PROFESSIONAL SUMMARY:

• Accomplished, resourceful and Innovative IT leader with over 25+ years of leadership in successful orchestration of strategy, delivery and adoption of critical Enterprise Infrastructure to support GRC and Risk management in global organizations.
• Consistent record of achievement in cultivating motivated teams in all phases of Strategy, Solution Architecture and implementation engagements.
• Demonstrated ability in developing strategy, implementing security solutions/architecture, establishing policies and procedures, client engagement and training to transform Security Solutions into business differentiators by balancing Security, Strategic Goals, Business Needs and Bottom - Line.
• Extensive architecture experience in IAM, PAM, Cloud security, SAAS, Security Policy, GRC.

KEY COMPETENCIES:

• Information Security
• Technology Strategy/evaluation
• Business requirements Discovery
• Business Process Engineering
• Enterprise Architecture
• Technology Implementation/adaption
• IAM
• PAM
• Project Delivery
• Cloud security

TECHNOLOGIES:

IAM - PAM: Discovery, Session mgmt., Password Mgmt., RBAC, ArchitectureService account mgmt., PAM Access BPE, User Training

IAM Integrations: RESTful, SOAP-WS, ERP, HRMS, LDAP, RACF, AD, DB, Flat-file, Disconnected applications.

IAM - AM: SSO, Federation, SAML, OAUTH 2.0, OpenID

IAM GRC: RBAC (mining and engineering), internal external access LCM, BPE, Access Certification, Rogue Access Management.

Cyber Security: Strategy, Policy

Infrastructure: OS (Linux, Windows, Solaris), Application Servers (Weblogic, Glassfish, Tomcat), Databases(Oracle, MySql, SQL Server,DB2), Network (Load Balancers, Firewalls, Routers, Proxies)

Languages: Java, C, C++, Python, Beanshell, SQL, Bash, PowerShell.

Products: Id Repos (ODSEE, OUD, AD, Azure), IdM (Sailpoint IIQ 7.x, Ora OIM 11GR2, Ora Waveset/Sun 8.x), AM (Oracle 11GR2), PAM(CyberArk9.x-11.x, Oracle 11GR2)

Compliance: HIPAA, PCI, SOX, SAS70/SSAE16, Frameworks (NIST CSF, CIS CSC, OWASP)

PROFESSIONAL EXPERIENCE:

Confidential, San Ramon, California

IAM Strategy and Solutions Practice Lead

Responsibilities:

• Lead the architecture and implementation team on PAM expansion effort, to integrate the LCM of Privileged Access for 500+ administrators with access to 1500+ Systems (Win/NIX servers and MSSQL/ORA databases) across 28 portfolios, with the existing IdM System.
• This turn key solution allows the Ross PAM to be tightly integrated with the HRMS, Ticketing System and IdM, leading to automation of 80% PAM operational activity, and yet decoupling the LCM of PAM accounts with those of the User accounts leading to reduction of the Onboarding and Off-boarding misses and also the rogue and reminiscent access. Spearheaded the Client engagement and the education effort to bring about a paradigm shift to view PAM as a business enabler and differentiator.
• Lead the product upgrade effort of PAM platform
• Lead the Architecture and implementation automation of LCM of user accounts in several critical enterprise applications with the existing IdM capability (GTM, FMS, Store Reports, MDM, CMS.
• Lead the Discovery, analysis and Design of the PAM access. ( 30,000+ Privileged Access across the enterprise were in scope of the effort)
• Lead the Pilot, Go-live implementation phases including User Training, and Ops Transition.

