SUMMARY:

• 11+ years of extensive experience in Information Security and Risk Assessments, Vendor Security and Risk Compliance, Cloud Security, GRC Archer, Identity and Access management OIM, Sail point, Audits in Banking, Finance, Health care

• Enterprise Security Risk Analyst - Confidential ESRM, Business analysis, implement Vendor Risk Assessment, Risk Management, RMF, Risk mapping, review Cloud Security Architecture, GRC Archer, application and database Security Policies, ITGC Controls, Third party Security, Privacy and Vulnerability assessments, Issue Management, SOC/SSAE 16, CSA, SIG assessments, review Security policies, IT audits for testing of new key Internal controls.
• Information Security Analyst - 1199 SEIU FUNDS IRM, Administrated OIM,ORM, AD, LDAP, web logic, Security Risk, RMF, Access and Identity life cycle, OPAM, PUM/LAM privileged Accounts, provisioning, DE provisioning, Access, Password management, request workflows, templates, approval process, ePHI Internal controls, Governance.
• Sr. System Analyst - Confidential, RI IAM, Security Risk Assessments, Implement Security policies, Identity and Access governance, ACL,OPAM, RBAC, Internal Control MAS guideline Administrate OIM, LAM, Access Recertification, CSIRT Security Incident and change management process.
• Sr. System Analyst - Confidential NY APAC exchange Trading Application support, system Integration project planning, IT Security, Release administration, Pre CAB, Change management process and approvals to ensure stability, performance, Implementation Patch management, Backup and restoration process, SOC, Cluster/Node Failover, NOC and IDN digital networks, Business Continuity Planning, (BCP/DR) testing.
• Network Engineer - Confidential NOC, SOC, network scan (protocols, ports and packets) with ethereal, wire shark sniffer, BMC, OS and Sever hardening, TCP/IP, Vulnerability assessment, Nexpose, Penetration testing - Nmap, Meta spoilt, SIEM Security Incident and Event Management MacAfee ESM, IDS, EMC, AD, GPO, Varonis data modeling,
• Managed Global Security Risk Operations ITGC, Risk Assessments ORA, business risk, UAT, Identified threats, vulnerabilities, data collection and analyze existing controls, RCA- Risk control Assessments and security self-Assessment, IT general an Risk control testing and impact analysis, risk capturing, risk mitigation process.
• IT Infrastructure and Security Audits, facilitate external IT like PWC, MAS, KPMG and RBI inspection and follow up audit issues, Manage regulatory and compliances requirements with guidelines, Standards and frameworks NIST 800 53/37, ISO,HIPAA, SOX 404, COBIT, ISO 27001, ITAR and 3PAO Fed RAMP compliance regulations.

TECHNICAL SKILLS:

IDM/IAM, Logical Access and Security event Tools: Sail point, OIM, ORM, LATTE, ONE Cert, Recertification, SEIM, BMC Patrol, Macafee ESm, Nexpose,OPAM, Active Directory, LDAP, DLP, Pentaho, Varonis. Cloud Security

GRC tool: RSA Archer, IBM SRP

QA - Testing Tools: HP QC, JIRA, OMX Test suite, Metasploit, Fluke Networks, SQL injection, TTS, Kobra

Database and Tools: MYSQL 5,MS SQL 2008 server management, MS Access, TOAD 9.7.2, EDA,DMU

Trading Platform: NASDAQ OMX, Reuter’s 3000 xtra, KOBRA, RMDS, Ticker Quotes System (TQS), SGX Derivatives Quote Systems, CLICK XT, Multex.

Process - Ticketing Systems: CSITR, Incident and change Management- Service Now, ITSM 7.1, eSP, HP OVSD, SR

Network Performance tools: Vmon, DEC PS, DDC, Skit, wire shark, Ethereal sniffer, TCPDUMP, Nmap

IT Audit and Process: NIST, CSA, BIT SIG, COBIT 5, ISMS -ISO 27001/2, ISO 20000,SDLC, STLC, ITILV3

Project Management Tool: JIRA 5, Smart sheet, MS Project

PROFESSIONAL EXPERIENCE:

Enterprise Security Risk Analyst

Confidential, Chicago

Responsibilities:

