SUMMARY

• Experienced Operations Information Security Administrator with extensive experience in security monitoring and risk tracking of security and relevant events.
• Experience in oversees tests internally and with vendors to evaluate the adequacy of network and system controls and identify vulnerabilities at both the infrastructure and application levels.
• Enforces security policies and procedures by administering and monitoring security profiles, reviews security violation reports and investigates possible security exceptions, updates and maintains security controls.
• Experience in monitoring and reported to management physical security of Trading Rooms and Data Centers.
• Experience in generating and manipulating ad - hoc SQL, Sybase, DB2 and Oracle queries and reports from Remedy to be forwarded to Database Engineering group for assessment.
• Experience in overseeing and/or perform penetration testing of all systems to identify system vulnerabilities to ensure compliance with regulatory requirements, such as Sarbanes Oxley (SOX).
• Supporting and enforce Data Security standards and guidelines, processes, and procedures.
• Experience in creating spreadsheets (trending, charts, graphs, formulas, queries etc.), word documents, forms as required to meet Bank needs and government regulations.
• Experience in gathering, analyzing, and responding to security log and report data, trending analysis.

PROFESSIONAL EXPERIENCE

Confidential - New York, NY

Senior IAM Security Analyst

Responsibilities:

• Managing the centralization of one hundred and fifteen applications and systems to be administered by the ITG IAM Team and uploaded with appropriate roles, groups, and permissions in Hitachi ID system.
• Meet with Business Application Owners, Subject Matter Experts, and third-party vendors to analyze and create centralization plan and path to ensure compliance with existing procedures.
• Certify all IAM functions including but not limited to user entitlement reviews and toxic combinations.
• Monitor user activity to various endpoint devices using LogRhythm and Symantec and run reports to carryout investigations on possible breaches to ensure users are compliant.
• Responsible for writing operational and procedural polices and procedures for over a hundred applications.
• Train and assist IAM team performing administrative functions, user entitlement reviews and certifications.
• Assist Business Owners with toxic combinations to ensure segregation of duties in enforced.
• Represent the IAM Team at weekly and monthly managers and CUSO meetings on centralization project.
• Ensure that all systems password requirements, runbooks, local administrators, and generic accounts entered Hitachi ID Privileged Access Manager are compliant with company policy.
• Issued security administration by securely provisioning user accounts and permissions for access into systems, servers, and shared folders for proper user access.
• Assist to govern all system and user ID management processes along with monitoring the activity and requests where users require access in a timely manner.
• Assist analyze potential security tools and applications to enhance and improve the processes, procedures and functions of security and identity management team.
• Work with team members and manager to design better systems and processes to improve efficiencies and automation.

Confidential - New York, NY

Senior Security IAM Risk Analyst

Responsibilities:

• Ensured that proposed IT Security solutions are aligned with approved IT Security Strategy.
• Provided RCSA security guidance to management to comply with security policies and reduce risk.
• Utilized CyberArk to vault passwords and manage checking out passwords to be utilized.
• Responsible for access management and authentication of users using SailPoint tool to ensure appropriate access is granted.
• Worked with SMEs to prevent malicious use of privileged user passwords and SSH keys, and brings order and protection to vulnerable accounts.
• Granted the Single Sign-On Entitlement to the applications and Active Directory groups.
• Ensured projects are compliant with the enterprise security architecture framework and secure development standards while doing penetrating testing.
• Understand, assessed, and documented business priorities that will impact the target Cyber Security deliverables.
• Documented and maintained network and system security policies as well as write and enforce new polices.
• Assessed, evaluated, approve, or denied Cyber Security communication request to the network using various applications and tools.
• Performed gap analysis based on understanding of current-state and target-state IT security architectures.
• Reviewed the security requirements and analysis, including application architecture for business application development and/or sourcing.
• Gathered, analyzed and executed monthly and quarterly KPI metrices reports.

Confidential

Lead RSA Security Administrator

Responsibilities:

• Responsible for the development and IT security area across the enterprise.
• Supported access administration and provisioning RSA two-factor authentication for VPN and all endpoints to ensure proper IAM with policies and procedures.
• Prepared tokens for shipping and tracking receivables.
• Configuration and implementation of RSA devices and tools related to RSA systems access.
• Assisted in the troubleshooting and resolution of RSA security and user access issues.
• User support and documentation as required.
• Resolved user access issues through RSA password reset and unlocking or enabling accounts.
• Provided both online and offline RSA emergency access help.
• Imported and manage RSA tokens and to assign tokens to users.
• Managed users assign tokens to users, and grant access to selected authentication agents.

