SUMMARY:

• The various industries worked with includes Finance and Insurance, Manufacturing, Retail, Technology, Healthcare, Oil &Gas, Utilities, Pharmaceuticals, Education, State Agencies, etc.
• Experience with GRC product - both ERP based as well as Confidential products - selection including requirement analysis, RFP, Vendor Selection, cost-benefit (ROI) analysis both in SAAS as well as In-house implementation.
• Implemented various Confidential products for multinational clients
• Implemented Archer and currently project involved resolving issues with Archer solutions implemented in SAAS environment with RSA.
• Modules worked on includes Risk, Policy, Compliance, etc.
• Understanding of Archer in SAAS and SAAS associated issues along with deep knowledge of modules.
• Modified existing applications with respect to the new design
• Managing and creating on demand application and solution on Archer Confidential tool.
• Responsible for designing solution and as a single point of resource developed this solution
• Created ODA, changed workflow for existing core solutions to achieve project requirements
• Defined and created access roles for VRM groups, created Data-Driven Events
• Created DDEs, notifications, dashboards, reports based on VRM personas
• Created global reports, iViews and dash-boards for the solution.
• Implemented ITIL, COBIT and ISO framework and best practices including security architecture.
• Trained on TOGAF 9, and worked on information security architecture and AM.
• Performed and assisted clients with SAS 70/ SSAE 16 (SOC1, SOC2 & SOC3) implementation and audits.
• Reduced the cost of compliance initiatives by having single instance of testing, data collection and optimizing the use of business intelligence (BI).
• Designed and built IT security process assessment methodology based on ISO 27001/2 framework.
• The objective is to provide a common platform to compare division’s technology risk readiness, policy/procedure implementation and compliance with regulations.
• Worked on several Archer GRC projects including control rationalization, conversion etc. Experience also includes for planning, designing and implementing GRC solutions. Exposure to both qualitative and quantitative controls implementation along with risk matrix creation, forecasting etc.
• Design, built and implement systems to compare various Siemens Division on common platform for risk management, security process assessment, IDS/IPS, compliance and gaps analysis.
• Develop a procedure to provide the regional leadership and Global CIO, a report to give an idea of division, regional and global compliance with IT Security.
• In the process of publishing article on Cloud Security. In depth knowledge of IAAS, PAAS and SAAS, and have worked with cloud providers as well as cloud clients on security architecture. Working knowledge of capabilities of Tier 1 and Tier 2 cloud vendors.
• Worked with cloud providers to make them compliant with ISO, PCI and SSAE 16 SOC1 and/or SOC2.
• For Confidential corporation audited Linux environment, policies, standards, and OS controls etc. Established processes based on ITIL along with service levels.
• Managed and responsible for solution architecture for multiple projects:
• Designed the solution architecture includes requirement gathering, blue print, enterprise-wide security architecture, etc.
• Provided all end-to-end business process design for the various areas.
• Created and maintained baseline, forecast, and actual project plans.
• Performed critical path, resource load balancing, and project schedule variance analysis and reporting; coordinated with the management team to drive risk mitigations and corrective actions.
• Coordinated planning, scheduling, and execution of core team and working team meetings to ensure proper project tracking, timely resolution to action items and issues
• Designed PCI approach to maximize the use of existing work to generate saving potential of $ .5 MLN ongoing basis.
• Work includes review of entire security includes network security, network segmentation, firewall (standards and implementations), SDLC, use of OWASP and SAN 25, application security, etc.
• Data privacy review based on EU (EU Laws, Safe Harbor, etc.), Germany laws, and US Regulations/Compliance Requirements (GLBA, HIPAA, State, etc.), ISO Standards, etc. Made use of data mining tools, DLP, log management, Siemens ERM tools, etc.
• Web application security reviews for vulnerabilities, XSS, XSRF, SQL injection and use of tools Web-inspect, Fortify etc.
• Performed strategic review project for $5bln client. Designed solution for consolidating multiple ERP solutions into one target solution for a manufacturing client. The project consisted of strategic review of various systems/applications/infrastructure in place, lay down the plan for integration of systems, establish budget, discussion with the management, obtain management approval, etc. Developed IT program - roadmap - for next 5 years and long term view for 10-15 years.
• Extensive experience with SIEM and log management products: LogMatrix, Juniper Networks, Nitro Security, Novell, RSA enVision, ArcSight, Cisco, LogLogic, Symantec SIM, RSA Archer Symantec, LogRhythm, Alert Logic, Guardian etc.
• Conducted effective risk assessments, directed integrated teams for successful execution of the annual audit plan, and communicated results to executive management and the audit committee.
• Designed policies/procedures, created risk assessment methodology, developed readiness assessment and process assessment methodologies, designed and implemented ERM program etc.
• Developed ERP selection methodology for UHY (program of 10000 line items taking in to account business requirements for all the business cycles to assist with selection of ERP). Directed and implemented two major projects which lead to the selection of ERP solutions valuing $10 million. One of the end clients has subsidiaries in 18 countries. (ERP selection application developed by myself - 10000 lines program includes - gathering business requirement, vendor short listing, RFP preparation, evaluation, conference room pilot, final evaluation, qualitative & quantitative analysis, ROI calculation)
• Provided high quality audit reports with value-add recommendations based on root cause analysis that improve the efficiency and effectiveness of internal controls
• Provided risk management and emerging issues thought leadership and knowledge transfer.
• Worked on PCI HSM security requirements compliance (A to D) and PIN Security requirements (36 points) compliance.
• Performed pre-post SAP implementation analysis and controls reviews for the medium ($2BLN) client, identified gaps and provided automated solutions to save approximately $2 MLN.
