SUMMARY

• Diverse experience in various domains of Information Security including Security Operations, Identity and Access Management, Security/System Administration & Security Incident Management
• Specialized in Information Security (SIEM) tools
• Sound exposure to Information Security Audits (SOX & PCI)
• Expert in User Access Certification & validation process and Thorough knowledge of Identity and Access Management (RBAC) reports
• Sound knowledge of Risk Management & Control Gap Assessment for Information Security
• Evaluates compliance with the System’s information security frameworks such as NIST and ISO 27001. Monitors and verifies IT compliance with applicable new and existing policies, procedures and standards.
• Expert in collaborating with the business area customers in the design process to translate security and business requirements into technical designs, and configure and validate the security of information systems. Develops and provides recommendations for information security solutions

PROFESSIONAL EXPERIENCE

Confidential

Senior Security Engineer

Responsibilities:

• Implementing industry proven and accepted security best practices framework (NIST Cyber security Framework) for application infrastructure logging and monitoring
• Review application architecture and logging with application ownership team to identify & external threats
• Ensure required regulatory controls are in place to mitigate appropriate threats related End point security, Vulnerability Management, Authentication mechanisms and access reviews
• Lead server remediation activities that are identified during application on - boarding & application architecture review process
• Responsible for overall KPI reporting/dashboard for Management team to view the performance of the security tools deployed and maintained by ISO
• Identify business requirements and create alerts & dashboards on splunk

Confidential

Senior Analyst Audit & Reporting

Responsibilities:

• Review and understand all Information Security (IS) policies, standards and job aids
• Be abreast with knowledge on Industry Standards (IS027001, NIST, PCI DSS, SOX etc.)
• Identify risks related to process by converting Job aides into VISIO diagrams and coordinate with BU owners to implement appropriate controls
• Evaluate policies, standards and procedures against regulatory requirements/industry best practices to identify control gaps
• Maintain & publish Control Gap Assessment document to Senior Management on a periodic basis
• Ensure user access certification process complies with the SYF standards by performing periodic checks
• Work with the user access certification teams & the application IT/ Business Owners to ensure that deviations are remediated in a timely manner
• Document evidences of access deviations & remediation status using appropriate media
• Interact with Identity & Access Management team on various projects & initiatives
• Publish periodic user access certification governance dashboard to senior management
• Participate in IS related internal/external audits & respond to audit requests with accurate documentation in a timely manner
• Interact with various IS team leads to identify documentation to respond to internal audits
• Review existing IS processes to identify potential risks & evaluate existing controls
• Create Process Maps for IS Domains which include Security Operations, IS Programs and Services, Controls & counter Measures, Threat & Vulnerability Management
• Update the Risk Assessment and Control Evaluation template for IS sub processes
• Perform other duties and/or special projects as assigned

Confidential

Security Analyst

Responsibilities:

• Implemented Secure Password Distribution (SPD) tool across all business units to ensure policy compliance
• Assisted Security Administrator’s with creation & maintenance of security policies and procedures in compliance with federal requirements
• Provided system access validation, user provisioning & deprovisioning based on appropriate approval(s)
• Performed periodic and random quality checks on tickets worked by the team to ensure no misses
• Trained new hires on various Security programs
• Was responsible for driving SLA’s for the team and allocation of tickets daily
• Actively participated in Account Infrastructure Projects

Confidential

IT Security Analyst

Responsibilities:

• Responsible for monitoring & reporting, security incidents via Symantec Security Information Manager (SSIM) & ForeScout tool
• Performed detailed Root Cause Analysis (RCA) for all identified incidents
• Worked with various stakeholder for appropriate remediation & closure of the incidents
• Prepared and published knowledge base of all incidents for future reference
• Responsible for publishing weekly and monthly dashboards to appropriate parties giving a snapshot of security incidents

Confidential

Senior Engineer

Responsibilities:

• Responsible for monitoring & reporting for spy ware, virus outbreaks, malicious sources, invalid logons and firewall policy violators using SSIM, ForeScout tool & Symantec Antivirus Console
• Ensured OS patches are updated on a daily and weekly basis to ensure policy compliance
• Worked on Network Access Control tool (SOPHOS) to ensure organization assets comply with the Information Security policy
• Performed Security Administration on mainframes (CICS, TSO-ACF, IDMS) based on Role Based Access Control
• Performed complete administration on SSO, Exchange, Active directory and VPN.
• Handled Level 2 escalations for the team
• Handled project transition by training co-workers at Dalian (China)
• Worked as single point of contact for client and team communications.
• Designing SOPs as per required change in the process
• Audited internal work flow as per SOX IT 404 compliance targeted on provisioning and de-provisioning, job change, job transfer for all SOX L1 application
• Maintained all required documentation in a central repository.
• BCP/DRP point of contact for quarterly routine checks.