EMPLOYMENT HISTORY:

Confidential

Sr.Security Consultant/VP

Responsibilities:

• Worked alongside the Solutions Architect, the Cybersecurity architect to lead the design and development of the security controls necessary to protect sensitive client data deployed into different types of cloud and cloud/hybrid systems.
• This directly contributed to the overall enterprise digital architecture and support the security vision and strategy around cloud - based applications, across Platform, and Software as a Service (PaaS/SaaS)
• Developed strategic roadmaps for Security Capabilities such as Authentication, Encryption, Detection and Prevention on security offerings within Amazon Web Services (AWS), VMware, and Microsoft Azure platforms.
• Engaged with engineering and project teams through agile processes including user story definition, frequent project sprint reviews, and daily feedback loops to adjust priorities and clarify features.
• Document residual risks by conducting a thorough review of all the vulnerabilities, architecture and defense in depth and provide the IA risk analysis and mitigation determination results for the Test Report
• Evaluated and approved the development efforts using Security Assessment reviews, in conjunction with the Technical Security Assessment team, to ensure that baseline security safeguards are appropriately implemented.
• Cloud CRM implementation working with Microsoft Azure teams, Amazon Web Services identifying PII data elements. Determining risk remediation strategies for cloud environments.
• Collaborating with development team to remediate the vulnerabilities identified in web based applications.
• Reviewed and approved all firewall rules, data flows, and PII data security for product certification.
• Participated in updating policies for operating systems, data classification and secure data transfer.
• Defining and reporting security vendor scores, data loss, and asset loss and incident management metrics monthly.
• Documented all risk analyses, exceptions and reviews in Archer and SharePoint.

Confidential

IT Security Engagement Manager

Responsibilities:

• Manage security and compliance audits, application security assessments, fraud analysis, enterprise security, IT infrastructure, and projects for Confidential 500 and mid-size companies individually and in the team environment for technology platforms, applications, and controls.
• Delivered internal control assessments on a variety of IT and business processes including IT secure infrastructure, VMware, Citrix servers, firewall, IDS/IPS(Intrusion detection systems), HR/Payroll, Hyperion, QAD, HR/payroll, data analysis for fraud detection, Windows, Unix, Linux and VoIP infrastructure, datacenters, reporting, and consolidations.
• Implemented complex Sarbanes-Oxley (“SOX”) internal control programs and advising on program sustainability.
• Implement technical security architecture from authorization, authentication, network and application perspectives
• Prepared budgets (scope, engagement hours, timelines, resources), and daily, provided updates on engagement issues that have an impact on deliverable timelines
• Developed strong working relationships with many internal and external clients. Consistently rated high on client surveys, including areas of technical competence, professionalism, efficiency and communication, both oral and written.
• Delivered technical Windows assessments as a subject matter expert focusing on security and controls, segregation of duties, business process reviews, and Governance Risk and Compliance (“GRC”).
• Performed IT governance and advisory control assessments utilizing industry governance standards (e.g., COBIT®).

Confidential

Information Security and IT Systems Engineer

Responsibilities:

• Prepared enterprise Sarbanes-Oxley review matrix, segregation of duties program for security for internal customers, developed and implemented security baseline program that defines and assesses effectiveness of information security standards.
• Architects, implements and maintains security systems and technologies for Detroit Water and Sewerage Department; reviews IT General controls and periodic assessments; response to external audit remediation and mitigation strategies.
• Assisting in review of solution architectures from security point of view which helps in avoiding security related issues/threats at the early stage of project
• Created Security Awareness training documentation; deployed security monitoring tools to provide event correlation and alerting; exporting and testing for rule sets for new Juniper firewalls from Check Point firewalls and VPN deployment as detailed in the project plan of action and milestones.

Confidential, Detroit, MI

Senior Associate, Risk Advisory Services

Responsibilities:

• Worked with Internal Audit team of Ally and the implementation team (Accenture) from IT and Business prospective in designing, defining and testing of various controls and processes in the areas of SAP EC-CS, BI, Security and GRC.
• Developed and reviewed the RAMs (Risk Assessment Matrix) Policy & Procedures, Change Management processes, and Workflows.
• Analyzed and reviewed the Go-Live, Cutover, and Legacy system phase out strategy prepared by Accenture, Bearing Point, and GMAC ITG / Business teams.
• Carried out several applications, general controls ( Confidential ), Change Management, Data Mining, Inventory/Operations audit, RDBMS, Data Mining, Data Center (Including Environmental and Physical Security), 3PA engagements, and SSAE16 reviews.
• Reviewed and approved the SAP EC-CS, BI and Security Business Process Design (BPD) documents for various business processes and functions.

Confidential, Southfield, MI

Security Professional, Technology Risk Management

Responsibilities:

• Consulted with Confidential 500 companies in the areas of Network and Operating system security, Identity management, Business Continuity/Disaster Recovery for SOX, Confidential and regulatory compliance.
• Performed Security Assessments and Penetration Testing for a Financial Services Provider, including review of the firewall rules sets, developing comprehensive recommendations to mitigate vulnerabilities including foot print analysis, Windows, NT, UNIX, Active Directory, TCP/IP Networking and Telecommunication technologies, policies and procedures.
• Performed evaluation and guidance on security control implementation on multiple environments include Windows, LINUX, Solaris, and web applications.
• Conducted SOX IT Audits for a leading Automotive supplier, tested for general controls for LAN/WAN services, Novell eDirectory, LDAP, segregation of duties, change management, access controls and Teammate suites for documenting Audit work papers and reports .

Confidential, Dearborn, MI

Systems Engineer

Responsibilities:

• Developed and implemented documentation for all system improvements and changes, performing capacity planning and periodic reviews on Operating Systems and databases.
• Defined and maintained configuration standards and scripts for fail-over procedures for highly available 24x7 production environment.

Confidential, Dearborn, MI

UNIX Administrator

Responsibilities:

• Managed optimum performance of multiple UNIX platforms (HPUX, SunOS, Linux, AIX and SOLARIS) and application issues through a variety of tasks including designing and upgrading systems, troubleshooting, and providing diagnostic support. ITIL service provisioning.
• Participated with corporate policy in managing patch levels, including security patches, and OS upgrades on SUN and HP server hosting proxies and IDS to reduce security vulnerability.

Confidential

Systems Administrator

Responsibilities:

• Oversaw UNIX and VMS systems ensuring high availability, capacity planning, and disaster recovery including management of disk space/usage, I/O efficiency, OS installation/upgrades, and backups. Network and System Administration Operations using Cisco Routers, Switches and Firewalls.