• Audited SCADA/PDMS systems for CenterPoint including review of systems security and development policies etc.
• Assisted multinational client in GRC vendor selection (requirements gathering, vendor identification, RFP preparation, RFP reply qualitative/quantitative analysis, vendor selection).
• Led a division as the Director managing over 200 employees. Responsible for the company's direct and channel revenue growth. During 7 years company (Lordmart) grew from 70 employees to 1800 plus.
• Worked with clients on preparing/readiness assessment/audit for compliance with PCI HSM Security Requirements and PCI Pin Security requirements.
• Worked on HSM security requirements compliance (A to D) and PIN Security requirements (36 points) compliance.
• Verified that HSM provides secured interfaces, ensured key management conforms to ISO 1158 and/or ANSI X9.24 and key management techniques support ANSI TR-31, ensured HSM meets the pin management requirements stated in ISO 9564, etc.
• Audited PKI infrastructure, RA, CA, key management, administration, change management, logs management, logs security and access controls.
• Member of advisory team focused on initiatives dealing with new acquisitions and analysis of competitive intelligence from cross-functional and multi-national sources across the company, and translate it to meaningful implications and actions
• Assisted process integrations on new acquisitions, financial and operational analysis, business plans, forecasting, budgeting, compliance with ISO 9001, and implementation of plans and ERP systems.
• Worked with various clients to evaluate cloud SLA compliance requirements and advised clients on the compliance matrix and KPIs.
• Worked with clients on Cloud Security reviews includes cloud architecture, access controls, administration, remote access, business continuity, DR, risks as virtual machines, legal issues, etc.
• Designed (Solution Architect) and implemented SCM project including global demand planning module and forecasting module for $25 billion organization. The project involved more than 30 personnel from 6 countries in the planning phase. I was team lead and solution architect in planning phase with the team of 10 functional and technical members.
• Conducted audits with the help of CAAT tools, experience in using data mining procedures and extensive experience with different log management tools.
• Worked with clients on PKI infrastructure review and key management, certificate issue process etc. Worked with clients in identifying encryption solutions for .net applications and hashing mechanism.
• Great understanding of encryption and hashing algorithms - AES, DES, Triple-DES, RSA, SHS etc.
• Designed solution for consolidating multiple ERP solutions into one target solution for a manufacturing client. The project consisted of strategic review of various systems in place, lay down the plan for integration of systems, establish budget, obtain management approval and implement.
• Led the study group project worth $500K-1M to review the change from a sole distributor system to the appointment of authorized dealers, including the change impact on collection management, etc.
• Controls transformation project resulted in significant reduction and standardization of SOX controls and additional reliance on automated vs. manual controls.
• Designed the solution, managed and performed the implementation of PeopleSoft/Oracle ERP for a large engineering client. The PeopleSoft and Oracle modules implemented included G/L, AR, AP, FA, Budget, Treasury, Purchasing, Billing, Project Costing, HRMS, plus several custom modules.
• Solution architect for customized assembly systems along with inventory management systems for the new assembly plant that will integrate supply sources from multiple countries with different lead times. Managed the system implementation in 6 countries including Africa. The team consisted of 12 technical staff and 10 functional experts.
• Organized, planned and carried out the internal/functional audits that include the preparation of an audit plan, assigning work, scheduling and estimating resource need, completing the report, presenting audit report to client management and the audit committee for multiple audits for the organizations ranging from $½ billion to $40 billion.
• Assisted the client, the user of external payroll services to select the ERP services in cloud that will best benefit existing and future business models with substantial saving of $17mln in five years.
• Developed strategic interface tools along with business process value stream mapping and use of lean tools to streamline P2P process around billing and collection management resulting.
• Implemented end to end business processes (finance, accounts, A/R, A/P, inventory, HRIS, payroll, supply chain, production balancing and sales & distribution) for the new division belonging to $6 billion organization.
• Worked on the developing BCP/DR plans and includes: project initiation, risk assessment, business impact assessment, strategy development, business continuity plan development, business continuity plan testing and maintenance, emergency communications, awareness and training, and coordination with public authorities.
• Identified the potential threats that may cause adverse impacts on business operations, assessed the potential risks and costs, considered the alternative ways of running the business, worked on a framework for building resilience for business operations, identified the core products services and processes where staff will need to focus to get the business back on track, developed capabilities, facilities, processes and action task lists for responses to disasters and failures, created plan for implementing, operating, monitoring and maintaining the facilities and services necessary for disaster recovery, developed plan for fallback and recovery support for the organization's ICT systems, identified the capabilities that outsourced ICT DR service providers should possess and the practices they should follow to provide basic secure operating environments and facilitate recovery efforts, guided in the selection of a recovery site, etc.
• Performed and managed the client’s (Financial/Insurance Industry) SOX compliance initiative consisting of training for more than 30 staff members including the management team. I was responsible for implementing project in 6 months with the project team of 10-15 on an average. The project consisted of both functional processes (premium collection, accounting, G/L, receivables, etc.) and technical systems (mainframe, SAP and PeopleSoft) including IT General controls.

