CAREER PROFILE:

Achievement oriented Certified Information System audit (CISA) professional with diversified experience in Audit, Compliance, Risk Assessment & IT Security. Proficient in using technology to enhance data and information management effective communicator and problem solver. Enjoy supporting the efforts of multiple departments Team Player with proven leadership, communication, organizational, and relationship management skills.

KEY SKILLS:

Risk Categorization: (People, Process & Technology), Infrastructure audit, SOX and PCI Compliance audit, Implementation of SAP security rule set, Security architecture, project management,. defining role base user access, SAP GRC Access controls and SOD system implementation.

Frameworks / Standards used: COSO, COBIT, ISO 17799, ISO 27001&2, ITIL / ITSM, SEI - CMM, SSAE16/CSAE 3416.

Acquaintance with: HIPAA, GLBA, PCI DSS, PA DSS, FISMA, NIST, Sarbanes Oxley 2002 & Bill 198

PROFESSIONAL OBJECTIVE:

To obtain a progressive management position, where my education and quality conscious management skills would be put forth to ignite the business potential for mutual benefits.

PROFESSIONAL EXPERIENCE:

Confidential

Lead IT Security Consultant

Responsibilities:

• Leading Security Analysts for ISO-27002 based security architecture, drafting policies, proactive pen tests, web servers and application scanning (Retina, Nessus & IBM Appscans), guidance to Developers to deliver Secured IT solutions. Monitoring event logs, review of firewall rules, network segmentation and security assessment of IT solutions
• PCI audit review of Network segmentation, POS devices security, remediation with IT and reporting to executives.
• Continuous monitoring of IT changes, Privacy impact assessment, and process improvement at IT and business level.
• Managing IT project audits and security for emerging technologies to ensure compliance and regulatory requirements.
• Performing IT infrastructure and application risks assessment of existing and new technology solutions.

Confidential

Senior IT Audit & Security Consultant

Responsibilities:

• Walkthroughs of the critical wholesale, retail and investment applications and security Infrastructure controls, .
• SOX Compliance testing of OS (UNIX/Windows/zOS (mainframe), Oracle & SQL database, enterprise security architecture controls (Policies, SOP, Encryption, Physical & logical Security, SANs, Virtualization, Cloud & BYOD).
• Performing Quality Assurance over team s IT security test results by following the bank Security framework.
• Walkthroughs of IT security processes at global level and recommendations to improve/design of controls.
• Analyzing the vulnerabilities, web application results, recommendation & reporting to senior management.

Confidential

Senior IT Security Consultant

Responsibilities:

• Performed risk assessment of technologies, helped SME’s to improve security architecture, application security based on Splunk findings, web server security, checked existing controls related to legacy and emerging technologies; Firewalls, IDS/IPS, Vulnerability Management, Encryption, Content Filtering, Anti-Spam, Anti-Virus, Forensic and Data Loss / Leakage tools. Network Technologies (Hubs, routers, switches, wireless, SAN’s), Web Applications (XML, JAVA), Encryption (PKI, SSL, AES, 3DES), Unix (Solaris, AIX, Linux), Windows Server, Database (Oracle, MS SQL, DB2).
• Supervised team of 6 consultants for assisting 45 SME’s in security and OS hardening recommendations, helped SME’s to resolve security issues including architectures, electronic data traffic, and network access in compliance to PCI stds.
• Was involved in vulnerability scans using tools such as Nessus, Trustkeeper, & Tellus, helped IT operation team to identify network/host vulnerabilities and exploits, hackermethodology, host/network device hardening techniques, and security incidentprevention/mitigation techniques.
• Regularly conducted facilitated workshops with IT operations and Subject Matter Experts (SMEs) team around 20-40 physically and online conference for around 100 technologies, migrated Security gaps and remediation data to Archer.
• Facilitated SME’s to determine risk profiles and design controls for effective enterprise security architecture.
• Worked with technology teams for vulnerability tracking and reporting and conducted security walkthroughs.
• Analyzed security issues, provided input on Application Security Standards, application security consulting to project teams as required and assisted teams for mitigation of vulnerabilities.
• Participated in the deployment, integration and initial configuration of new IT solutions and of any enhancements to existing IT solutions in accordance with standard best operating procedures and the enterprise’s security standards.