• Working as GIS Lead/Developer Specialized, Business Analysis, Enterprise Security Risk Analysis, lead the implementation of vendor risk and compliance programs, implementing systems, processes, policies, procedures and other elements required for vendor risk, IT Audit life cycle and compliance program, Implement Enterprise wide Risk Management Framework-RMF, GRC - RSA Archer - Governance, Risk and Compliance process.
• Liaise with Confidential & Confidential, Overseeing vendor risk and compliance program effectiveness reviews and assessments, SOC, evaluating potential risk exposure due to outsourcing operations, implementation Out of the Box solution like Risk Management, Policy Management, Vendor Management, issue management processes, Data security and governance management, advising on corrective actions, manage identified organizational and compliance issues.
• Experience with annual risk assessment for vendor/third party service providers based on CSA, CCM cloud control matrix, ISO27001, SIG 20014, Evaluate SOC 1&2, SSAE16/AT 101, gathering data, implement IT general and database security controls, ITGC, IBM SRP solution request process, Fed RAMP - POA&M, and CAP guidelines.
• Define security and risk management policies, Review cloud technologies (IaaS, PaaS, and SaaS) on platforms like Amazon AWS, Azure, salesforce, EAA - Enterprise Architect, Application Risk and vulnerability Assessments, Quality Assurance, Validate server security configurations and access controls, BCP, Identify security breaches, network security and penetration testing, BCP/IT DR, Web application and QUALYS SSL labs scan report
• Due diligence on systems and controls, Lead efforts to collect, organize, maintain, Improve vendor data and artifacts as required to support and ON board vendors according to Vendor Management Process and regulatory requirements, SOC security operation center with Automate security analysis, administration and remediation procedures, workflows and tasks, security solutions, process, risk identification and remediation process, web service security, responses of security incident and events, Certification and Accreditation Information Assurance validations.
• Responsible for assessing the risk policy adherence and potential risk vulnerabilities within our applications and key processes, Engage with Vendor Relationship managers to perform ongoing monitoring activities of each vendor commensurate with the risk, Review IAM Identity and Access management controls, Oracle and SQL database security, Logical access management, LDAP, SOD, audit and logging, recertification process, change management, Authentications/Authorizations/Port Security, Data Protection and Secure Configuration Management controls
• Manage Risk management process, Information Security Risk Assessment (ISRA) methodology by completing and providing oversight for line of business risk assessments, Risk identification, Risk Mapping, implementation and residual risk acceptance, Testing controls including ON SITE assessments, Remote services, packaged products and custom developed, Acceptance and RTP - Risk Treatment and Mitigation process.
• IT compliance reviews- User and Administrative Access Reviews, Vendor Access Reviews, Profile Reviews, Reviews in line with guidelines, standards, Security Frameworks and regulatory requirements and UAT.
• Design & Implement Security Risk and compliance controls aligned with ISO 27001, NIST 800-53/37, FedRAMP like NIST, Fed RAMP, ISO, COBIT, HIPAA, SOX, ITAR, Assist in conducting and documenting the audit findings.

IT Security and Risk Compliance Analyst

Confidential, CA

Responsibilities:

