three tracks (1) IGA Operations (2) IDM Engineering (3) IAG Identity Access Governance from inception to invoicing.
• IGA Operations Provide Clinical Research Trial Operations Veeva Study Access to Blinded and Unblinded research records. Including COVID-19 Research for Pharmaceutical research globally for Novartis, Pfizer, Astra Zeneca etc
• Users on boarding from HR system to the IDM System.
• Enable Access to different system using CAPS ( Corporate Access Provisioning System)
• Identity Governance & Reporting Notifications.
• Identity Governance Disaster Recovery execution planning & interacting with all stakeholders across Confidential .
• Expertise in Jira Scrum Master for Jira Stories, Tasks, Bugs etc

Confidential

SENIOR MANAGER

Responsibilities:

• Individual contributor for Confidential Trust Password Safe & PAMUL
• Onboarding of 5000+ Windows & Linux assets to Password Safe
• Onboard Oracle, MSSQL MongoDB, Sybase Accounts & Users to Password Safe
• Active Directory Bridge (ADB) GPO to manage Unix / Linux VM’s Login Group Types Environment Machine Application, Infra Users, Machine Objects, Infra Groups, App groups
• AD replication, AD changes to group s handled outside VM
• ADB Management Console, ADB Client
• PBRUN request by Admin, Operator, root, secure role privileged users to run SU to sysusers,
• Su to root users, execute commands, secure directories
• Access Control Migration of AC dump files into PMUL rule files
• PMUL Session Keystroke log index & SOLR forensic investigation support
• PMUL wrapper for Splunk

Confidential

SENIOR MANAGER

Responsibilities:

• Expertise in adding an Application in RSA Aveska Connection details
• Expertise in Application Account Collector, Data Source Database, Aveska Agent
• Expertise in Source Application & Target Troux User Details
• Expertise in DEV Environment MMC RSA Aveska Details
• Expertise in Source Application Troux Number of Groups Details Group Name etc
• Expertise in UAT Environment TROUX Application WinSCP Connection
• Expertise in WINSCP Path to download TROUX Active Users List
• Expertise in UAT Environment Total Active Users List in TROUX Application Approximately 300+Active Users in Troux
• Expertise in Collector (Collect Information from Troux) TROUX Account Data Database Query
• Expertise in Mapping Attributes from Source Application TROUX to Target RSA Aveska
• Expertise in User Account Mapping of Troux Application in RSA Aveska Database Query Schemas Tables Columns
• Expertise in End User Target Collector Rules
• Expertise in Validation TROUX Active Director User List with RSA Aveska
• Expertise in Entitlement Data Collector
• Expertise in What access does a user has within the RSA Aveska Application Data Source, Business Source, Last Data Collected
• Expertise in RSA Aveska Identity Governance REVIEW Definition Creation
• Expertise in TROUX User Access Re Review Creation
• Expertise in RSA Aveksa Email Reports & Notification Configuration

Confidential

Responsibilities:

• Expertise in getting the IAM Lab environment ready with the IAM & PAM user stories proof-of-concepts
• Expertise in demonstration proof-of-concept uses cases post RFP qualifying with the global clients & global teams
• Expertise in creating the preparing all the sections of the IAM decks presentation with the required appropriate content for all the IAM clients
• Expertise in connecting with the market leading product OEM’s alliances teams Oracle, Arcon, SailPoint, CyberArk, Confidential Trust, MicroFocus, Thales, etc
• Expertise in calculating the Identity & Access Profit & Loss Summary Revenue & Costs for Tower & Sub-tower Sales Revenue
• Expertise in calculating the RLS, Capex, AMC, EBITDA, Bought Outs, Contingency
• Involved in Singapore Government GOVTEC CyberArk CAMS (Controlled Access Management Services) Infrastructure Pricing Cost Scheduling estimations for Production Environment, one-time hardware cost, software cost, one-time implementation and migration cost, monthly hardware & software warranty & maintenance cost.
• Expertise in Identity Access Management solution cloud SAAS pricing estimation for the Norwegian Higher Sector public tender UNINETT. To provide Identity & Access Management SAAS based cloud solution for 200+ universities.
• Expertise in IAM pricing estimates for Australian clients Orora, Confidential Corp etc Expertise in Airbus France Identity & Access Management & Privileged Identity Access
• Management Infrastructure estimations.
• Expertise in calculating pricing estimations for small, medium, large, to very large IaaS, SaaS, PaaS, CaaS solution pricing involving hardware, software, onetime, monthly and yearly costs

