SUMMARY:

• Middle Management Professional
• Risk Management Control Testing IT Security Audits
• Business implementation Business Transformation Projects Client Relationship Management Operations Management & Excellence Team Management Customer Service
• Thrives in fast - paced environments, readily adapting to evolving business and market challenges
• A result oriented professional with 12 years of experience in Risk Management, Control Testing, Business Transformations projects and Customer services with proven expertise in working in all information technology and security related audits.
• Deft in creating, enhancing and maximizing enterprise value by originating and executing risk mitigation by spreading Risk Awareness, Control Testing, Risk and Control Assessment.
• Proven ability to provide guidance and subject matter expertise to IT and business teams on processes, controls and objectives around audit and information security activities, best practices and process improvement, and manages assessment reporting and remediation activities.
• Innovative professional having work experience in the service industry. Splendid knowledge on Risk Management, Team Management, etc.
• Defining operations that impact business growth and maximize profits through achievement in time management, internal controls / efficiency improvements.
• A business-centric professional; hands on experience in driving overall business Operations (in sync with the macro organizational plan) encompassing vision & mission definition, budgeting, technology evaluation & evangelization, and implementation of projects.
• Enterprising leader with a solid record of contributions that involved establishing new businesses, identification of new business opportunities, setting up of new processes, streamlining operations, efficient client relationship management, etc.
• The stints helped in honing abilities of identifying potential improvement opportunities, deconstructing complex situations and further conceiving and implementing streamlined solutions that have led to increased revenues, profitability and overall success to the organizations.

ENTREPRENEURIAL SKILLS:

Often undertaking responsibilities to set-up new businesses.

Risk Management

Governance Risk & Compliance

Enterprise Risk Management

Vendor Risk Management

Vulnerability Risk Management

Security Operations Management

Business Continuity Management

Audit Management

Operations / Service Delivery

Client Relationship Management

Prioritizing, Planning and organizing skills

Team Management

Communication skills

Problem solving

TECHNOLOGIES AND TOOLS:

Penetration Testing: BackTrack 4/5, SQL Injection, Web Application Testing, Metasploit

Vulnerability Assessment: Nessus, Metasploit

Web Application Testing: App Scan

Database Testing: Mysqloit, SQLmap

Forensic Software: Encase, TASK

Network Assessment: NMAP, TCPdump

Password Cracking: John the Ripper, rainbow tables

Identity and Access Management: Mainframe (CICS, RACF), Unix (Solaris, AIX), Windows AD, NT, BMC (Control SA) Identity Manager,, RSA SecureID Administration, Lotus Notes, AS400, Exchange

OCCUPATIONAL CONTOUR:

Confidential

Manager Business Risk and Control Management-Global Risk

Responsibilities:

• Support and execute annual risk assessments for all NA, EMEA (ISR AND FCC RC) RCA entities and align with current Key Operational Risk and Key Risk Indicator inventories to ensure all key elements of framework are incorporated into RCA.
• Support and execute challenges of NA Quarterly and Yearly RCA entity ratings in accordance with Risk Policy ensuring that RCA entity ratings are representative of the RCA Entity’s risk exposure.
• Provide assistance to Businesses in anticipating and mitigating operational risks.
• Develop strong working relationship with the 1st line of defense within scope to be a valued and respected partner.
• In collaboration with ORM Business coverage, establish appropriate engagement process with the Business to enable meaningful challenge and oversight and participate in risk management focused forums.
• Ensure business adherence to operational risk policies with particular focus on Appendix A (Managers Control Assessment Framework). Ensure timely corrective action in case of non-compliance.
• Serve as the NA Consumer ORM Risk and Control Subject Matter Experts (SMEs) and provide feedback to ORM Business Coverage Teams on unmitigated significant risks
• Execute responsibilities articulated in the ORM Policy for independent operational risk managers including RCA entity rating challenges and cycled ARA challenges
• Ensure adherence to Consumer Op Risk procedures for independent Ops Risk Managers. Assist in the continuous improvement of these procedures to strengthen 2nd line of defense oversight.
• Ensure Business is linking all tools in place for managing the operational risk management cycle and evidencing the feedback loop across RCA and Key Risk and Control Indicator process, Scenario Analysis and Loss Analysis results on a continuous basis.
• Escalate operational risk events within the Business and within ORM as appropriate with relevant context and risk assessment
• Support the annual policy attestation process by providing Business Coverage Product Leads with recommendations on RCA qualifiers and/or exceptions where applicable.

