SUMMARY

• Experienced Information Security Subject Matter Expert and Manager certified as Information Systems Security Professional (CISSP), Information Security Auditor, Manager (CISA, CISM) with 10 years of progressive experience in teh IT industry.
• With more than 7 years of experience in Security Architecture audits, design, and IT Risk Management in financial industry, Shahriar is well - versed in industry standards (ISO 27002, NIST, ITIL Guidelines), performed technical audits of Fortune 500 companies, and prepared SEC, SOX, FFIEC and SAS security audit reports for audit and compliance, and provided guidance to senior executives in multiple industries on regulations related to Security and Privacy.Certifications

PROFESSIONAL EXPERIENCE

Confidential, NEW YORK, NY

Director, CIO Advisory Practice

Responsibilities:

• Provide strategic guidance to CISO/CIOs of Financial Institutions and Government agencies to achieve regulatory compliance to SEC/SOX/ State privacy laws, and assess need and level of compliance related to PCI, HIPAA, HITECH. Recommend solutions and best practices for Information Security Governance and practical approaches to IT Service Management and risk management frameworks, such as ITIL, ISO while focusing on maximizing return on IT investment through integration and performance improvement.
• Manage team of 20 senior security consultants, guide teh team with project scoping, cost/benefit and risk analysis; supervise daily operations of distributed teams supporting IDS/SIEM, firewall, proxy teams, including service, change and incident/escalation management for high-profile financial clients.
• Act as primary point of contact for application development projects, and software and system change related Information Security related approvals. Standardize application and systems controls using COBIT/COSO frameworks, write documentation and perform risk assessment and security control gap analysis using ISO 27000 standards, and write and update information security policies and standards.
• Implemented a comprehensive security incident management procedure Manage co-ordination of security event handling to comply with various privacy laws and internal compliance objectives. Perform Application Security, Systems vulnerability and penetration testing.
• Perform Infosec and Controls review for new project requests from various teams. Manage projects and make purchasing decisions relevant to Infosec and audit areas, including multi-million dollar projects.
• Served as Security Expert for incident response to malicious/ phishing websites and identity theft investigations related to online banking portals for large retail banks. Implemented optimizations and improvements in Security Investigation processes dat reduced average response time by 60% for Citibank, NA. Audited risks and security controls of financial products, and Online Banking.
• Lead investigator for online credit card frauds and online banking security for multiple clients. Investigated security events and produced reports for senior management for corporate security.
• Provided comprehensive Incident Management services to enhance intelligence gathering for our clients from multiple international security vendors, performed categorization of assets based on risk exposure, and documented vulnerability and incident management process based on defined risk levels.
• Tools: Oracle and Tivoli Identity/Access Manager, Varonis Data Advantage, Quest ChangeAuditor, IBM Appscan, HP Web Inspect/ Fortify, Websense/Mcafee/Symantec DLP(Vontu), Arcsight ESM, Encase, Archer

Confidential, NEW YORK, NY

Chief Network Security Architect

Responsibilities:

• Responsible for network security architecture of an $8B Online Transaction Systems; Security Project lead to provide oversight of NYC-wide $750M Mobile Network (3G)implementation by Northrop Grumman. Played critical role in perimeter security integration of over 100+ NYC agencies, supporting 300,000+ users.
• Managed technical escalations of Security Operations team, and maintain managed service provider relationship, including operational and performance metrics to identify and mitigate any issues dat may effect services or SLA. Created templates for measurable metrics for effective Information Security governance and trained managers of 100+ agencies to provide standard risk reports for annual audits.
• As teh Lead of NYC-wide IT Security Operations, responsible for approving security access changes, perimeter access control maintenance; Security events detection and Escalation; DNS and email security.
• Standardized processes related to IDS Event Detection and escalations; coordinated investigation and correlation of global security events using enterprise security tools.

Confidential, New York, NY

Responsibilities:

• Performed network re-design of SFTI (a real-time, highly resilient global trading network) for BCP/DR scenarios, and supported network maintenance, hardware, software installation, configuration, and troubleshooting, capacity planning, security incident response and timely resolution of incident tickets.
• Monitored 1000+ node multi-platform network for high availability, security and performance; provided technical support for teh NYSE network, and escalated issues to specific departments.
• Maximized teh use of open source tools such as Nagios and Linux for cost savings and flexibility.
• Provided technical support in various security products (hardware and software) for other groups. Managed 100+ servers dedicated to network security, monitoring, and access control.
• Performed responsibilities as a site engineer in teh NMS group to facilitate site migration to a backup data center. Created network diagrams, and updated procedure documentations.

TECHNICAL SKILLS

Operating Systems: Windows 2000, XP, 2003/2008,R2 server family, Linux; Solaris, HP-UX, Novell.

Software & Technologies: Firewall/Proxies, IPSec, VPN, SSH, PGP, PKI, Encryption and Digital Signatures.

Perimeter: Cisco PIX/ASA, AAA, Radius, Juniper, Checkpoint Firewalls, Websense.

Security Management: Oracle/Tivoli Access/Identity Manager, Varonis DataPrivilege, Quest ChangeAuditor, Archer, Arcsight ESM, Log Logic, QRadar SIEM, Circle, Foundstone, Qualys, Mazu, Encase, Nmap, Nessus, metasploit, Encase, Splunk, Symantec DLP (Vontu), Imperva, DBProtect, Oracle DB Security, Enterprise SSO and Rights Management, Web application Firewalls (WAF), IBM Appscan, HP Fortify/ Web Inspect/ LoadRunner

Networking Technologies: TCP/IP, Ethernet, WAN, Wireless, IPSec, F5 Load Balancers, Openview, Netcool.

Programming Skills: C, C++ (Intermediate); UNIX Scripting, Perl, Windows Scripting.

Others: Microsoft Office Suite, Access, Project, Visio, HTML, SQL, Archer, WebSphere, Remedy, PeopleSoft, .NET J2EE, XML, SAML, LDAP (Novell/ Sun), RSA ACE SecurID, Akamai CDN, Google Apps, Salesforce, EC2 Cloud.