SUMMARY:

• Certified Information Security Professional, proficient in Identity and Access Management, Application Security, Data Protection, and Risk & Compliance.
• Extensive experience in architecting, implementing, and securing highly available enterprise - wide software systems in distributed computing environments.

EXPERTISE AREA:

• Access Certifications
• Authentication protocols
• Business Continuity
• CMMi
• Cryptography
• Cybersecurity Framework
• Databases
• Federation
• Message Oriented Middleware
• Microsoft Azure
• NIST SP 800-53
• NIST SP 800-63
• Networking, Object Oriented Methodologies
• Privileged Access Management
• PKI
• Project Management
• RBAC
• SDLC
• SSO
• Web and XML technologies.

PROFESSIONAL EXPERIENCE:

Senior Information Security Architect

Confidential, McLean, VA

• Developed strategy to modernize fragmented legacy authentication systems to meet multi-factor, cloud and mobile needs. Architected and led Smart Card pilot project for implementing multi-factor authentication for Active Directory Administrator accounts. Used HID Global’s Crescendo C1150 Smart Cards with PKI Certificates from Microsoft CA.
• Led security architecture for the Customer Identity & Access Management (CIAM) system, which handles access governance of Confidential ’s external B2B users. CIAM is implemented using SailPoint IdentityIQ.
• Led the evaluation, selection, and implementation of Google reCAPTCHA as the enterprise standard for all external unauthenticated pages in SailPoint IdentityIQ.
• Led selection and implementation of Microsoft LAPS solution for managing local administrator account passwords, which mitigated the risks of having a common local account with identical password on every computer.
• Architected solutions for managing Technical Debt and Application Security using Fortify for static code analysis, and SonarQube for code quality inspection.
• Defined security requirements for on-prem Software Defined Data Center and public cloud platforms: Microsoft Azure and IBM SoftLayer, and Web Proxies, Secure Web Gateways and Cloud Access Security Brokers from Symantec and Zscaler.

Senior Information Security Manager

Confidential, Rochester, MN

• Led RFP efforts in the selection of SailPoint IdentityIQ for access governance and administration and helped in its rollout for SOX application certifications and birthright provisioning.
• IAM Security Architect for the $1.2 billion Electronic Health Records project, hosted by EPIC, and its integration with various on-prem solutions, including SailPoint IdentityIQ for user access governance and administration using Role Based Access Controls (RBAC) model.
• Managed the rollout of RSA SecurID Two-Factor Authentication for various use cases, including employee and vendor Remote Access, AIX, Linux and Tandem System Administration, and access to Clinical applications that handle VIP patients, which significantly lowered the threat of external attacks using compromised/phished credentials.
• Managed the rollout of Lieberman ERPM with RSA SecurID Two-Factor Authentication for managing privileged access on 5000+ Windows Servers using dual account policy, thereby eliminating the risk of lateral movement and privilege escalation using pass-the-hash attack.
• Established IAM Architecture, Policies and Standards for Confidential Identity Management Platform for handling B2E, B2B and B2C identities. Established SAML Federation as the enterprise standard for all SaaS applications.
• Developed policies and procedures to clean up 6,000+ Service/Work accounts and integrate their lifecycle in SailPoint IdentityIQ and Lieberman ERPM.
• Designed Identity Management for Confidential ’s High Performance Computing environment in National Center for Supercomputing Applications’ (NCSA) cloud.
• Served as IAM Subject Matter Expert in establishing Data Protection Standards and Risk-based security assessment program for Confidential, using NIST SP 800-53 and Cybersecurity Framework.

Business Solutions Officer

Confidential, Washington, DC

• As a member of the Bank-wide Integrated Planning System (IPS), led efforts to analyze business requirements and design security architecture for quarterly business review, staff planning and claims processing modules.

Senior Information Security Officer

Confidential, Washington, DC

• Implemented and operated SailPoint IdentityIQ Compliance Manager for user access governance and certification of all Treasury financial systems, which resulted in Word Bank Treasury’s success in streamlining access governance and administration and meeting ICFR (SOX), SOC1 and SAS 70 compliance.
• As a member of the Bank-wide ICAM Working Group, led the architecture and implementation of Identity, Credential, and Access Management (ICAM) for Treasury and Finance Complex, using SailPoint IdentityIQ product suite. The scope included Life Cycle Manager, Compliance Manager, Role Manager, and Auto-Provisioning.
• Maintained BMC Calendra based legacy Treasury Account Provisioning System (TAPS).
• Led security accreditation of Treasury infrastructure, applications, and databases to safeguard confidentiality, integrity and availability of financial data, transactions, and systems.
• Implemented tools and processes to monitor and reconcile privileged access and DDL/DML activity in Treasury infrastructure and databases.
• Managed the administration of RSA SecurID tokens for Treasury users.

Information Officer

Confidential, Washington, DC

• Managed team that was responsible for operating SWIFT and FEDWIRE systems - critical, demanding and highly secure financial transaction systems - that handled all of World Bank’s securities and cash transactions, valued at tens of billions of dollars every day.
• Architected and implemented solutions to modernize infrastructure, protocols, networks and systems that interface with SWIFT and FEDWIRE.
• Implemented IBM MQ Series, XML, and RSA Crypto-J based highly secure Financial Messaging Middleware system to replace legacy Message Handling System (MHS).
• Managed secure Message Handling System (MHS) platform that handled all of World Bank’s internal application-to-application financial transactions.
• Managed all aspects, including relationship, of the SWIFT and FEDWIRE Networks for the World Bank.