SUMMARY

• An experienced information security specialist, manager and architect with 12+ years of experience in information security governance, regulatory compliance, managed security services.
• Adept at communicating requirements and metrics to senior executives, security professionals, and end user communities.
• Fervent advocate of aligning security governance, risk and compliance principles with business objectives and strategy execution.

AREAS OF EXPERTISE

• IT Security Strategy
• Security Management
• IT Security Consulting
• Information Security Policy Management
• Regulatory Compliance - Primarily PCI-DSS and SoX
• Identity and Access Governance
• Security Architecture
• IT Risk Management
• Security Information and Event Management
• Application Security
• Internal Audits
• Project Management

TECHNICAL SKILLS

Security Products, Applications and Technologies: QRadar SIEM, TripWire Enterprise, CA Identity Minder, Sailpoint IIQ, RSA Aveksa/VIA, Sun Directory Server, RSA Archer - eGRC Program, SAML 2.0 Federation, CA SiteMinder, Active directory/LDAP/RADIUS/two-factor authentication products - Entrust IDG, SecureAuth, RSA Authentication Manager.

Regulations, Compliance, Standards, Frameworks: SoX, PCI-DSS, PII, NERC, SAS70, ISO2700x, HIPAA, NIST SP 800-30,39,53 ISO 27001/02/05, Enterprise Architectural Frameworks (SABSA)

Operating Systems: Linux, Solaris, AIX and Windows 2K/XP/Vista/7

PROFESSIONAL EXPERIENCE

Confidential, Dallas, TX

Information Security Architect/Manager

Responsibilities:

• Supervising, Architecting, implementing, migrating and upgrading IAM solutions (primarily Sailpoint, CA IDM and RSA Aveksa) for clients which include - Enterprise SSO, Federation, two factor authentication, Identity governance, Adaptive authentication.
• Responsible for planning and verifying compliance; establishing and documenting information security policies and processes; manage the organization's and customer IT and security risks; and developing and IT and security governance framework
• Developed business cases for investing in new security products that cater to corporate objectives
• Guide the security operations team to improve the synergy between operations, security and development to reduce risk and improve the incident response program
• Guide customers to implement and manage multi-factor authentication products - Entrust IdentityGuard, SecureAuth RSA for customers.
• Implement and architect SIEM solutions for customers - log collection, correlation and analysis
• Devise strategy to implement secure cloud deployments, security as a service.
• Governance, Risk and Compliance (GRC) platform architecture, implementation and administration
• Build road-map and strategy with other products that work in synergy with next gen IDM, SIEM and GRC.
• Coordinate, initiate, implement and supervise any information security related projects.

Confidential

Information Security Architect

Responsibilities:

• Oversee and provide direction for major security related projects specifically focused on risk
• Managerial responsibility of working with assigned internal business units to guide and manage their IT risk
• Devise roadmaps for security specifically IAM and SIEM - strategic, tactical and operational planning
• Work on the security related section in SOW and master service agreements with the AA IT vendor management
• Architected solution to re-platform the IdM system (Sun to Oracle) - performing RFI/RFP
• Led the initiative to adopt the secure application development service to all business units that are involved in substantial application development specifically adopting the agile methodology to support of PCI-DSS Req 6.
• Participate in the SDLC as a security liaison, recommending secure software, host and network designs that protect corporate information confidentiality, integrity and availability
• Leverage RSA Archer to facilitate governance framework specifically for security risk assessments
• Perform internal architecture reviews & consulting specifically mandating PCI, HIPAA and PII compliance
• Assist IT security to leverage security best practices across internal business units in the role of PCI SME
• Devising and recommending new IS policies and standard in line with PCI-DSS requirement 12 and HIPAA.
• Devise security patterns to be utilized by business units for their specific application architectures
• Assisting internal audit and fix or mitigate findings related to PCI-DSS, SoX and HIPAA.
• Provide security consultation and architecture review on projects to business and IT groups.
• Assist in performing RFP and RFI for new products related to IT security specifically application development security and identity management in cloud as well as on premise

Confidential

Senior Information Security Lead

Responsibilities:

• Led the IAM team - Manage existing infrastructure, assign new initiative and integrations, mentor IAM engineers
• Participated in performance improvement and tuning of identity management systems by implementing a new automated ETL integration suite (Talend)
• Assist internal audit in closing gaps in the identity management systems
• Mentored interns in attaining an understanding of the processes involved in IT security at AMR as well as general overview of information security awareness
• Design and implement web interfaces using XPRESS and Java for identity management
• Optimize existing code and implementations according to the client SDLC guidelines
• Successfully upgraded the IdM application from the version 7.0 to 8.1
• Integrated applications such as Hyperion, Active Directory into IdM
• Developed a single interface for managers, application owners, administrators and help desk personnel to manage application access and delegate administrative privileges to eligible users
• Implemented functionality to automatically generate daily custom reports in IdM
• Implemented AD user provisioning using IdM
• Implemented functionality in IdM to facilitate engineers to bulk create, maintain device accounts

Confidential

Senior Consultant

Responsibilities:

• Customized the default IdM interface as per ERCOT requirements
• Created utilities in Java and XPRESS to automate role creation in IdM
• Developing various custom workflows and forms in XPRESS to facilitate various ERCOT proprietary functionalities.
• Developed interface for ERCOT managers to grant, request and revoke access to users
• Provide custom IdM interface for Security Trainers for recording compliance
• Implemented functionality to send nag emails to managers/EACs on terminations