ADDITIONAL AREAS OF EXPERTISE INCLUDE:

Strategic Planning - Archer Implementation - Regulatory Compliance Readiness - Internal/IT Audit - Operations Risk Management - Logistics/Supply Chain - GRC - Value Stream Mapping/Lean Principles - BCP/DR

BUSINESS AND TECHNOLOGY EXPERIENCE AREAS:

• Enterprise-Wide Risk Assessment/ERM
• Operational Audits
• Readiness Assessment
• SSAE 16 Audits/Implementation
• Internal Audit Outsourcing/Co-Sourcing
• SOX Documentation & Testing
• IA Quality Assurance Reviews
• Control Self-Assessment Facilitation & Implementation
• GRC - Archer (SAAS and In-house)
• Archer Implementation
• Archer Optimization
• Project Management
• Performance Improvement
• Pre/Post Implementation Review
• PCI DSS
• Privacy & Regulatory Compliance
• Bliley Act, FFIEC, BSA, AML, OFAC, Regulation P, Red Flags, Safe Harbor, HIPPA, NERC, GxP,21 CFR Part 11, NIST
• ISO 27001 Assistance
• General IT Controls
• IT Governance
• Performance Monitoring
• IT & Operational
• Service Level Agreements
• Process ImprovementBusiness Process Reviews
• Policies/Procedures Documentation
• Project Management Office (PMO)
• PMO Audits PMO Extension
• System & Process Implementation
• IT Strategy, Governance & Processes
• Business Process Improvement
• Value Stream Mapping/Lean Principles/ITIL
• IT strategy and business alignment
• IT Cost Management
• IT Asset Management
• Regulatory Compliance
• Business Continuity & Disaster Recovery Planning
• Cloud Provider Vendor Selection
• Cloud Security
• Security Strategy
• Decision Analytics
• Business Intelligence

PROFESSIONAL EXPERIENCE

Regulatory Compliance / Archer GRC / ERM / Security Architect / IT Audit

Confidential

Responsibilities:

• Effective at enabling business successes through vision and leadership in introducing significant process, people and technology changes. Have spent last decade in business as a leader, innovator, strategist, and architect, with both experience and proficiency across various disciplines. Highly skilled in business process re - engineering & improvement, project management, lean management, internal audit, technology audit, controls analysis, policy development, risk assessment/management, regulatory compliance and software selection with a proven track record of improving efficiency, maximizing service potential and people management. Versatile experience in business and technology as well as integrating various technologies with business to improve overall efficiency.
• Over 10+ years of national and international experience encompassing business development, audit, personnel development and project oversight. CPA and CA offering an extensive understanding of ERP and GRC tools selection/implementation, accounting functions, treasury, business processes, internal audit, financial analysis, COSO framework, GRC, A133, Yellow Book, and corporate governance. ICWA offering practical knowledge of value stream mapping/lean tools, cost reduction and management techniques. CISA, CISM, CISSP, QSA, MCSE offering in-depth knowledge of (COBIT, ISO, ITIL, NIST) frameworks, technology audit, ERP (SAP, PeopleSoft and Oracle), GRC (Archer, SARBOX, PAISLEY, and ServiceNow), security, and governance.
• Ability to recognize enterprise impact and make strategic decisions to add value to evolving business and technology. Embed long-term strategic thinking into on-going business processes. Strategic review of IT including establishment of objective, vision, mission, business process review, application mapping, programs, projects, budgets, cost analysis and develop long term strategic plan. Embed long-term strategic thinking into on-going business processes.
• Experience spans from fast growing, early stage start-ups to global Confidential 500 corporations, with deep industry knowledge in finance & insurance, energy, utilities, semiconductor, technology, pharmaceuticals, oil & gas, manufacturing, logistics and distribution.