SUMMARY

• IT professional who specializes in IT Auditing, Compliance, IT Risk, Application Security reviews, Information Security Risk Assessments, Operation Permanent Control Assessment and Risk management, Governance, Project Management Life Cycle, SDLC Process, Software Development methodology and systems administration.
• More than twenty years of professional experience including seven years of Information Security and IT auditing.
• Experience in planning, designing, developing and deploying risk assessment methods and auditing in general computer controls.
• Familiar in all stages of audit including planning, study, evaluation and testing controls, reporting findings, and remediation plan.
• Possess working knowledge of ISO27000, ITIL, SOX404 and COSO/COBIT Integrated Internal Control Framework, GLB, FFIEC, HIPAA, PCI compliance, FISMA and NIST Standards.
• Familiarity with cryptographic principals, and common encryption schemes such as symmetric/asymmetric encryption, hashing, SSH, PKI.
• Knowledge of web application security best practices, web application testing methodologies and tools as well as OWASP guidelines.
• Experienced in Governance, Risk Management, Compliance, Framework, Risk Assessment, Change Management, Incident Management, and SDLC (Software Development Life Cycle).
• Experience working with Network Engineering, Technical Infrastructure Services, Information Security, and other technical and business groups to support the needs of the business.
• Good team player and also have ability to work independently in time sensitive environment.
• Motivated self - starter with exceptional team building, leadership, project management and excellent analytical and problem solving skills.
• Certified in Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Project Management Professional (PMP), Microsoft System Engineering (MCSE) and Cisco Network Administration (CCNA).

PROFESSIONAL EXPERIENCE

Confidential, Jersey City, NJ

Information Security Risk and Governance Analyst

Responsibilities:

• Develop enterprise security operation permanent controls and governance function along with Risk assessment of application and network infrastructure for various divisions within Bank.
• Identify key IT risks due to control gaps/deficiencies and assist IT teams to prioritize remediation efforts including the facilitation of RCSAs (risk and control self-assessments).
• Lead and interfaced with project teams for composed of project managers, business analysts, developers, application security, User access management, as well as analyze systems and technology integration requirements across multiple organizations for establishment of controls.
• Help developing IT team for setting the strategic direction, developing advanced enterprise wide security controls built around framework, determining the security technology/standards.
• Create different reports for Senior Management to identify key Risk Areas.
• Manage Risk Acceptances for IT and Security related risk for North America.
• Investigate and record Historical and Potential IT Incidents to identify the risk areas.
• Coordinate and lead the deployment of the mandatory procedures in the Confidential Group IT Governance (Risk) Framework and report to senior management on status/progress.
• Interface with internal and external auditors to facilitate requests and review and track findings and recommendations
• Manage end-user security awareness and BCM awareness, Bring Your Own Device trainings and reporting for North America region.
• Facilitated installment of GRC tool Archer for North America region, and involved in UAT testing of Archer builds and provided first level support for UAT and Production environment.
• Reporting of General IT Risk metrics via GRC tool to IHC.
• Oversee and manage documentation of IT and IT Security Policies and procedures.

Confidential, Jersey City, NJ

Access Remediation Specialist

Responsibilities:

• Determined effectiveness of infrastructure and application security controls including full scale assessments of server security and access controls of Unix Production Environment.
• Identified and advised stakeholders about segregation of various environments such as UAT, DEV, DR and PROD for application User and System accounts.
• Ensure the segregation of duties (SOD) between all support teams’ users has been met on the application environments across all business units and all sites including US, Germany, UK, Hong Kong, Singapore, and Japan with tight regulatory committed delivery deadlines
• Lead regular meetings with the application owners (ITAO) and stakeholders to provide/obtain status updates and feedback.
• Advised workable solutions for access/environment segregation/separation, change control, monitoring, creating change request to implement solutions to be compliant with company policies and standards.
• Responsible for the application engagement and all key on boarding deliverables, to ensure the application is successfully on boarded on to relevant IT security controls and toolset.
• Ensure that remediation meets the identified criteria and regulations, and bank security policies and procedures
• Supervise/assist junior teammates on their assessments as well as training new on boarding members.

Confidential, Mount Laurel, NJ

Senior IT Risk Analyst (Consultant)

Responsibilities:

• Review and approve vendor security questionnaires to ensure proper security practices are in place.
• Support client audit and examination requirements and submissions.
• Manage the remediation of vendor audit findings and management responses for vendors.
• Support opportunities to improve risk within the daily operations of IT and vendors.
• Provide recommendations on the security controls and stance of existing and prospective service providers/vendors, including due diligence site visits when warranted.
• Interface with various internal and external clients, vendors, and audit agencies as needed.
• Support various IT Risk Assurance projects as needed.
• Lead and manage various IT Risk Assurance projects as needed.
• Provide timely metrics on all tasks and support activities.

Confidential, New York, NY

Information Security Risk Officer (Consultant)

Responsibilities:

• Lead, conducted, and coordinated risk and security assessment and risk opinion engagements in the Americas in the area of Risk Finance & Corporate Systems IT
• Evaluate security risks and identify and define compliance strategies in accordance with policies and standards.
• Interfaced with clients to collect information as required for assessments, concepts and reporting requirements.
• Worked with IT & the business on controls to be implemented to ensure a secure, controlled and manageable risk environment.
• Tracked and analyzed Key Risk Indicators.
• Communicated IT risk requirements and best practices to staff, consultants and vendors via presentations, training programs, memos, websites, and other relevant media.
• Performed and assessed 3rd Party Vendor assessment as well as analyzed SAS70 or SSAE16 reports and penetration test results for any third party software used by firm to assure against company’s standards and policies.

Confidential, Iselin, NJ

Risk Manager (Consultant)

Responsibilities:

• Performed end-to-end Application Security reviews and control self-assessments across pre-deployment and post production.
• Engaged application development and project management process to ensure risk management remains incorporated in those process activities, interfacing with the business and central technology groups.
• Performed and assistance in application risk activities including risk assessment, audit remediation and security testing.
• Liaison with audit-related organization in audits and other external assessments.
• Provided guidance as to specific scope requirements as needed as well as tracked remediation progress for issues discovered during IT audits.

Confidential, Middletown, NJ

Test Analyst

Responsibilities:

• Worked with internal computer security organization team to identify and test controls within web based application and worked with developers and improve security flaws and code design.
• Assist in system reviews to establish business requirements, risk mitigation controls, and network compatibility. Also providing direction and technical expertise needed to design, implement and maintain an Information Security Environment.
• Communicate with management to provide technical consulting and advisory services regarding information security and to recommend security procedures for in house developed applications.

Confidential, Oceanport, NJ

IT Auditor

Responsibilities:

• Prepared Audit Scopes, reported findings, and presented recommendation for improving physical and logical security, data integrity and operations based on risk analysis.
• Conducted reviews of facilities, computer labs, and telecommunication equipment, intranets to assess controls and ensure availability, accuracy, and security under all conditions.
• Managed the audit plan, prepared reports, communicated audit finding to Senior/Lead Auditor, as well as responded to external audit finding/observations.

Confidential, Piscataway, NJ

Junior IT Auditor

Responsibilities:

• Review company’s Information technology policy and procedure for safeguards of IT Assets.
• Evaluate existing controls and make recommendation of improving controls based on Audit findings and Reports
• Conducted Internal audit for company’s existing infrastructure, applications and general computer controls.