Identity And Access Management Analyst/lead Resume
Rochester, MN
SUMMARY
- 7+ years of IT experience as Information Protection Analyst. Sound knowledge and hands on experience on Mainframe RACF, Active Directory services, Identity Access Management and access control processes. Multi - domain experience in domains such as Retail, HealthCare and Finance.
- Extensive knowledge of all common business-related IT functions and how Information Securtiy plays providing the confidentiality, integrity and availability of data.
- Adept at preparing detailed training procedures and corporate policies, procedures, guidelines, standards.
- Solid understanding of various security software applications
- Expert knowledge in identityand access management methodologies andidentitylife-cycle management processes
- Designed and implemented Multi Master environment with LDAP proxy provide load balance, data transformation, attribute rename, and attribute security.
- Proficient in LDAP-based directory leveraging AD to manage access to cloud apps addressing a number of security, risk, and compliance issues.
- Experienced in user administration, privileged identity and access management, identity intelligence, role-based identity administration and analytics.
- Well Versed in installation and configuration Oracle Identity and Access Manager 11g R2 PS1/PS2/PS3 in high availability environment.
- Experienced with manipulating and analyzing large amounts of data.
- Programming experience with Java
- Experienced creating PowerShell and MSDOS batch scripts
- Experience with end-pointmanagement, IT auditing, anti-virus, anti-malware, SIEM, IDS, vulnerabilty scanning/reporting/remediation, web proxy, encryption, patchmanagement, networkaccess control (NAC), email gateways, anit-spam services, Mobile Devicemanagement (MDM), Privilged accountmanagement (PAM), mult-factor authentication (MFA)
- Experienced in strategic and tactical mission planning, high-tempo field and command center operations, inter-agency and international liaison, and advanced technology insertion and integration. Participated in the development of the Role BasedAccessControl (RBAC) project, which streamlined networkmanagementto a single point ofaccess.
- Excellent internal and external communications skills
- Created Hi Trust documentation for various projects and its Privilege users account and user access.
- Helped creating test script documentation for projects.
- Helped creating work flow matrices for testing projects
- Helped updating the process changes in the established documents
- Strong work ethic, able to work under pressure in a very fast paced environment juggling many activities at once.
TECHNICAL SKILLS
Tools: Mainframe RACF, Active Directory, Access 2007, Remedy, Service Now, Citrix administration, SAP Business Objects, MySQL, IBM Tivoli Suite (TIM, TAM), LDAP, Web server (Tomcat, Apache, IBM), WebLogic, Citrix, CICS, CyberArk EPV,JIRA 3.1,CA Identity Manage, Remedy, Putty,VMware workstation, Cisco VPN Any Connect Client, PeopleSoft, VB Script, RSA SecurID, Lotus Notes, IBM TSO,SSO, OpenID, MS ILM 2007,Oracle Identity Manager 10g/11g R1/R2, PS1/PS2/PS3, Oracle Access Manager 10g/11g R1/R2, PS1/PS2/PS3, Ping Identity, Sailpoint 5.X/6.X, Sub netting, TCP/IP, DNS, DHCP, MS Excel 2003/2007, IM/LYNC, RBAC.
Languages: C, C++, HTML, Python Scripting, VB Scripting, Unix/Linux.
Databases: MS Access, My SQL, DB2, Oracle, SQL Server.
Operating Systems: Windows, Windows Server 2003, RHEL 5X,OS X.
PROFESSIONAL EXPERIENCE
Confidential, Rochester, MN
Identity and Access Management Analyst/Lead
Responsibilities:
- Diagnosed securityaccessissues, implemented security policies and procedures, ensured security access, protected against unauthorizedaccessand promoted security awareness to ensure system security.
- Communicated and translated authorization requirements among the business, stakeholders, system owners and role owners to ensure the appropriateaccess.
- Interfaced withseniormanagementand system owners to manage and resolve escalated security authorization issues
- Oversaw RiskManagementefforts to identify and evaluate risks to the systems to meet with the organization structure, regulatory and audit controls.
- Contributed to the investigation, documentation and reporting of security violations with internal/external auditors, Information Security Fraud Prevention, and system owners to comply with SOX/HIPPA and company security polices standards and controls.
- Point of contact and collaborated with system owners, risk owners, role approvers and auditors to conduct internal compliance audit and presented results to audit andmanagement.
- Assisted in configuring and maintenance of the Governance Risk Control (GRC).
- Monitored and audited privileged users and application activity to determine fraud or legitimate access.
- Responsible for security task, performed troubleshooting security authorization problems while adhering to Service Level Agreements (SLA).
- Experienced in architecting and deploying Identity and Access Management, LDAP Directories, Provisioning and De-Provisioning/Identity Workflows, Access Management, Role-Based Access Control (RBAC), Compliance and Auditing Technologies, Enterprise System Architecture, Security Infrastructure Design, Authentication and Authorization technologies and custom-built security and technology frameworks.
- Involved in upgrading the environment to newer versions of Oracle Identity and Access Management systems.
- Upgraded current IBM Tivoli Access Manager in migrating customizations to OIM and OAM 11gR2.
- Experience with OAM Single Sign On (SSO), Authentication Solutions, and LDAP Directories in a highly load balanced implementations.
- Experience in integrating LDAP with OIM, SOA, OSB and OAM in IAM Suite 11g.
- Involved in end-to-end implementation of IAM solution using Oracle's suite of Identity and Access Management.
- Involved in Installing and configuring the IDM suite from scratch, connecting with LDAP directories and database, setting up and maintaining provisioning and reconciliation procedures with different trusted sources and target systems.
- Responsible for all security tasks, role design, development, configuration, troubleshooting, resolution, and documentation of all Production, Test, Development Systems.