Asst. Manager Information Security and Risk

Confidential

Responsibilities:

• Monitor user provisioning and de-provisioning administration.
• Monitor on User ID Provisioning, Access management and IT Security administration tasks
• Handle incoming calls from customers and call back if required to support and close the request.
• Responsible for Managing and Maintaining Infrastructure Logons for Employees and its clients through Applications like: Active directory, Mainframes-IDM.
• Exposure on Single Sign On (SSO) applications.
• Client Interaction and assistance in smooth transition of the applications from legacy systems to Identity Access Management tool.
• Monitor service requests received through the help desk to facilitate timely resolution.
• Monitor information security daily check list activities.
• Troubleshoot application/system access issues and answer general inquiries regarding information security practices or security access.
• Identify process deficiencies and suggest process improvements.
• Review and maintain process/procedure documentation.
• Collaborate with internal and external auditors on security issues, investigations, and routine reviews.
• Perform additional duties, as assigned

Analyst, Information Security and Risk

Confidential

Responsibilities:

• Undertake user access Admin work in granting high privileged accounts access on Payment related applications across the group.
• Mainframe and CICS- Granting access to ACF2 and DB2 tables on Mainframe and creating Unix user accounts through Enterprise Service System (IBM tool)
• Global Payment system Project Support - Testing GPS application on UAT, providing ISR Signe off and creation of user accounts.
• Identify trends, themes, tendencies that indicate emerging operational risks by relying on mining trends in relevant metrics (especially RCA and Incident data), loss data and external events.
• Effectively communicate learnings to ORM Business Coverage Leads in order to drive necessary responses and action.
• Proactively analyze various data sources to form an independent assessment/opinion of operational risk in ISR and FCC function within the scope of responsibility.
• Continuously monitor Key Operational Risks and related Key Risk Indicators reflected in the relevant RCA entities and escalate to NA Consumer ORM Business Coverage Leads, as appropriate.
• Understand and articulate alignment of Business level KORs and KRIs with Global Risk Lead and Risk Indicators of the RCA Entities that constitute / support the Business.
• Participate in and execute Risk and Control Assessment Challenges to proactively identify significant potential gaps in risk mitigation frameworks (e.g. RCA). Identify changes in business strategy or relevant regulations that may lead to an increase in operational risk exposure and ensure that the risks and controls are adequately reflected in the relevant RCA entity or entities.
• Analyze ops risk losses, KOR/KRIs, Independent Audit Exams, Compliance Testing results, Regulatory Exam results,
• QA results to ensure linkage and coverage in applicable risk and control frameworks (e.g. RCA).
• Support Risk Reviews conducted by Risk and Control Assessment unit or jointly with ORM NA, EMEA Business/Function coverage.
• Develop actions or, as appropriate, projects to apply lessons learned and share across relevant geographies/managed segments.
• Work as an independent partner to mitigate risk and improve processes and controls so as to take action before risks materialize into op losses.
• Evaluate control issues and ensure adequacy of Event Root Cause Analysis. Collaborate with ORM Business/Function in ensuring adequate corrective action plans.
• Cascading team and staff about the awareness and importance of Information Security through different channels like electronic emails and Notice Board.
• Tracked and closed all Management Self-Identified Issues pertaining to the process.
• Designated staff for Clear Desk Policy for one of the enclosed area for the Department.
• Conduct Surprise spot checks for usage of Internet and External Email usage for the team.
• Work experience with multiple stakeholders located in various regions (US, UK, ME and Australia)
• Information Security and Risk SPOC for Department Governance Committee
• Good Relation with the Business partners and Management.
• 6+ years of experience with Information Security.
• Team Management, Team Development, Resource Management
• Ensure that Coaching, development, feedback and recognition of team members is carried out on a regular basis.
• Implement policies and procedures in all concerned business areas and ensure that audit requirements are met in day-to-day operations.
• Audit & Compliance adherence, Internal Control Standards Maintenance Information & Security Policy Adherence, Functional Instruction Manual.
• Ensure team members adhere to electronic Time Capture System codes/Core Standards and observations are recorded with appropriate actions taken