Confidential

Responsibilities:

• Expertise in working with Identity Vault Drivers, Driver Set, Servers, Refresh, Activation, Libraries, Jobs, Dashboard
• Expertise in working with Novell eDirectory idv-auth, Microsoft Active Directory
• Expertise in Loopback auto accounts & dropbox & groupentitlement, TextDelimited assign group, JDBC db, SOAP,LDAP ESP LDAP Driver,
• Expertise in SecretStore Assign Policy, Create/Delete/Modify Override Policy, Secret Store Servers, Unlock Secret Store,SNMP
• Expertise in Provisioning & Synchronization
• Expertise in Role Based Services iManager Server Schema Display Names attributes and object classes
• Expertise in Expertise in Provisioning Configuration,Provisioning Requests,Authorized Login Methods,Authorized Post Login Methods,Passwords Policies,Issued s,default notification collection,secretstore
• Expertise in Role Based Entitlements, Reevaluate, Role-Based Entitlements
• Expertise in Schema,Add Attribute,Attribute,Information,Class Information,Create Attribute Expertise in NetIQ Access,SAS Service Object,Server s,User s,NetIQ Server,
• Expertise in NMAS,NMAS Login Methods,CertMutual,Challenge Response,Digest-MD5,NDS,SAML Assertion,Simple Password,Universal Password Enforcement
• Expertise in NMAS Login Sequence NetwareClient,Netwareserver,Windows NT Client,Windows NT Server etc
• Expertise in Partitions Replicas,Passwords, Provisioning Configuration Expertise in New Associate Date Flow Provisioning Process
• Expertise in New Partner Data Flow Provisioning Process Expertise in New Customer Data Flow Provisioing Process Expertise in Short Name or Rename Data Flows
• Expertise in Partner Renew Data Flow
• Expertise in Associate & Partner Separate Data Flow Migrated NetIQ to Confidential Trust Bomgar
• Expertise in install config Cyberark Configured SIEM alerts
• Server on-boarding On-boarding of windows and UNIX for integration with PAM solution for managing the associated privileged accounts.
• Server off boardingOff-boarding of privileged accounts associated with windows and UNIX from PAM solution due to de-commissioning or other valid Business reasons.
• Auto Discovery Leverage in-built capability of PAM solution to automatically discover and identify the new privileged accounts of the newly on-boarded servers within NSRE network.
• Password vaulting Storage of privileged account passwords in a secure and encrypted format which can only be accessed via PAM solution.
• Password randomization Randomization of privileged account passwords at a regular interval after every check-in or as per Business defined policies of W.L.GORE & ASSOCIATES
• Session monitoring Allow PAM administrator & auditors to monitor the real-time activities performed by the end users on the privileged accounts of the system / device.
• Session recordingRecord user sessions for the activities performed on the privileged accounts for enhanced security, audit & compliance requirements. All such recording such be made available for the auditor’s review as and when required.
• Break glass Process To mitigate risks of not able to access privileged accounts during unforeseen eventualities like non-availability of PAM solution, the desired solution must support the scenario wherein specific or limited number of users should be able to login and access their privileged accounts without getting routed through PAM solution.
• Expertise in getting the IAM Lab environment ready with the IAM & PAM user stories proof-of-concepts
• Expertise in demonstration proof-of-concept uses cases post RFP qualifying with the global clients & global teams
• Expertise in creating the preparing all the sections of the IAM decks presentation with the required appropriate content for all the IAM clients
• Expertise in connecting with the market leading product OEM’s alliances teams Oracle, Arcon, SailPoint, CyberArk, Confidential Trust, MicroFocus, Thales, etc
• I am responsible for the RFP tender clauses & rules of the competition that qualify the RFP
• I am responsible for Identity Access Management RFP Solutioning Slides & Presentations decks I am responsible for RFP IAM competition rules, list of requirements, user stories, price sheet, terms and conditions, questions & answers.
• I am responsible for working with the IAM Service Integration Partners across global regions. I am responsible for the Defence Meeting & Product Demo presentation with the proof-of- concept use cases.
• Expertise in calculating the Identity & Access Profit & Loss Summary Revenue & Costs for Tower & Sub-tower Sales Revenue
• Expertise in calculating the RLS, Capex, AMC, EBITDA, Bought Outs, Contingency
• Involved in Singapore Government GOVTEC CyberArk CAMS (Controlled Access Management Services) Infrastructure Pricing Cost Scheduling estimations for Production Environment, one-time hardware cost, software cost, one-time implementation and migration cost, monthly hardware & software warranty & maintenance cost.
• Expertise in Identity Access Management solution cloud SAAS pricing estimation for the Norwegian Higher Sector public tender UNINETT. To provide Identity & Access Management SAAS based cloud solution for 200+ universities.
• Expertise in IAM pricing estimates for Australian clients Orora, Confidential Corp etc Expertise in Airbus France Identity & Access Management & Privileged Identity Access
• Management Infrastructure estimations.
• Expertise in calculating pricing estimations for small, medium, large, to very large IaaS, SaaS, PaaS, CaaS solution pricing involving hardware, software, onetime, monthly and yearly costs

