EXPERIENCE SUMMARY

Strong understanding of Information System Auditing/Security Engineer, IT controls concepts i.e. COBIT and Information System auditing Professional Standards ISACA . Demonstrated high level of analytical ability and understanding of risk and control assessments. Develop audit plans and manage several concurrent audits of new and existing application systems and core IT infrastructure processes to provide management with fair, objective and technically accurate assessment of associated risk and internal controls. Knowledge and experience using NIST standards to assess management, operational and technical security controls per NIST SP 800-53.

TECHNICAL SKILLS:

Operating Systems: Windows NT/2000/2003/XP, UNIX, Linux, Cisco IOS and AS/400

Protocol/Services: TCP/IP, NetBEUI, DHCP, WINS, DNS, SMTP, HTML, FTP, Telnet, Frame Relay, VPN, and Active Directory.

Languages/Applications: Visual Basic, C , Microsoft Office 2000, Exchange Server, AS/400, Lotus Notes, PC Anywhere, Citrix, Help, Tivoli, Peregrine, Remedy, Infoma Microsoft Outlook, GSM, JIRA.

EMPLOYMENT HISTORY

Confidential

Sr. Security Analyst

• Set-up new access privileges and manage existing customer roles entitlements to meet the PCI DSS requirements.
• Administer internal roles entitlements modifications.
• Analyze and define access needs.
• Coordinate access implementations in all environments.
• Provide back-up support for security help desk
• Review business and functional requirements and provide technical support/knowledge to identify impact to customer's security configuration.
• Effectively deal with customer and internal user access difficulties by participating in the simulation and resolution of security issues.
• Interact with customers to provide information in response to inquiries about roles and entitlements or other security matters.

Confidential

Security Analyst

• Conduct operating system, application, and database vulnerability assessments to include system configuration checks on various Information Systems using Nessus scanning tools.
• Analyze vulnerability assessment results, and provide subsequent reports.
• Work alongside Information Systems Security Officers ISSOs and system administrators to validate and remediate identified vulnerabilities.
• Conduct vulnerability scan using Tenable Security Center - Nesssus
• Conduct regular research on current vulnerabilities and exploits using publicly available, trusted resources.
• Author information security notifications based on vulnerabilities applicable to the environment and track compliance for notifications requiring corrective action.
• Brief management on current vulnerabilities and provide countermeasure recommendations.
• Calculate and assess risk based on threats, vulnerabilities, and mitigating factors

Confidential

Security Engineer

• Provide risk management assessments, security practices and procedures and solutions
• Implement solutions addressing vulnerabilities and developed plan to mitigate risks associated with the systems' vulnerabilities.
• Enforce strong security controls to safeguard the integrity and confidentiality of the organization's data
• Perform risk assessment surveys to identify security requirements
• Conduct system vulnerability scan using Retina Tools
• Conduct baseline scan using CIS-CAT Tools
• Assess SystemTechnical controls as defined by NIST 800-53
• Perform System Security Self Asseessment, Contingency Pan, and Security Test and Evaluation
• Perform Business Impact Assessment in support of System Certification and Accreditation
• Provide documentation support for developing and updating system documentation for C A efforts.
• Document Plan of Action and Milestone POAM
• Monitor and test Security Controls to ensure that the security design is implemented correctly.
• Prepare weekly vulnerability report for the client
• Define system security requirements.

Confidential

Lead Information Security Analyst /Sox Compliance Advisor

• Security Event Monitoring Team
• Documented procedures, best practices, and proposals .Developed and updated Process Control Manuals.
• Participated in the review of internal controls for PCI DSS
• Monitored security events in Oracle database, Teradata, LT Auditor, BokS and eTrust
• Followed up on security event infractions escalations to resolution in a timely manner.
• Proactively disclose and remedy actual or potential breaches and risks to the confidentiality, integrity and availability of Corporate Data and Systems
• Monitored security events within eTrust Access Controls.
• Experience in security events Monitoring tool ArcSight
• Performed risk assessment surveys to identify security requirements.
• Monitored systems and conducted reviews of logs, reports, system settings and/or user permissions to ensure compliance with security policies and standards

