SUMMARY:

• 3 plus years of IT Experience of which 2 plus years from Process & compliance auditing and Risk Management.
• Have rich experience in auditing /reviewing security polices, user access controls and risk management procedures.
• Proficient in preparation of compliance summary report.
• Strong problem - solving skills and self-motivation, good team player.
• Perform Quality Review on all new build databases and instruct DBAs to install and configure the required tool. Only when all check points are cleared then the database considered as QC Pass and I will succeed the Database and mark it as Production.
• Perform Venerability assessment scans on new build databases and coordinate with DBAs to remediate the outstanding violation for their database.
• “Fortidb” tool was used to perform scans where I lead this assessment process for Wipro RCA ( Confidential - RCSA) team.
• Regarding the outstanding violations for those cannot be remediated; I used to work with DBA, DBA Manager, Application Manager, BISO (Business Information Security Officer) and TISO (Technical Information Security Officer) to file a CAP (Corrective action plan) or RA (Risk Acceptance) or RE (Risk Exception).
• Conduct periodic Audit reviews on WINTEL and UNIX platform for both NAM and EMEA regions.
• Preparation of RAG report (which is otherwise called as scorecard) in order to track the compliance level of a particular team, the same will be highlighted to the concern teams SA manager and provide remediation advise.
• Lead calls while discussing the RAG report with different Wintel SA manager’s on a weekly basis.
• Will ask for a valid CAP# or RE# to cover the risk if remediation cannot be done on a particular environment.
• Track all Wintel servers for latest installation of VTM security patches till closure.
• Track whether TEARS tool has been installed on all Wintel servers and ensure whether the TEARS tool installed is working fine without any issues.
• Track ESM tool has been installed on all Wintel servers and ensure whether ESM tool installed is working fine without any issues.
• Verify for latest DAT version in Wintel servers using McAfee ePO & follow-up with any backlogs.
• Random verification of the netbackup configuration & backup restoration in the Wintel servers.
• To ensure Tivoli monitoring tool has been installed on all Wintel servers and will verify whether the tool is working fine.
• Media movement and media destruction will be monitored with RFC ticket system (Request for change), ensure that media is properly handed over to the authorized Confidential vendor for media movement and also for the media destruction.
• Perform Quality Check for all NAM and EMEA data servers on a daily basis.
• Track whether BMC monitoring tool has been installed on a data server, before they go-live into production.
• Provide suggestion and recommend the DBA to remediate all the vulnerabilities found in a database using FortiDB application, before they pass QC check.
• Track SQLGUARD which is an external auditing tool to capture all the changes done on a data server. Also track Schema level changes of database using SCA log file.
• Facilitate external audits (KPMG).
• Publish auditing results to all related stakeholders and also to the top management.

PROFESSIONAL EXPERIENCE:

Confidential

Project Engineer

Responsibilities:

• As a Senior Quality Analyst, I used to perform Quality Reviews on new build Database those are submitted for review. We have Seven check points for a new build database, once all check points are cleared we used to succeed the Database and mark it as Production and Live. We used to perform Quality Reviews for various platform databases. We used to segregate the database based on its RDBMS type. With respect Confidential we are performing Quality Review for Microsoft SQL, Oracle and Sybase Databases.Direct Client Interaction involved in RCA process where I worked up to Director (Four steps below to Confidential CEO) of Confidential . Since I am working as “Venerability assessment” specialist mostly I used to work with Senior Vice President (Below Director) and Vice President.
• We are having “Fortidb” Tool to perform the scanning on databases. All policies are written by CATE ( Confidential Architect Technology Engineering- CATE is the top most engineering team in Confidential who defines the process for hole Confidential ) team and we use those policies to our fortidb infrastructure for scanning. I used to work with CATE team and share my thoughts while creating a new policy version. I used to share DBAs feedback also where we face issue while remediating the outstanding violations.
• I played a major role on “Venerability assessment scanning” part. We have a dedicated scanning tool named as “Fortidb Application”. Where all Confidential policies (RDBMS - Microsoft SQL, Oracle and Sybase) are uploaded. We used to scan the database using this Fortidb Application and generate the venerability assessment scan report. This report will be sent to DBAs (Database Administrator’s) and DBA Managers. I used to work with all DBAs and DBA managers to remediate their outstanding violations.
• Conduct Compliance Audits (RCSA testing) for Wintel and Unix platforms for every quarter and publish the compliance reports & Appraise various Project Stakeholders with suitable Recommendations / Remediation Plans - Appraise Management on Project Clearance and Assurance - Meet or Exceed Schedules / SLA’s & Quality of Deliverables - Active participation in auditing on a quarterly basis.
• Ability to influence and persuade people at all levels and strong relationship management skills. - Ability to work under pressure and deliver to deadlines, on a self-driven basis. - Must be able to work as part of a team with internal and external colleagues. - Logical thinker, strong analysis, problem assessment and resolution oriented. -
• Excellent skills in MS-Word, Excel and PowerPoint applications. - Some exposure to analysis and selection of security oriented tools such as keyword search and data analysis tools would be an added plus. - Should be willing to accommodate a work overlap between the teams based in India and the US times zones.