Confidential

Senior IT Security & Audit Consultant

Responsibilities:

• Worked with clients security and business for testing the key process level IT controls in vital business processes; Checking IT Security and SAP based t-codes, configuration, backend programs and tables to ensure the integrity of business reports, validation of security parameters in Network, OS(UNIX & Windows) and application level.
• Audited SAP business process workflows, configurable controls, SAP data definitions, data extraction, and data analytics
• Architect the holistic security design related to the SAP implementation covering Infrastructure, network, encryption, SSO, SAP User security, SAP GRC and security models
• Worked with project team to design SAP security strategy according to SAP best practices, created roles, profiles, user IDs, and custom authorization objects, Assisted IT teams improving the Unit, Integration, and User Acceptance testing, SSAE16/CSAE3416 ITGCC analysis,Troubleshooting and resolution of security related issues.
• Perform segregation of duties analysis and remediation, worked with project management and project team to develop resource requirements, in corporate security tasks in the overall project plan, and define/manage security scope.

Confidential

Senior Consultant IT Security and Risk Assessment

Responsibilities:

• Worked closely with the IT application/process owners, and auditors to ensure effectiveness of security controls.
• Periodic application code scanning and vulnerability assessment, rationalizing the false positives, remediation of critical vulnerabilities, working with developers for new projects to ensure security check list is followed.
• Evaluation of security architecture, Risk assessment and security controls gap remediation.
• Gauged management tolerance with residual risk levels and generated action plans to address residual risk levels beyond the business risk tolerance.
• Applied Common Body of Knowledge to application solutions running on the Unix platforms and advise business partners on core information security architecture to ensure continuity of secured bank operations.
• Prepared information security threat landscape, including detailed technical knowledge about the most prevalent vulnerabilities, threats, SSAE16/CSAE3416 ITGCC analysis, attack methods, and infection vectors.
• Compliance with Government, IT Security, and industry standards. Such as: NIST SP 800-53/30, CDC, & FERPA.
• Assisted IT Network and Firewall teams in segmentation of network for PCI compliance readiness, web applications configuration settings, and implementation of security in critical bank application to avoid security breaches.
• Recommended changes to current security policies to support the delivery of new technologies, consultation to SME to create, compile and maintain information security policies, procedures, standards and guidelines to support the delivery of new technology.
• Participated in internal/external threat risk assessments and internal audit reviews, lead resource to internal clients regarding all aspects of systems security which includes: providing advice, migration of Risk based data to Archer tool and consultation to Applications Development.

Confidential

Lead IT Security & Audit Analyst

Responsibilities:

• Managed SOX audit, PCI Audit, Security Architecture design, risk assessment, ACL and SAP Security projects.
• Performed Cyber Threat Intelligence workshops for creating awareness to the SME’s, developed, maintained intelligence database in order to collect, exploit and analyze threat data to develop cyber threat indicators.
• Processed a large volume of structured and non-structured threat data from various network detection resources.
• Developed methods to report security indicators, security strategy to drive the reduction of risks on the implementation of security policy via IDS, IPS, Firewalls, routers, client agents, alerts and SCOM servers.
• Assisted IT Teams to implement chip based cards encryption at POS devices, segmenting the network, drafting the policies and training based on PCI DSS and corporate security policies for chip EMV cards.
• Independently tested and managed the IT SOX audit project by quarterly testing of infrastructure, SSAE16/CSAE3416 ITGCC analysis and follow up with external auditors for found exceptions in ITGCC.
• Developed key security controls matrices by mapping COSO, COBIT, and ISO guidelines of control objectives and managed to achieve the IT audit project milestones, & Teammate, Archer tools analyzed for audit use.
• Worked with developers to implement security controls from project initiation stage, application codes review, avoiding back doors, configuration loopholes, and guided developers for secured software design practices.
• Continuous check on vulnerabilities by Nessus and NMAP scans to avoid security breach for PCI Audit, security assessment and evaluation of the application development landscape tools, processes and 3rd party services
• Consulted IT team for DLP techniques, trained employees about IT security challenges and awareness to avoid security breaches as per PCI & COBIT and monitoring DLP tools to avoid security breaches.
• Managing SAP GRC project by evaluating user roles based on job requirements avoiding SOD issues.
• Assessed, designed, implemented SAP GRC Process Control suite of programs, including various assessment techniques (automated control monitoring, effectiveness testing), certifications, policy management, and master data.
• Continuous change management audit of critical IT Systems through SCOM Alerts, IDS events and Trip wire agents .
• Managed IT security component for helping IT operation adhere to corporate security standards.
• Managed PCI audit project by supervising the third party pen testing, probing the IP’s to ensure flawless security.
• Worked with IT teams for implementing VPN systems (Cisco, Juniper), authentication systems (i.e., multi-factor authentication, Kerberos), encryption (i.e. SSL, IPSec, PKI, Certificate Authorities, PGP, S/MIME), log and security.