Confidential

Senior IT Auditor

• Identified and evaluated controls over user connectivity and user accounts based on Active Directory.
• Assessed clients' IT risks using key controls and objectives to determine the scope of testing.
• Documented the audit findings and recommendations in accordance with standard business format.
• Provided recommendations to management in connection with IS audit work performed.
• Participated in the review of internal controls for Sarbanes-Oxley compliance.
• Attended entrance conference and various audit meetings
• Participated in audit planning processes and developing internal audit guidelines and procedures.
• Tested compliance and conformity with company standards, policies, and procedures that are supposed to meet industry standard like COBIT and COSO.
• Reviewed system internal controls, its documentation and operations, to ensure that appropriate level of control exists for regulatory compliance e.g. SOX using COBIT and COSO frameworks.
• Prepared detailed audit reports and made meaningful recommendations to all levels of management.
• Analyzed needs, submit recommendations, and implement cost-effective programs encompassing public relations, and target relationship marketing.
• Proactively identified and responded to security events in accordance with set policies and practices
• Prepared written audit reports and presented them to management
• Conducted vulnerability assessment and intrusion detection, and supported security policy development
• Drafted clear and concise audit report .
• Analyzed security controls for Windows Systems to ensure that they meet set standards
• Participated in closing conferences, effectively communicated with internal clients, audit teams and external auditors.
• Collaborated with external audit firms in monitoring and conducting audits.
• Performed follow-up on reported findings and documented results.
• Demonstrated thoroughness, and ability to work independently.
• Performed post-audit reviews to determine compliance with audit recommendations
• Performed work in accordance with IIA Professional Standards and Audit Department guidelines
• Identified user access levels to ensure need-to-know and segregation of duties are met.

Confidential

Helpdesk Coordinator/Technology Analyst/ Network Systems Support Analyst

• Responsible for troubleshooting and fault finding computers and network connectivity problems and providing resolutions
• Conducted Network vulnerability scan using Nessus and Nmap tools.
• Ran in-house connectivity for LAN/WAN Provision T1 end-to-end dedicated lines to clients.
• Install and manage Cisco VPN Concentrator- Experience with VPN technology, including remote user access, branch office connectivity, monitoring, and fault isolation.
• Configure WAN connections. Design and implementation of ATM, QOS, Frame Relay, ISDN, CSU/DSU configuration T1, T3, OC3.
• Monitored communication lines, Network devices and servers using HP Openview, and Netview.
• Created and maintained user connectivity and created users account based on Active Directory.
• Participated in Disaster Recovery tests and operations
• Provided direction and participated in identification, diagnosis, documentation, communication, and resolution of problems with computer equipment, software, and peripherals.
• Coordinated network problem resolution activities in a multi-platform environment.
• Administered and managed network server hardware and software.
• Controlled all hardware/software functions in a multi-system batch and online environment, ensuring that all devices, components, and subsystems are functioning normally
• Troubleshot and debugged connections to peers , customers , vendors, and internal network connections.
• Administered Windows NT/2000and Citrix servers
• Monitored and analyzed computer performance by means of the systems console and software performance tools.
• Communicated outage notification for major system outages to customers and management
• Controlled daily batch jobs consisting of multiple interfacing applications in a batch/online environment to successfully meet pre-defined Service Level Agreement SLA for data center user.
• Maintained constant review of critical scheduling requirements to avoid or minimize lost time and dollars.
• Responded to the technical needs and questions of customers concerning their applications, equipment and access.
• Administered Windows security with logon rights and NTFS access control list, and managed domains, add user/group accounts for sharing of resources in Active Directory.
• Configuring, Installing and Monitoring Cisco IDS , and IPS
• Setup, configured, and gave support on the use of local area networks.
• Provided in-depth front line technical support to diagnose, analyze, research and resolve computer problems for internal and external Enterprise customers,
• Provided responsive on-site computing support, including desktop, server, network and telecommunications to diagnose, analyze, research and resolve problems for Internal Enterprise customers
• Created targeted orders as necessary to deliver a complete product.
• Followed -up on targeted orders. Contact suppliers directly to identify targeted orders, assess status, and resolve issues.
• Scheduled midday communications and recommended appropriate solutions to any systems that failed midday communications.
• Troubleshooting agents' servers and workstations. and provided solutions for Wintel server environments including DNS, DHCP, and Active Directory .
• Assisted in maintaining, configuring, installing, and testing network hardware and software , this include but not limited to routers, switches, hubs and firewalls.
• Installed, and loaded software over the network to the agents' systems
• Responsible for providing support to users on network.
• Performed necessary tests and diagnostics to isolate and correct network and members problems. Escalated network problems to appropriate personnel in accordance to departmental and corporate procedure.
• Monitored systems infrastructure through available network monitoring tools and monitored incoming issues through trouble tickets to assist in the identification, escalation, and resolution of problems.