• Worked as AIG IT Security Risk and Compliance -Business Analysis, Implement IAM/IDM solutions, PUM/ PAM privileged user access managements for AIG, gathering IAM business requirements, Design BRD documentation, process As-Is /To-Be data analysis, Use cases, UAT, Traceability plans, data integrations and validations.
• Liaise with Ernst &Young for streamline IAM process, Design project scope and approach documentations, discover inventories and analysis from all platforms, design and implementing IAM security and compliance requirements, identify risk profiles, user, administrative Access, recertification process, TPAM solution for password management.
• Build and Implement IAM platform, develop Identity, Access and Privileged account life-cycle processes, configure SAIL POINT, AD,LDAP, Role management, integration, expanding schemas upon platform attributes, manage Tomcat application server and logs, Develop and integrate IAM workflows, business rules, policies for IDM process
• Managed HR data, Authoritative data, Identities, privilege, Nonfunctional and functional accounts (System, Service and shared), Logical access managements from platforms like UNIX, RACF, AS 400, Windows, AIX, Mainframes, Top-secret, Databases MSSQL, Oracle, Sybase, AD, entitlements, RBAC engineering, mining and implementing.
• Integrate and migrate all privileged and functional accounts into IDM platforms, IAM Internal governing Controls and effectiveness testing, Identify and analyze business and technical risks, Evaluate operational policies and procedures, identify control weaknesses, Develop IT Security controls where gaps exist, identity analytics, develop risk remediation and operational process, ON boarding applications and Database management with MY SQL.
• Administration Identity with Flat File Collection, direct and custom connectors, provisioning/ DE provisioning process by automating life cycle events for JML- Joiner, Movers and Leavers, mapping with identity, application accounts, extending attributes, correlation rules, aggregation tasks, policies for privileged accounts, risk remediation process with implementing security controls for data protection, user access, permissions and user activities.
• Perform risk assessments; develop risk remediation processes, AD cleanup LDAP synchronization, dashboard reports for risk treatments, test security controls to effectively manage risks associated with privileged accounts.
• Periodically perform internal compliance assessments for SOX and Federal Reserve regulatory, facilitate external IT SOX audits, applications and validate access across all enterprise platforms, test effectiveness of internal controls.
• Administrate TPAM password vaulting, Service Now integration, incident and change tickets, design associated workflows and Change process, disable inappropriate access, Enforce “minimum necessary” privilege principal for administrative accounts, Standardize the lifecycle process for privileged accounts, UAT Testing and sign off process.

Information Security Analyst

Confidential, NYC

Responsibilities:

• Design IAM architecture, gathering and analyze business and regulatory requirements, solution scope opportunities and translate into technical solutions, BRD/FRD documents, ON boarding and integrating business applications.
• Lead Information risk Management programs IRM, Security operational and risk frameworks, Risk assessment, demonstrated develops and drive various risk mitigation/remediation processes, support security incident tickets, analyzing complex provisioning /de provisioning user accounts, password, lock and access requirements.
• Liaise with Application owners for IAM development, implement security policies, data and access validation, authentication and authorization rules, UI customization, monitor privilege account and access violations, role mapping, entitlements, role engineering, implement Access using Role Based Access Controls using ORM solutions.
• Identify IAM issues, UAT, create reconciliations process, adapters, custom process forms and approval workflows templates, digital certification, Session management, OEM -Transparent database encryptions.
• Configure Oracle for 11g, integrating applications, SOD segregation of duties and integrate OID/ODSEE/GTC Connector, reconciliations tasks, Identity and Access validation OIM reports with BI publisher and SQL queries.
• Administrate Linux, web logic, JBOSS server, database management. approval process using SOA/BPEL, request templates, manual and automated workflows, testing workflow functionality, BAU, Active Directory integration, Access group policy, data migration and AD cleanup, LDAP query, GPO, provisioning, data modeling with Varonis.
• Vulnerability management and scanning (Nexpose), Nmap scanning for IP, port, operating systems, protocols and services, Security control testing and penetration testing, SQL injection, ensuring internal controls for applications.
• Monitor log management SIEM- ESM MacAfee reports, alert, monitor solar winds (network management), security Incident and analysis, review all security controls breaches and incident tickets with ITSM7 client.
• Manage HIPAA regulatory requirements, KPMG audits and compliance, develop audit reports, follow up audit issues and ensure system comply with IT Security standards Information Security frameworks ISO, ITIL, COBIT.

Sr. System Analyst

Confidential, RI

Responsibilities:

• Gathering IAM business and technical requirements, develop BRD/FRD doc, review functional use cases, administrate OIM - Identity, privileged, Access Lifecycle Management, Recertification process, SOD, RBAC implementation, design automation and custom Process forms, integrate workflows with policies and business rules
• Manage GIS, Develop IDM solutions to securing IT applications, SSA security self-assessments and application Infrastructure security issues, comply with IT security policies, standards and analyze the designed internal controls.
• Lead application security, application and infrastructure IT security controls, Vulnerability assessments, session management, remote logging, integrate user accounts with IT security policies, Provision and De provision user access, Access certifications, authorization rules, approvals, permission levels, problem management reports.
• Administrate enterprise-level user Identities, accounts, lock, password, reconciliation and access issues, Design Console, ON Boarding applications, automated and request based provisioning process to business applications.
• Administrate OIM, PAM - Privilege account and access management, provisioning IT resources, authentication and authorization based on access policy, Implement workflow with approval process and server configuration, error handling and data validation, log management and infrastructure security services, securing of IT assets.
• Administrate Logical and Privilege access management-LAM, ACL - LATTE, ONE Cert, feed configuration files and database connectivity, ACL Reports for users, systems, Database, Infrastructure Sybase, Share/Functional/user groups, logging security, RSA Secure Tokens. Performed the IT business continuity and disaster recovery programs.
• Administrate Active Directory, GPO, LDAP, Active Role Server, Privileged accounts creation, Revoke, Amendment work flows, Access and Password Management, functional and share groups, Access and approval workflows failures for business applications, Closure of noncompliance issues in UNIX, Tandem and Mainframe systems.
• Periodically review the minimum baseline security and administration processes for Data, standards, identify the information assets in coordination with business owners, risk mitigation control, RCSA and ensure all controls are in place, Support BAU and BCP activities, ticketing systems - REQUEST, ESP, Service Now, HP OVSC.
• Develop test cases, SQL scripts (TOAD), UAT, security level testing to validate data, system controls, request releases and OIM DB patch testing, System Integration (SIT), Functional, Report level testing, UAT and Ad hoc changes in workflows, implement requests process, Bug tracking with JIRA, Pre/Post Implementation reviews.
• Security Risk Assessments (ORA) - Identify threats and explain the risks associated with application, vulnerabilities (Operational weakness), review security and IT general controls, demonstrate exploitation and recommend mitigation options, RCA Risk control Assessments, provide assessment and IT Audit reports to Risk Committee.
• Facilitate External Security audits, follow up Audit trails and control issues, Manage PWC, MAS, KPMG, RBI inspection and regulatory requirements, FCA, SOX compliance, MAS guidelines, ITGC security standards.

Sr. System Analyst

Confidential, CA

Responsibilities:

• Lead Application Security, gather and implement regulatory requirements, Review IT security policies and procedures, System audits, perform compliance testing for trading Systems and Applications, incident investigations
• Liaise with developments and business owners, SGX IT Governing Council, Implement IT Security controls, Audit trail, Infrastructure Access privileges, Network and Database security, system file permissions, DLP for devices CD, USB network drives, Log information transmission, Log storage, analysis and disposals, policies.
• Implements information security policies on Core Trading Systems, administrate IAM Identity and access management, PUM analysis, Audit Internal controls, Connectivity testing, Oracle RDB functionality with SQL
• Security administration setting on HP-Open VMS Cluster, Access controls for Trading Applications, users, Systems, Active directory AD, System configurations, Server access, authentications, remote File transferring policies, Session management, monitor data flow, DLP - protection of sensitive data and Network gateways.
• Perform Risk assessments - Identify, Analyze and Evaluate risks and business impacts, Security risks assessments and mitigation plans, Identify threats, Vulnerability scanning and assessment, ensuring confidentiality for systems, application, data, Penetration (SQL injection),OS hardening, Functionality, Latency, IWT and Regression testing.
• Support Trade floor, L2, BAU, Log and Event management SIEM, BMC console, application issues, systems health checks, Database Oracle RDB, security and governance, monitor data transaction, Client -Server access connectivity, user Accounts/ID, Access controls for Internal/External gateways, ILO cluster administrations.
• Mange Releases management, RR, WO planning, rollout, Patch Management, pre CAB meetings, Change management, Ad-hoc changes in Operations, RFC’s and CR, Developed BCP documents, Implement disaster Recovery process, BCP Simulation, design test planning, scheduling and execute work area recovery (WAR) test cases, defect management process (HP Quality center), response incidents alerts from command centers.
• Managed SGX Derivatives Quote systems, OMX market data systems for Secure Clearing and positioning, Settlement, Risk Evaluation, Margining Market Orders, Dissemination and Deal Capture trade systems, Market Data Validating, HP RTR (transaction router) for Data Transactions, Data connectivity testing for SAN EMC.
• Build, Integrate and test Nasdaq OMX- DMDF Market data systems, Click XT, OMX Applications, Infrastructures, SGX managed networks, OMnet process, API, CLICK XT TRADE, APPSMIND Application management, BMC PATROL, Install/Upgrade/configure HP Integrity Blade ITANIUM, AMT.