Confidential

Responsibilities:

• Expertise in Cyberark 9.6 experience
• Expertise in Elevated Personal Accounts for Cloud providers, Personal accounts with elevated permissions used by IT staff and any employee used for Privileged operations, Websites, Access to sensitive information
• Expertise in Shared Privileged Accounts for Administrators UNIX root, Cisco enable, Oracle SYS, Local Administrators, ERP admin used by IT staff, Sys admins / Net admins, DBA’s Helpdesk, Developers, Social media mgrs, Legacy applications used for Emergency, Fire-call, Disaster recovery, Privileged operations, Access to sensitive information
• Expertise in Application Accounts (App2App) for Hard coded / embedded APP ID’s, Service Accounts used by Applications / scripts, Windows Services, Scheduled Tasks, Batch jobs, etc, Developers used for Online database access, Batch processing,App-2-App communication
• Expertise in Installation Prerequisites (Windows 2012 R2,No GPO, No DNS, Static IP Address) .NET 3.5) & Installing the Vault Server Installation (Cyberark Digital Vault 9.2.0, Remote Control Agent, Hardening the Vault Server) & Verifying the Installation (Event Notification Engine, Logical Container, Database, Private Ark Server) & Connecting with the Client .
• Set build in user passwords such as Master & Admin Passwords for Cyberark Digital Vault setup. Logging onto the Vault, Creating Event Notification Engine User, Adding user as member of Event Notification Engine group, Creating Safe, Storing Configuration Files, Adding ownerships on Safes
• Using encryption algorithm: Advanced Encryption Standard(AES), 256 bit, RSA (2048 bit) SHA1 Expertise in Installing Private Ark Client V8.0 setup setting client authentication methods
• PrivateArk authentication, Port, Proxy or Firewall Server, Server Address.
• Verifying the Installation Connecting with the Client PrivateArk: Notification Engine, System, VaultInternal
• Cyberark layers of security Data Access Control ( Safe, Granular access permissions, Safe Level Permissions, Vault Level Permissions, Built-In Users and Groups
• Private Ark Command Line Interface, Session Management, User Management, Network Area Management, Safe Functions, Request Functions, Report Functions, Password Utilities
• Encryption Hierarchy: Vault ( Server Key AES 256),Safe (Safe Key AES 256),Passwords(Object Key), RecPub (RSA-2048), RecPrv (RSA-2048)
• Expertise in Vault Configuration Files: DBParm.ini, Passparm.ini,PARagent.ini Vault Log Files: ITalog.log,Trace.d0
• Cyberark LDAP Integration using Setup Wizard & Manual Configuration Vault Authorizations and Safe Authorizations,Built in Users
• Managing users and groups from an external LDAP Server
• Object Model - Master Policy and Platforms, Master Policy default settings,Master Policy Post Edit, Password Management Workflow - Configured on the PVWA
• Master Policy default settings, Editing the Master Policy,Master Policy Post Edit, Platform Management,Duplicating Existing Platforms - Platform Templates,Platform Names and Editing Platforms,Editing Platform Settings
• Master Platform-Adding and Exception, Master Policy Exception-Choose a Platform, Creating an Exception, Master Policy - Viewing an Exception
• Adding a Safe, Setting a Safe Name, Safe Ownership-Adding a Safe Member, Add Safe Member-Searching in LDAP Directory