Confidential - New York, NY

Information Security IAM Business Analyst

Responsibilities:

• Responsible for the development and IT security area across the enterprise.
• Assisted in the development and implementation of security procedures.
• Responsible for the monitoring and tracking of security and relevant events.
• Enforced security policies and procedures by administering and monitoring security profiles, reviewing security violation reports and investigating possible security exceptions, and updating and maintaining the documented security controls on applications such as Swift, PeopleSoft and Intellimatch.
• Responded to ad hoc questions and support clarification and direction to assist teams with user stories and functions with SailPoint.
• Overseed tests internally and with vendors to evaluate the adequacy of network and system controls and identifying vulnerabilities at both the infrastructure and application levels.
• Responsible for vulnerability management using SailPoint IAM tool.
• Prioritized the identified application and infrastructure vulnerabilities and oversee timely remediation and threat monitoring.
• Performed advanced data manipulation tasks including pulling/aggregating data from multiple sources and performing analysis and trending.
• Development and some day-to-day operations of the IAM processes supported by the SailPoint products.

Confidential

Information Security Recertification Analyst

Responsibilities:

• Processed initial, annual, and interim recertification generated from Workday using IAM tool Aveksa - a legacy web-based application on systems and applications.
• Configured access control for RSA Identity Governance and Lifecycle Objects.
• Configured SSO - single sign-on plug-ins and set up applications for SSO.
• Responsible for setting up applications for Active Directory single sign on.
• Worked with Management on the development and implementation of new processes and procedures to improve operating efficiency and to ensure timely and accurate workflow.
• Support and enforce Data Security standards, guidelines, processes, and procedures to ensure DLP.
• Created spreadsheets (trending, charts, graphs, formulas, queries etc.), word documents, and other forms as required for Bank needs and government regulations to meet auditor’s requirements.
• Gathered, analyzed, and responded to security log and report data and trending analysis.
• Worked effectively as part of the Information Security team to address team objectives and priorities.
• Performed random unit quality control reviews of all functions to ensure data integrity.
• Immediately reports discrepancies to Supervisor or Manager and makes recommendations for remediation.
• Monitored and documented security incidents by running ad hoc queries using Toad for Oracle.
• Assisted for maintaining and managing SAP recertification process.
• Aided Business owner to achieve completion of SAP - Security Access Profile recertification for user entitlements.
• Maintained SAP - Security Access Profile updates and golden copy.
• Responsible for Security Provisioning of different applications.
• Worked with system owner to create System account inventory for system account recertification.

Confidential

Operations Support Analyst

Responsibilities:

• Run SQL reports for Maritime and Navigational aids payments generated from DIABOS System.
• Prepared contents forms to ensure that all shipping bills are attached.
• Maintained and updated Operations reports of the company’s vessel log from DIABOS.
• Ensured the system is up and running in real time with minimal downtime.
• Worked with Software Engineers in further development of the application by providing penetration and vulnerability testing and implementing upgrades.
• Prepared the Direct Reduced Iron and the Iron Ore Pellets report at the end of each vessel’s voyage.
• Prepared shipping documents based on information received from shippers to submit to different departments.
• Ensured that ship levies are up to date and submit payments quarterly to shipping association.
• Ensured that all incoming and outgoing spares and packages are recorded.
• Responsible for Recertification and the maintenance of user access and access privileges to the application.
• Granted users entitlement access to applications through users, groups, roles and accounts based on job functions and business owners’ approvals.
• Assisted with preparation of all tender bids and pre-qualification documents; ensure all related documents are provided and deadlines met.

Confidential - Lake Success, NY

Information Security Compliance Analyst

Responsibilities:

• Analyzed and managed daily security reports- responsible for maintaining and reviewing various security reports and managing responses to anomalies in the reports.
• Managed the customer-facing Information Security role- responded to security queries, concerns, and requests for data from customers (internal and external) and partners.
• Supported DealerTrack operations by assisted in access management, both physical and logical.
• Assisted to ensure that the DealerTrack physical locations and that all intellectual property and information assets are protected against accidental and unauthorized modification.
• Examined and designed policies, procedures, and practices to ensure compliance with industry standards, laws and regulations.
• Analyzed dated, created reports and logs for both internal and external auditors.
• Documented and reviewed of existing processes within the enterprise’s different departments in the organization.
• Managed and coordinated employee separation procedures, access reviews, and manage employee access and asset databases.