Sr. System Integration Analyst

Confidential, NY

Responsibilities:

• Reported to APAC Market Data Development Head - Managed exchange Market Data and System integrations projects, Risk assessments, Data services, Implement Security controls, IT Compliance checks and System Audits
• Lead system integration projects, Enhancement, service improvement projects, Build, Test and integrate applications, Infrastructure, VAP and network and Data feed connectivity, IDN network, Feed RDF-D, Log management, Release management, deploying Reuter Instrument Code (RIC, SIC).
• Managed Singapore/Beijing -Thomson Reuter’s system integration team, vulnerability scanning, penetration testing, VPN configuration, System Integration QA testing (SIT), EQUITY valuations, data injection, UAT, Functional, Performance, Regression, Load, Stress, Design manual or automated scrip in HP QC, Defect tracking and bug fixing.
• Managed APAC tickers, Reuter’s 3000 xtra, KOBRA trading applications, Direct Integrates with Reuters Data Feeds, Reuters Market Data System (RMDS), validate real time market data flows, data transactions from various Stock Exchanges, Implement new data processing methods, tools, UI, systems capacity and performances.
• Support market data real time issues, L2 support, OCM operational control, BAU activities, system failures, operations and exchange/venues, handling incident and emergency tickets, Reconcile trades and position breaks, liaise with application owners to assist with forecasting system utilization.
• Manage Integrated Digital Network and Reuters Tick Capture Engine enhancement projects, VAP up gradations, Settlements and Clearing financial instruments. Managed RTCE are fully integrated with Reuter’s data (DFC, DFR, DFH, Tick History and Corporate Actions), administrate Intelligence Line switching process.
• Managed Day-to-day Market Data Operations, configured HP blade Servers, Network capacity, Bandwidth utilization, Network Latency, CPU and Memory Utilization, HP Server health, End to end latency testing
• Manage Release administration, roll out, planning, procedures, prioritizations, compliance for process adherence, Patch and Global Change management process - Ad hoc change tickets, RFC’s, CR, SCM, and pre CAB meetings.
• Manage IT Security Audits for System, database governance and applications, review and validate data access, comply with IT security standards. Provide various audit reports and evidences and follow up with IT audit issues.

Engineer Order Management- Operations

Confidential

Responsibilities:

• System Analyst for Global Network Operations, NOC, Data migration, Application testing, network connectivity, Integration Projects, Manage Data feed connections, Data validation and and implement Security Compliance.
• Design and develop Operational procedure, SOC, Solution Implementation order desk SIOD for Cable and Wireless UK. and tracking SLA for all Global client Issues and provide remote technical support.
• Global Network data Operations, Troubleshooting TCP/IP, Testing integrated networks, applications, QA status reports generations., Data like IPVPN, Switched, IPLC, Leased line and Bug Tracking.
• Support the Security incident tickets, Service Request like Installation, configuration, troubleshooting, Implementations, monitoring for Networks Operational issues, escalations and outages, provisioning and Cessation of services. Liaise with the Development team, Release management, RFC (change request form) for production.

Network Engineer - Operations

Confidential

Responsibilities:

• Managed security implementation of core trading CTCL VLAN in catalyst switch CISCO3550 layer3
• Managed NOC, network switches, Access control for trading systems, providing L2 and trade floor support, Incident tickets, systems, infrastructure and application testing.
• Administrated LAN, WAN, VSAT, Leased Line, TCP/IP, UDP, ISDN, VPN, VLAN, Troubleshoot Hub/Router CICSO 2900, 3550 switches, Testing - UAT, database client and server connections, Support production activities, monitoring System health checks, Network traffic and interface’s.
• Manage network data operations-NOC, configurations, providing access to remote login and file management from multiple sites. Troubleshooting Internal/external network problems. Performed Vulnerability scanning, packet/protocol/Port analyzer and Network traffic with Ethereal Sniffer, capacity monitoring, support trading server administration, data operation, data validations and daily backup & restoring process.