- Over 26 years of IT experience. 16 years of combined experience GRC IT Analyst and implementation, development and maintenance of compliance tools such as RSA Archer, ServiceNow, OpenPages, Risk Navigator (both Java and Domino), Magique.
- Performed SOX compliance testing of applications on various platforms, databases, servers, and data - centers.
- 5 years of experience in Analysis, Design, Development and Deployment of Lotus Notes/Domino applications, 2 years of experience in SAP BW and 2 years of experience in Systems software using C, C++.
- As a member of the Governance, Risk and Compliance (GRC) team, helped develop processes and solutions that further the goals of the organization
- Performed SOX IT General Controls testing on applications, databases, servers and data-centers for 404 compliance
- Responsible for implementing, configuring and supporting RSA Archer, ServiceNow, OpenPages FCM and RiskNavigator Confidential Applications
- Worked on RSA Archer 4.x, 5.x and 6.x versions
- Developed reports using SAP BW and Cognos
- Worked on Lotus Notes development since Release 3
- A go to person for Excel formulas
- Manage consultants and staff engaged in mission - critical projects onsite and offshore
- Work closely with development groups to specify and plan projects, including recommendations based on Enterprise standards
- Develop platform and application standards
- Design and implement policy: based architectural solutions for internally developed and third party application solutions
- Ability to adjust communication style/content to interact with business and IT professionals
- Very effectively managed onsite and offshore teams
- Configured various solutions of RSA Archer, developed ODAs, Data Feeds and API
- Used other tools like Magique, Galileo, RiskNavigator, AutoAudit, IssueTrack and Solution Accelerator for Sarbanes-Oxley 404 Compliance. Extensively worked on OpenPages FCM tool
- Performed testing on ITGC controls for SOX compliance
- Extensively used LotusScript, Formula Language, LSX in Lotus Notes and Domino application development. Have very good experience in coding of Complex Script Libraries, Error Handling functions and File Handling functions to read/write Binary, Sequential and Random files
- Published an article on LotusScript (Rich Text Item) in June 1999 Notes & Domino Advisor Professional Resource
- Experience in generating reports using SAP BW, ABAP, LotusScript, Crystal Reports, SNAP Reporter and Intelliview. Go to person for Excel reports
- Experience in multilingual applications
- Used Java Script, HTML, DHTML, XML, Stilesheets, SQL, Java ( Servlets, JSP and Applets ), Business Objects, SAP BW, Attachmate, Team Studio, Visual 360, C, C++, Assembly Language
- Integration Experience with Oracle, DB2, SQL Server using Lotus Enterprise Integrator (LEI), DECS, NotesPump, Notrix, Percussion Notrix, ReplicAction. Very good experience with migration process (including Domino Server and mail migration)
IT and RSA Archer/ServiceNow Consultant, Risk & Compliance Management
- Continuous monitoring of IT General Controls, govern and report on findings, track status, and ensure corrective actions are complete and sustainable
- Analyze requirements, gather evidence, and coordinate responses for both Internal and External Control Review
- Maintained and updated procedures for IT risk related processes as needed
- Assisted with Risk Control Self-Assessments (RCSAs) to include monitoring RCSA requests, requesting pre-assessment documentation
- Assisted in maintaining and expanding the enterprise-wide risk appetite framework and monitor risk exposures
- Prepared clear, accurate, and timely reports for regulatory entities, senior management and the Audit Committee/Board of Directors
- Helped assess risks in accordance with the company’s risk hierarchy, coordinate risk response and corrective action plans, and develop Operational Risk Management reporting and dashboards
- Configured out of the box solutions from RSA Archer and implemented custom solutions using several ODAs, Questionnaires
- Built complex solutions with the help of API a Migrated Key Indicators and Loss Events solutions into ServiceNow and Custom Objects
- Involved in migration from from 5.x to 6.x
- Leveraged Advanced Workflow to replace existing workflow as well as building for new applications
- Migrated Key Indicators and Loss Events solutions into ServiceNow
- Trained power users on each solution and worked with testers to troubleshoot issues during SIT and UAT phase
IT Security and RSA Archer Consultant
- Brought RSA Archer to prominence from 2 year hibernation by implementing Data Retention, HIPPA, IT Security, SOX, Risk Management and NERC CIP solutions using Enterprise, Risk, Policy and Compliance Management solutions. Following activities have been performed during this implementation:
- Stood up Archer by ensuring that all components are properly configured.
- Enabled single sign-on using LDAP with groups managed in PAM
- Implemented Data Retention solution using ODAs
- Configured Compliance Management module to implement HIPPA solution based on Privacy and Security Assessments
- Reviewed, uploaded and mapped all IT Security policies to Authoritative Sources and Control Standards. Developed procedures to meet standards.
- Implemented a solution to meet NERC CIP requirements
- Analyzed 6.x for possible migration and recommended user stories that can be moved until 6.x is installed
RSA Archer Consultant
Confidential, New York
- Helped in migrating RSA Archer from version 5.3 to 5.4
- Customized Risk Management, Enterprise Management, Policy Management and Business Continuity Management to customer needs.
