SUMMARY:

• More than 6 years of experience in IT security and Risk Management including Internal Audit.
• Performed risk based monitoring covering a range of operational security activities.
• Experience of producing documents on System Security compliance report
• Hands on experience leading all stages of system registration, including compliance requirements definition, and initial security check and support. Outstanding Team leader; able to coordinate and direct all phases of server - security based while managing, motivating, and guiding teams.
• Insightful, results-driven professional with notable success directing a broad range of corporate IT security initiatives while participating in planning, analysis, and implementation of solutions in support of business objectives including 100% quality results through frequent Internal Audits.
• Experience in Risk Management & Compliance, Internal Auditing, Policy making, & Awareness and BCP/DR and others.
• Lead a team of 5 members in conducting the risk management/assessment for the servers and network devices in the EMEA segment while working for IBM.
• Consistently top performed among peers, in terms of qualitative service delivery.
• Participated in various audits including SOX, ISO 27001
• Documented policies and procedures compliant with Information security standards, thus streamlining the execution
• Conducted Internal Audits for ISO 27001 and other process related, ensuring gaps were closed at the earliest possible. Devised checklist for these purpose.
• Liaised without counterparts in IBM-UK and clients, to bring in process improvements that resulted in 100% compliance.
• Created Security awareness modules and conducted s for various team members.
• Managed status meetings across various Geos on sustaining the compliance controls and other improvement points during the IBM tenure

TECHNICAL SKILLS:

Platforms: Security Health checks for Windows NT/XP/2000, UNIX (Solaris, Aix), Linux (Red Hat), DB2

Tools: IBM Tivoli, Lotus Notes, Microsoft Office suite (Word, Excel, PowerPoint, Outlook), Ping, Telnet, NS Lookup, Hacking Tools, ESM Have knowledge on HIPAA Security and Privacy rule, Omnibus Rule August 2013,PHI,NPP,TPO Deploy, operate and monitor QualysGuard to implement and manage global vulnerability management, policy compliance and web application systems, PCI (Payment Card Industry)Compliance

PROFESSIONAL EXPERIENCE:

Confidential, Wellesley, MA

Security Analyst

Responsibilities:

• Create, maintain and ensure adherence to baselines, security policies, procedures, guidelines and control standards.
• Support monitoring and reporting mechanisms to effectively communicate accurate and current status of the environment and respond accordingly
• Conduct security assessments on OS, network and application vulnerability assessments to identify security weaknesses
• System security monitoring and response to system and Server security incidents
• Work closely with IT teams on identifying and remediation of systems with security issues.
• Assist in or facilitate the implementation of protective and mitigating controls.
• Analyze proactive system vulnerability and recommend corrective measures
• Participate in the evaluation, design, and deployment of security solutions
• Day to day management of Information security platforms
• Participate in both internal and external audits

Confidential, Boston, MA

Security Operations Analyst

Responsibilities:

• Day to day managed Information security platforms
• Perform daily/weekly/monthly security monitoring tasks and handle issues that are uncovered by various internal monitoring tools.
• Coordinate and perform security audits and vulnerability assessments to assess internal security procedures and compliance requirements.
• Collate and quality assure data provided to other departments such as Risk Management and Internal Audit.
• Respond to security incidents.
• Work with Audit and Risk Management to provide evidence of above activities as required.
• Manage minor projects / tasks and provide regular reports on progress.
• Performed other duties, as assigned.
• Work with relevant internal IT Application, Infrastructure, Network and Support teams.
• Ensure that the IT systems are compliant with applicable regulations

Confidential

Information Security Analyst

Responsibilities:

• Responsible for the security compliance of IBM supported servers and network devices across EMEA.
• Have the experience working with lotus notes
• Working for IGA (IT Security - EMEA) team of 3 members, who were responsible for security service delivery for IBM Internal accounts
• Getting involved in new challenges like PH03 process to meet the mitigation standards
• Was one among the top 3 consistent performers during total period of PhO3 process in IGA and received an appreciation mail from top level management of UK for 100% customer satisfaction
• Being a team member in IGA played a proactive role in maintaining my accounts to be in 100% Quality
• Involved in maintaining the KPI Tracker (Key Process Improvement)for IGA accounts
• Worked for e-bhs (IT Security - EMEA) team of 5 members, who were responsible for security service delivery for the internet servers.
• Worked for SO Commercial (IT Security - EMEA) team of 6 members, who were responsible for security service delivery for the Client servers.
• Address the non-compliant issues, and fix them, by Change Management
• Have Knowledge of IBM Security policies
• Inducted into Quality team as one of the important Quality analysts for qualitative improvement
• Coordinated with other teams for security compliance across IGA - EMEA for speedy tickets (CIRATS and Manage Now) resolve. Helped them in solving technical issues.
• Actively participated in team discussion to bring innovative ideas for qualitative deliver - cost, quality, delivery.
• Went on conference call with different UK Clients (IGA) for having the satisfied level of support.
• Conducted frequent meetings with the team members, to discuss on process and personnel issues.
• Managed the non-compliances, by raising CIRATS tickets through internal tool (TSCM).
• Created awareness among the team members on the ongoing security issues.
• Created new LWI (Local Work Instruction) for IGA and hosted in the team room, this helped in consolidating various documentation related to the process. This has become handy SPOR for all our team members
• Was the key resource in identifying the appropriate solution in respect of the repetitive work in ECM manual upload
• Resolved the issues (Issues which affected the daily BAU) related to CIRATS department name for the new CIRATS database DB2, this resulted in creating, tracking the issues as usual and also supported for audit
• Actively participated in IBM’s Lean product GDF including BCP(Business Continuity) and DRP(Disaster Recovery)
• Achieved Top Performer ranking 2+ in the PBC (Personal Business Conduct) for the last two years continuously