• User Rights-Account Management Details, Safe with a New Member, Predefined Users and Groups, Accounts-Add Account, Add Account - Details, Verifying the Account, In Process and Completed Verification
• Password Change, Completed Change, Data Execution Prevention-Unix Password Management, Changing Windows Passwords - Maximum Password Age, Accessing Password - Show /Copy, Connect and copy short cut buttons - windows
• Transparent Connection -Unix, Logon Account - Root Account Login Failure, Logon Account - Root Password Change Failure, Associate Logon Account, Logon Account-Root Password
• Change Success, Logon Account - Platform Settings, Reconciliation - Unknown Password, Associating a Reconcile Account, Manual Reconciliation, Successful Reconciliation, Reconciliation-Policy Settings, Logon Account Vs Reconcile Account
• Dual Control & Access Reason, Enabling Dual Control, Dual Control - Safe, Password Retrieval - Dual Control 1/2, Password Retrieval - Dual Control 2/2
• Exclusive Passwords, Exclusive Password-Show, Exclusive Password-Locked, Exclusive Password Release and Change, Exclusive Password -Release and Change
• One Time Passwords, Min Validity Period - Platform Configuration, Exclusive Accounts with one-time passwords
• Establishing a Session, Authenticating a User Password & SSH Key, SSH Key Advantages & Disadvantages
• SSH Key Manager, Adding Keys to the Vault, Retrieving Keys, Click to Connect, Rotate Keys, Push Private Keys to Application Servers, Use DNA to Discovery Key Pairs
• PVWA Password Vault Web Access, Multiple Authentication Methods, Windows, Cyberark, Oracle SSO,RSA SecureID, Radius, LDAP, Request Workflow
• As a key custodian managed both Physical Thales HSM’s and Software Thales Configurations for Pay shields 9000 & NShield connect solo and edge.
• Managed card sets & cryptographic keys PKCS 11 LMKs (Local Management Keys) ZMKs (Zone Management Keys)
• As a key custodian for HSM (Hardware Security Module) took care of hardware software configuration cryptographic keys of NShields, Payshields, ACS cards, OCS Cards, Remote Cards, HSM Keys.
• Have spun new Thales HSM’s Pay shield 9000 from scratch on Physical and remote file server. Configured HSM nfast nCipher nSolo nShield netHSM ntoken security world PKI Edge F3 Hardserver RFS Server
• Expertise with HSM’s (Hardware Security Module), NShields, Payshields
• Expertise in PKCS#11 production information utility managed pkcs attributes and objects. Create edit modify configuration files. Managed module slots or formats for a smart card.
• Create modify edit Thales hardserver process manage hardservers. Expertise in working with API’s worked on 21+ API Integrations. Expertise in Aveksa Identity & Access Management
• Expertise in RSA Authentication
• Expertise in CA Control Minder / Access Control ACX Expertise in Gardium Database
• Expertise in GRC (Global Risk & Compliance) Archer
• Expertise in taking care of Keys & encryption decryption s Expertise in Tripwire
• Expertise in Tandem
• Expertise in SAP IDM Netweaver Integration.
• Took care of L1 / L2 / L3 Teams Technical Manager on Call Duties.
• Performed end to end Disaster Recovery in Mastercard Infosec IAG Servers

Confidential

Responsibilities:

• Expertise in Oracle Identity & Access Management from Development to Production Support Was responsible from initial setup of the Firewalls LBR (Load Balancers) in IDM Architecture to setting up of the Apache Layer httpd, Internal LBR VIP, SYMPHONY LIFERAY WebLogic portal apps Ports.
• Was responsible for developing portals such as Account Management Portal Support Portal VMW Download Portal Licenses Management Portal etc. from development, testing, UAT, STAGE, PERF to deployment & migration to PROD environments.
• Expertise in setting up Policy Domains Authentication Rules Header Variables Cookies Authentication scheme enrolment flags Webgate Configurations in Oracle Access Manager.
• Expertise in implementation migration and deployment of SSO Federation Web Services Entitlement Management Virtual Directories Metadirectories
• Have implemented a 2CPU/4GB RAM/10GB Disk space oam web OHS-7780 webpass and webgate.
• Have implemented a 2CPU/4GB RAM/10GB Disk space oam admin OHS-7785 policy manager
• Have implemented a 2CPU/4GB RAM/10GB Disk space oam idm identity server-6022 and access server-6021
• Have implemented a 2CPU/4GB RAM OVD server 6501/7501 for user data.
• Have implemented a 2CPU/4GB RAM OID server 389/639 for configuration data.
• Have implemented a 4CPU/ 7.8 GB RAM OID DB, DB RAC (Real Application Cluster) Instances 1 and 2 with a DB Listener 1521
• Expertise in Oracle web services manager
• Expertise in RIM Database Configuration Assistant
• Oracle AS Cluster (Identity Management) - Created a separate Perl script to start and stop the instances and maintaining the below registries. dcmctl join cluster IMCFREGISTRY ODS PROCESS
• ODS SHM OIDMON
• Obsolete Partner URLs
• OPMN Configuration Assistant
• Oracle Entitlement Server - Deployed new entitlements for symphony & Liferay portals
• Oracle Directory Services including Virtual Directory - Complete end to end expertise in using directories importing, exporting, deploying and undeploying.
• Oracle Information Rights Management - Assigning roles as and when required rules and implementing new workflows.
• Oracle Database Vault
• Expertise in using Java LDAP Browser \ Editor and using ldap commands in Linux Expertise in PERL Scripting & Linux Administration
• Expertise in Backup of Policies & Configuration
• Expertise in IDM Pre-Refresh Refresh and Post-Refresh Expertise in Sanity Checks
• Expertise in My OneLogin Horizon manager VMSTAR VMvault Expertise in Workday Model N Fieldglass
• Expertise in Brassring Varicent Pack PLMLITE POET PRISM
• Weblogic Server 10.3.4 implementation in various application portals. Deployment - Maven deploy redeploy undeployed
• Ellipse based Maven Project deployment activities POM Dependencies Plugins
• Effective POM Java Webapps
• Java Maven Repositories
• Expertise in troubleshooting SOA OHS server, OSB Admin server, OSB Managed Servers
• Expertise in troubleshooting portal. SOA end point servers oc4j soa, oc4j ws, oc4j GTWY, oc4j coreman policymanager, oc4j ESBDT
• Expertise in third party integration Salesforce (SFDC), Etrade, Workday, Siebel, UCM, Gilmore etc.
• Was responsible for writing Oracle IDM Business RFP’s (Request for Proposal), RFQ’s (Request for Queries) Technical Run books or SOP’s (Standard Operating Procedures)

Confidential

Responsibilities:

• Expertise in User Provisioning Cloning Expertise in Access Management
• Oracle Access manager
• Oracle Adaptive Access Manager Oracle Identity Federation
• Oracle Enterprise Single Sign On, LDAP, PKI Oracle Identity Management
• Oracle Role Manager
• Oracle web services manager Oracle Entitlement Server
• Oracle Directory Services including Virtual Directory Oracle Information Rights Management
• Oracle Database Vault.

Confidential

Responsibilities:

• RACF ACF2 Topsecret Level 2 & Level 3 security support for 17 GE Money Mainframe LPARS (Logical Partions) for 22 Countries.
• Designing the security around the highly sensitive banking data using the security tool RACF on all GE Money Mainframes taking care of the Mainframe security from initial setup after new RACF has been enabled on the LPARS.
• Planning for extensive projects with a wide scope like the setup of new banks in various countries.
• Building Security for CICS regions in all the phases of SDLC till production. Security auditing and review through extensive usage of security products. Support, rollout and usage of products like Vision plus and Cardpac with zero security loop holes.
• High end security design and structuring for proper usage of internationally know Anti fraud tools.
• Supporting OS upgrades.
• BCP / DRP planning for the security Databases. ACF2 Administration Support.
• UNIX Administration for APAC and European Countries.