Confidential

Manager IT Security

Responsibilities:

• Worked with Project teams to ensure security in application enhancement and new apps project utilizing the cryptographic algorithms, virtualization technologies, security log/event correlation systems, database security, firewall management/configuration and data loss prevention technologies and system hardening Security configuration.
• Oversight of security services as SIEM, firewalls, IPS/IDS, anti - malware & incident Management.
• Management of security services in vendor provided solutions to review security events, ensure appropriate resulting investigation and implementation of remedial action, & real-time monitoring and analysis of security.
• Conducted timely threat management for spyware, viruses, worms, spam and malicious code.
• Performed analysis of computer security advisories, vulnerability scans, and cyber intelligence threat.
• Participated as subject matter expert in the identification, containment and remediation of security events and incidents.
• Proactively detected threats, performed malware or forensic analysis as part of the incident management process.
• Communicated and escalated issues and incidents as required by process or management.
• Performed assessment of network protocols (e.g. TCP/IP, SSH, SSL, IMAP), security architectures on regular basis.

Confidential

Senior IT Consultant

Responsibilities:

• Worked closely with IT operations teams for network and application security projects, computer forensics, data analysis, implementation of Microsoft Exchange server, and Anti-Virus software.
• Research to keep up to date on current business processes related to the application, recommended innovative solutions to complex technological and management issues.
• Defined requirements and help in implementing appropriate solution for configuration changes to improve efficiency, reliability, utility of business applications and provided in-depth analysis of existing OS, network and application security state reports with recommendations to improve security on regular basis.
• Proactively communicated IT solutions while ensuring compliance to audit and corporate security policies.
• Developed / maintained user profile documentation and core configuration parameters
• Assessed impact of application software upgrades on business processes and communicate changes to users

Confidential

Lead IT Security Consultant

Responsibilities:

• Supervised and managed the team of IT consultants in risk assessment, prioritizing of risks, mapping of business processes with Risk universe, assessment of the SAP Security Solutions.
• Coordinated and lead cross - functional teams to identify the IT security gaps in IT processes, recommendations to develop architectures, implement solutions and ensure adoption.
• Worked with the business to define a strategy for improving existing SAP security and ensuring network security.
• Analyzed the current functional and technical architecture for application security including SAP security and the SAP Identity Management solution.
• Worked with non SAP security and architecture team in developing recommendations for the successful implementation of secured network and middleware applications supporting SAP.
• Assisted the team in integration of security solutions in legacy applications, alignment with standards, and with a wider focus on identity and access management beyond SAP and the Active Directory.
• Assisted IT teams implementing central audit repository Team mate and Open text tools

Confidential

Manager IT Security & Audit

Responsibilities:

• Analysis of key processes to develop RACI (Risk and Controls matrices), application of COBIT based controls and testing, identifying contingency requirements and producing, updating BCP procedures.
• Assisted IT operations team implement security policies and procedures in compliance to the SOX requirements.
• Conducted security assessments for applications and processes of IT operations analyzing the security incident response capabilities, identify and recommendations to rectify security gaps.
• Analyzed the log and alert monitoring, Intrusion detection systems / intrusion prevention systems, Malware detection and prevention systems processes at network OS and database levels recommended improvements to management.
• Created and implemented security checklist for Firewalls and firewall policies, Content filtering systems, configuration management systems, Anti-virus and anti-malware systems.
• Security incident handling

Confidential, Houston, TX

Senior Manager IT Operations

Responsibilities:

• Led the IT operations team in the maintenance and development of new information security policies, procedures and standards across the Company, developed secured IT solutions for the business teams.
• Supervised the implementation of leading - edge Security technologies and practices at network and application.
• Initiated, facilitated and promoted activities to create information security awareness across the company.
• Monitored changes in regulations and standards impacting information Security, and recommended policy amendments
• Performed routine compliance audits and risk assessments to pre-empt, mitigate and swiftly respond to audit findings