IAM Strategy Consultant

Confidential, Los Angeles

Responsibilities:

• Lead the vendor evaluation and POC demonstration for IAM Technologies. Created a Pilot Bed for evaluation of IdM integration and business adaption capabilities for Sailpoint (7.x) and Oracle(11Gr2PS3).
• Lead the effort at Confidential Information Security Office to develop the roadmap for introducing and establishing the IAM capability foundation resulting in streamlining processes around user access assurance around 130+ applications
• Designed and implemented the Corrective Action Plan (CAP) against the 2014 Security Audit Findings at Confidential
• Lead the Discovery of user access security practices around 130 application and in-depth discovery of current business processes around the User access management and User Accounts and Access Level Assurance within 23 applications that require HIPAA (PHI) compliance.
• Engineered standardized Business processes to streamline User access management and assurance processes for all (HIPAA) critical applications at the Department level.
• Architected Infrastructure for IDM capability to support HA, DR and Business Continuity.
• Assisted in RFP process and IAM Stack Selection and implementation.
• Design Access Management architecture for the SAGE (Substance Abuse Community Information System) and IRIS (Acute Communicable Disease Control) SAAS applications to use Azure AD and MFA.
• Designed the Policies, Procedures and Forms to increase awareness and ownership of User Access at the Bureau level.
• Engaged with 4 Bureaus and 30+ Confidential Programs to increase awareness on the need for Periodic User Access Certification and ownership of the process.
• Lead the roll-off of the first User Access Certification process for 45 applications to support HIPAA compliance
• Developed and managed the project plan and deliverables for three projects

IAM Solution Architect

Confidential, San Antonio

Responsibilities:

• Review the usage of BillingCare solution and proposed Integration with the existing Enterprise IAM capability.
• Architect a Solution for federation between existing NetIQ Access Manager and Oracle Access Manager
• Design the LDAP DIT and Schema for adapting OUD at Confidential
• Architect and Document the Physical and Logical Landscape.
• The assistance provided in developing the Business Process Review sessions not only educated the sponsor’s team on the IAM Strategy but also assisted in socializing the IAM Strategy and the Utility to the various application teams.
• Lead the Discovery Process and assisted the HHS BAs that lead to documentation of the current distributed application account management process and the gaps and subsequently lead to determine future requirements around the critical business and Medical apps (EPIC, PACS, BI, AD, Visual Cactus and PeopleSoft)
• IAM Solution and the infrastructure designed ensured Scalability, Availability and DR readiness of the solution.
• The IAM solution automated the management of entire Person Account population and privileges within critical Medical and Business applications such as EPIC, PACS, HRMS, Financials, Timekeeper.
• Privilege management was automated by introduction of Policy based privileges (RBAC) to all the apps and by automating the request, approval and provision management. .
• The solution designed:
• Replaced the existing AAC scripts which managed EPIC EMP and SER records based on PS-HRMS and Active Directory updates
• Supported RBAC, Request management and Certification
• Supported Privileged Access Management
• Supported centralized management of lifecycle of non-Person accounts, delegated management, Self Service around password management and ease of Use

Platform/Technologies: OIM11GR2sp3, OAM11GR2, OPAM 11GR2, PeopleSoft 9.2, EPIC 2012/14, Synapse, SAP Business Objects, AD 2012

GRC Compliance Architect

Confidential, Jacksonville, Florida

Responsibilities:

• Lead the discovery sessions with the EB SMEs that lead raised awareness on the options and advantages on automation of Privilege access certification process, the infrastructure to support such automation and the business and technical process changes needed for support the automation.
• The solution designed managed the periodic collection and processing of user privileges and entitlements from 100+ applications.
• Allowed for dynamic identification of reviewer for each certification based on the defined conditions
• Automated kickoff and management of periodic certification process including notification, escalation and logging leading to reduction of OpEx in terms of several FTEs and reduced several weeks of lead time that was needed earlier for manual collection and processing the user entitlement information.

Platform/Technologies: OIM11GR2sp2, OIA 11Gr2, AD 2012

IAM Architect and Delivery Manager

Confidential, Deerfield Beach, Florida

Responsibilities:

• Automation of the monthly certification to support SSAE16 compliance over 5 critical financial applications.
• Reduced Certification lead period from 1 week to 1 day by integrating Apps directly to OIM and OIA and automating the privilege lifecycle management and reconciliation.
• Integration of user accounts and entitlements lifecycle in SalesForce (SAAS) application with the enterprise IAEM.
• The solution replaced the decentralized and manual management of account and entitlements with in SalesForce using WebService integration between existing IdM capability and SalesForce.
• The solution not only FTEs required to manage user lifecycle operations, it also increased the compliance by auto aligning the user account lifecycle directly with HRIS events and logging the requests, approvals and provision of SalesForce Roles, Profiles and Privilege Sets.
• Integration of Associate and Non Associate account and entitlements lifecycle in Associate Hub (Jive based Employee Portal. The solution uses REST service integration between IdM capability and JIVE to automate the management of the lifecycle of user accounts and entitlements in Associate Hub. The solution aligns the lifecycle of accounts and privileges in the Hub.
• Realignment of the non-Associate Account SunRise and SunSet process. The solution replaces the distributed, email based business processing of the non-Associate lifecycle events with a centralized approach. The requests for accounts creation, resource assignments, expiration management, Termination and related notifications are all managed from within the IdM capability. The solution places the control of non-Associate account management in the hands of direct Managers and relieves the HR of these processes.
• IDM Capability upgrade from OIM 10G to 11G. This effort provided all the tasks leading to and support of a cutover migration process to the new version of OIM product. The migration encompassed lifecycle management of Associates and Non-Associates accounts, access management to 150+ applications, 3 BPM composites, 18 event handlers, 19 approval policies, 120+ groups, 500+ access policies, 600+ Job matrix based assignment Rules, several Custom UIs and integration to 20+ connected resources including AD, RACF, Web-Services, REST, Mainframe transaction Gateways, Ticketing system, Facility management system and SAAS integrations.

Platform/Technologies: OIM11GR2sp2, OIA 11Gr2, AD 2012, ADFS, RACF, FileServ,LeMans, SalesForce, Jive, Sharepoint, ServiceNow, CACS, AMAG, UlitPro AIM, REST, WebServices, ADSSO

IAM Solution Architect and Delivery Manager

Confidential, Bohemia, New York

Responsibilities:

• Implementation of an enterprise IAM capability and Integration of the Retail POS systems
• The solution established the necessary infrastructure, product bases, and configuration to support the Identity Access Management services Enterprise wide.
• The established system was integrated with the UK (Holland and Barret) POS systems and overnight managed the accounts and privilege lifecycle of users in 700+ Holland and Barret stores in UK. As a result of this integration, lifecycle and management of entitlements to the retail, BI, CO, SIM, BO systems has been automated and aligned directly with the HRIS (HRPro)events.
• Subsequently the established IAM capability was extended to manage the user accounts and privilege lifecycles in the following enterprise applications.

Platform/Technologies: OIM11GR2sp2, OPAM 11GR2SP2, OAM/OAAM 11Gr2, OID 11GR2, OVD 11GR2, LAWSON, HRPRO, OBI, OCO,OCM, OBO, AD 2012

Solution Architect

Confidential, New Jersey

Responsibilities:

• Deployment of centralized IdM capability.
• The established capability integrated with the existing SMDB system and managed provisioning of Employee and Vendor accounts to AD, EBS, and Enterprise LDAP. The existing business policy in the SMDB system was migrated to OIM configuration to automate the account lifecycle management directly based on the HRIS updates.
• The solution not only deployed streamlined the management of user accounts within applications based on HR events, but also automated the user lifecycle management at the UNIX platform using a custom solution based on SUDO(LDAP) and PAM-LDAP.
• The project improved GRC compliance, reduced the complexity of identity Governance, automated the User and password management in Unix landscape and reduced the load on the account operations team by several FTEs.

Platform/Technologies: OIM11GR2sp2, OUD 11G, UNIX, SDB, AD 2012.

Confidential, Pleasanton, California

Design Lead - GRC

Responsibilities:

• Lead a team of Engineers on design of GR compliant infrastructure platforms and integration solutions to service Business requirements.
• Architect taxonomy of accounts, object schema, account administration tools, account lifecycle, Id- repositories, entitlements management, SSO capabilities and defined the security standards around the IAM capability.
• Manage the lifecycle and SLA of the IDM/SRM/DS capability servicing 250,000 internal and 5 Million external customers.
• Consult with Business customers and expand IAM capabilities based on customer needs.
• Evaluate IAM advancements/vendor products against Confidential needs, current and future.