- Developed, implemented, and improved policies, processes, and procedures, implementing best practices solutions for security changemanagementcontrols, to support the organization security framework and SOX compliance standards requesting changes, testing and transporting security roles to all environments.
- Trained, mentored junior staff members and interviewed potential employee candidates
Confidential, San Francisco, CA
Identity and Access Management Analyst
Responsibilities:
- Access theCyberArkpassword vault every day to retrieve the newly issues password for elevated account.
- Develop, manage, and execute project plans and timelines for key deliverables of enterprise PAS/SIM implementations.
- Creating safes and adding users and groups to them for privileged access inCyberArk.
- Successfully UpgradedCyberArkPIMSuitefrom v7.2 to v8.5.
- Engage American Express business units and vendors, providing technical support to solve failures withEPVconfigurations and server issues to ensure all objects are in compliance.
- ManageEPVID's for American Express and vendors Automation Process including identifying ID failures, review the errors, ensure IDs withinEPVareconfigured correctly and being managed successfully by the tool.
- Coordinating various teams while troubleshootingCyberArkfailures and repairing such failures.
- Integration ofCyberArkwith DUO two factor authentication and wide implementation of application and identity management (AIM) module to protect hardcoded and embedded application passwords.
- Successfully maintain a minimum of 95% success rate forEPVpassword compliance.
- CyberArkIntegration with SIEM tools like ArcSight, Splunk, PIMsuiteintegration with DAP, CyberArkIntegration with RADUIS for second factor Authentication.
- Worked withCyberArkUtilities like Password Upload, Create user Utility, PA Replicate, PACLI and PAR client.
- CyberArkrecommended patching of vault server and its components (PSM, CPM, and PVWA).
- Monitor IAM systems (CyberArk) to identify incidents and risks that may impact performance.
- Account management on various platforms such a Windows, UNIX, Active Directory, LDAP, network devices, databases and storage systems.
- Create, configure, and manage Active Directory user accounts, security/distribution/application groups, and OUs. Managed and configured directaccessto folder structures and drives for users (mostly c-level or folder owners) who were not categorized by a group membership.
- Troubleshoots, access provisioning, de provisioning errors and process execution failures of CyberArk.
- Monitor system performance and application functionality and reported/circumvented service interruptions.
- Implement upgrades and fixes; utilize distributed change management guidelines and practices.
Confidential -Raleigh, North Carolina
Information Security Analyst
Responsibilities:
- Analyst in a team dealing with theIdentityandAccessManagementof enterprise security systems within a multi-domain environment supporting 170,000 users in a major healthcare network Analyze Incident, Change and Problem tickets and provide update on daily meeting with client.
- Executed day-to-day Identity andAccessManagement control activities using theSailPoint IIQIAMsystem. The controls activities includedAccessProvisioning, Joiners/Movers/Leavers lifecycle events,Accessreview and Certifications, Segregation of Duties, Account correlation.
- Provide superior visibility into and control over useraccessto sensitive applications and data while streamlining theaccessrequest and delivery process.
- Gather requirements for Customizing Application and Account Onboarding process as per client and business requirements.
- Daily meeting with different IAM teams and report new/pending IAM issues and concerns.
- Create identity Life Cycle workflows, defining life cycle events.
- Helped in performingSailPointIIQ cleanups and documented new change order.
- Manage UserAccess/Login Security toSailPointApplications.
- Gather requirements for customization of out of box workflows inSailPoint.
- Involved in test cases preparation and setting up test environment.
- Coordinating support knowledge transfer for new system and educated application owners.
- Worked closely with the IT Strategic Technology Partners to evaluate new application integration requests from our business partners/Agencies.
- Creating, terminating and reinstating employee, contractor and vendor contractors from HR database toSailPointIIQ.
- Understand and document as-is state of useraccesssecurity of the application.
- Managed group exceptions by investigating then either granting or denying exceptions to deny certain levels ofaccessto applications and groups based on non-qualified job code or region or specific user accounts.
- Followed Role BasedAccessapproach to network resources through Active Directory integrated IDM solution. Roles were configured based on the needs of the organization and in partnering communications with Director of HR, Director of Payroll, Corporate level executives, and other aspects of the company governance.
- Hardware/software asset provisioningmanagement, including asset recoveries, assignments, and lifecyclemanagement.
- Administered HIS/RIS medical information systems and stayed current with the HL7, SOX and HIPAA guidelines.
- Password resets, enabling locked out or expired accounts after investigation, disabling network and email accounts due to terminations or internal investigations, managing when accounts expire and account lockout thresholds for failed attempts to login.
- Maintaining monthly and weekly reports on disabled and expired network users in Active Directory and deleting AD and email accounts, along with deleting or preserving personal drive/folder contents upon approval/time threshold, that were consuming storage resources. The majority of these actions were based on further investigation needed internally or normal termination of service to the company.
- Queue-Coordinator of Remedy inbox and assign tickets to team members to resolve user's issues.
Confidential
Information Security Analyst
Responsibilities:
- Responsible for answering user questions, addressing user requests & issues, and troubleshooting Identity & Access Management(lAM) issues
- PKI Certificate issuance and troubleshooting
- Microsoft SQL Report generation and publication
- PowerShell scripting
- Creating and modifying PowerShell scripts used to manipulateIdentity data in Active Directory or Office 365
- Writing how-to articles related toIdentity andAccess Management services
- Writing FAQ and best practices documents
- SMTP E-mail Administration and troubleshooting
- Performed the action of create, edit, reset account and remove users from Explorys.
- Worked on assigning, changing and removing roles in Explorys
- Worked on affiliation of roles for the users. These roles applied give permission to EPM: Explore Roles, or Group Roles.
- Worked on granting roles that require assignment to an organization level.