- Set up the Enterprise Risk Management Review process using Quarterly Risk Reviews and Business Unit Risk Reviews.
- Helped migrating from 3 X 3 ratings (High, Medium and Low) to 5 X 5 ratings (High, High Medium, Medium, Medium Low and Low) for both Inherent and Residual Risk Ratings.
- Imported legacy data from Excel into various applications of RSA Archer such as Risk Register, Metrics, Metrics Results, Business Processes, Control Procedures, Business Impact Analysis, Findings, and Remediation Plans etc.
- Created roles and groups as needed.
- Developed Reports (including Heat Maps), iViews, Dashboards and Workspaces for different user groups.
- Conducted for different user groups such as Risk Submitters, Risk Managers, Enterprise Risk Management team and Executive Management.
Software Tools Used: RSA Archer 5.4, .Net Framework, SiteMinder, Active Directory
RSA Archer Modules Used: Risk Management, Enterprise Management, Policy Management and Business Continuity Management
RSA Archer Consultant, SOX Compliance and IT Security
Confidential, New Jersey
- Assess all applications (Core and ODA) and questionnaires in 4.5 Environment
- Installation of version 5.3 in new set of boxes
- Configure Archer Control Panel and manage services
- Worked with SiteMinder and LDAP group for Single Sign-on
- Developed standards for 5.x
- Migrated Applications and Questionnaires from 4.5 to 5.3
- Rebuilt all Data Driven Events (DDEs) to leverage 5.x features
- Migrated data from 4.5 to 5.3 using data import and Data Feed
- Supported 4.5 Instance for quarterly assertions and s during migration process
- Managed users, groups/roles and used bulk user import utility
- Migrated bulk attachments from 4.5 to 5.3 using the utility from RSA Archer
- Helped Archer 5.3 go through Security Review for IT Security compliance
- Managed offshore resources
- Worked with RSA Archer Support to report bugs
Software Tools Used: RSA Archer 4.5 and 5.3, .Net Framework, Visual Studio, SiteMinder, and LDAP
RSA Archer Modules Used: Policy Management, Compliance Management for SOX, Risk Management, IT Security Including Incident and Threat Management
RSA Archer Consultant
Confidential, New Jersey
- Gathered requirements from stake holders and end users and prioritized them based on business needs
- Prepared functional design document
- Organized team meetings with stake holders, power users and RSA Archer
- Implemented RSA Archer 5.x from scratch in 3 different environments and configured it for single Sign-on using SiteMinder
- Customized core applications and developed On-Demand Applications (ODA)
- Loaded Vendor and Contract information using Data Feed Manager and Import Wizard
- Managed user access, notifications and Global Values List
- Used bulk user upload tool to manage groups for large user population
- Managed Archer Control Panel as needed
- Implemented interface between RSA Archer and Ariba Sourcing, Ariba Contracts Pro and Zycus using Data Feed Manager
Software Tools Used: RSA Archer 5.02, .Net Framework, SiteMinder, LDAP
RSA Archer Modules Used: Vendor Management, Enterprise Management
Confidential, New York/New Jersey
- Involved in development and maintenance of the IT SOX Compliance Strategy.
- Assisted in Global Information Security ISO 27001 compliance.
- Involved in gathering and analyzing detailed business and technical requirements to accommodate end-user needs.
- Architect and deploy the Archer SmartSuite Framework.
- Designed, created and implemented full RSA Archer solutions based on customer requirements.
- Configured Archer, OpenPages and Risk Navigator for customer needs.
- Migrated applications from 4.5 to 5.x in RSA Archer
- Developed data intensive database applications that involve automation of data loads from various data sources using SQL server.
- Developed reports using Cognos in OpenPages tool.
- Generated reports from Qualys vulnerability scan.
- Developed Excel based bar chart template using data from OpenPages.
- Performed testing on controls related to Datacenter and Computer Operations.
- Tested controls from various platforms, databases and ERPs for SOX compliance.
- Gained thorough knowledge on SOX structure and Architecture of various SOX tools.
Software Tools Used: RSA Archer 5.02, OpenPages, Risk Navigator, .Net Framework, Visual Studio, SiteMinder, LDAP, ADFS
RSA Archer Modules Used: All Modules except Business Continuity Management
Confidential, New York
- Trained users and support persons on how to use various tools.
- Prepared standards to categorize documents properly.
- Reported undocumented bugs and limitations to vendor and developed workaround solution.
- Developed very complicated reports for senior leaders.
- Created an agent to conduct Quality Assurance using business rules.
- Set the procedures to share data with external auditors while maintaining the confidentiality under Confidential level 4 guidelines.
- Identified areas where lot of support work is duplicated and created agents to automate them.
- Written agents using LotusScript and complex script libraries to integrate tools from different vendors.
- Developed a strategy to automate several tasks reducing user errors.
- Involved in migration of data from Magique and Risk Navigator to Oracle for new system.
Software tools used: Lotus Notes (5.x and 6), Domino, HTML, XML, SQL, LEI, LotusScript, Magique and Galileo tools from D’arcAngelo Company and Horwath Software Services, Auto Audit, Risk Navigator, SNAP Reporter from Paisley Consulting, Solution Accelarator from Microsoft.