- Security Specialist with 20+ years of experience in IT Audit, IT Security technologies and IT Governance/Risk/Compliance.
- Full skill set which includes strong technical abilities, ready to take new challenges and work with zest and enthusiasm.
- Hardworking, in addition to good people skills.
- Proficient with hands - on experience in security technologies like Firewalls, DMZs, VPNs, IDSes
- Good working knowledge in security architecture design/implementation and security policy reviews, Application Reviews, Waivers, Mitigating Controls and other General Computer Controls.
- Having strong base on IP/IDSes, Cloud Security, Email Security, SIEM, Incident Response and investigation
- Having strong base with package security providers like Akamai, AWS, Azure, Google etc.
- Threat Modelling worked on thinking about bad things too (weakest link, vulnerabilities) not only good things.
- Experience with NIST 800-53: Security and Privacy, GDPR, California privacy Act.
- Cloud migration experience: Proper lift and shift process in place.
- Worked on DevSecOps, Whatever business process owner choose agile or lean, we have to make sure it compliant with security framework
- Third party service such as cloud providers had made development easier than it was, we have to make sure we choose the secure way of developing cloud apps by choosing the tools that can provide security and the development goes through proper SDLC. Secure development (owasp), proper change management (appropriate approvals), Separate environments (dev and production), Separation of duties
- Cloud security: Worked on Cloud security solution design and implementation like Access control, secure authentication, AV/Malware, secure end points, Privileged Accounts Security, IDS/IPS/FW, monitoring, incident response
- Help the clients in achieving ISO 20071, SOC1, SOC2, SOX and PCI audits
- Assess/review the information security policies
- Walk-through controls with control owner
- Collect evidences to ensure controls are effective
- Add missing controls and or improve weak controls
- Prepare business owners to what’s coming
- Also, assess client's risk and scope to understand what’s at risk and what are they safeguarding
Sr Information Security Consultant
- In charge of Information Security Operations (Technical and Governance), Risk and Compliance
- Helped Upper Management with establishing and directing Information Security programs as a Project Manager
- Specialties: IT Audit/Compliance/Information Security, Risk Assessments, SOX, GLBA, SOC 2, ISO 27001, OWASP, NIST, EU GDPR, California Consumer Privacy Act (CCPA), Application and Infrastructure Audits.
- Worked on Cloud security solution design and implementation. Find the appropriate authentication/IAM/secure design solutions such as SSO, SMAL, B2B etc.
- Worked on DevSecOps.
- Experience in package security providers like Akamai, AWS, Azure, Google etc.
- Audit Azure security centre’s policy and compliance best practices to insure compliance
Confidential, Chicago, IL
Information Security Officer
- Safeguarded Customer Information Program (supplier assessments)
- Managed the information security function in accordance with the established policies and guidelines.
- Reported to the Vice President for Information Technology.
- Established and maintained information security standards and procedures in compliance with state/federal information security and risk management policies, standards and guidelines (e.g. ISO 27001, COBIT, SOX, GLBA, HIPPA, NIST, PCI DSS, and SSAE16).
- Functioned as an internal consulting resource on information security issues.
- Conducted the information security risk assessment program.
- Reviewed compliance with the information security policy and associated procedures.
- Assessed technologies such as Cloud, Complex Networks, Third party service providers, Software providers.
- Coordinated information security efforts with the Internal Audit Department and External Auditors.
- Managed a team of junior assessors, assign them tasks and coach them on assessment process, Risk/Compliance techniques.
Confidential, Chicago, IL
Lead IT Auditor
- Managed and led audit engagements (including planning, scoping, execution, report preparation and final wrap up), conducting weekly status and exit meetings, preparation of final reports.
- Managed multiple audit/process reviews simultaneously with teams of 1-2 each, including the allocation of assignments across the team, managing the execution of all Information Technology Compliance-related audits, and providing mentoring to the team.
- As a lead IT Auditor played a key role in shaping and focusing the audit on the identified risks as well as executing the audit and delivering the final report to the control owners and senior management.
- Reviewed information system architecture and security controls, this includes border router configurations, operating systems configurations, wireless architectures, databases, Storage Area Network, Firewalls, Intrusion detection systems, and information security policies and procedures.
- Communicated IT control strengths and weaknesses to the internal audit clients and developing effective solutions.
- Ensured timely completion of assigned project phases.
Senior IT Auditor at Discover
- Satisfied regulatory and compliance requirements (internal audit, compliance, regulatory, SOX, FDIC)
- Performed an IT Risk Assessment for small and mid size banks and also managed and conducted IT General Controls Audits for various banks in compliance with GLBA and IT SOX controls.
- Led business units in developing the process needed to sustain the ongoing SAS 70 program.
- Led the creation of any new controls or the remediation of control failures that were noted by the SAS 70 Service Auditor.
- Test controls as needed to proactively identify control weaknesses.
Confidential, Chicago, IL
Senior IT Auditor
- Responsible for performing IT audits from planning, execution to final report.
- Led and participated in audits across Information Technology (IT) environment, including, operating systems, networks (firewalls, Routers and Intrusion Detection systems), databases, and applications.
- Drafted audit reports reflecting relevant facts that lead to logical conclusions
- Created Sarbanes review and compliance program for Chicago based financial services company.
- Played a significant role in reviewing IT SOX documentation to ensure the company’s IT controls related to the financial reporting assertions are operating as intended.
- This has allowed management to review and assess whether key controls are operating effectively in accordance with SOX.
- Responsible for reviewing deliverables documenting the controls in place, educating client staff on internal controls and their role in SOX, preparing strategy documentation for the company’s IT SOX Project Management Office, coordinating preparation of testing guidance going forward in 2005 and providing subject matter expertise in addressing SOX IT concerns.
- The company was in compliance with the requirements of SOX as of December 31, 2004