SUMMARY

• Results oriented Information Security Professional who is creative in identifying and designing effective solutions to meet the current needs and future expectations of business.
• IT Security Engineer with extensive leading - edge IT experience in delivering exceptional customer satisfaction and improving overall enterprise operations.
• Proficient in front-end and back-end operations, development and support with and excelled record of bringing mission-critical projects in on schedule and within budget.
• Strong interpersonal, communicative, and organizational skills.
• Intuitive analytical ability to attain security around network systems, and application level solutions. Project management proficiency including analysis, design, development, implementation, documentation and evaluation.
• Experienced in C / C++, and, Java Script, and ASP programming
• Subject Matter Expert in advanced Penetration / Security Testing of systems, web application, and back-end databases. Strong in enterprise level Risk Assessment, and Business Risk and Control Monitoring / Auditing support
• Expert in Privacy Risk Assessment, Compliance testing, audit support and, misc. support such as IT Wide Area Network, LAN and Wireless Network Security Assessment
• Strong in Business Continuity planning and support
• Wide range of experience of handling 3rd party vendors and 3rd Party Risk Officer responsibilities
• Subject Matter Expert in OCC, GLBA, SOX and other regulatory support and compliance services
• Strong in IT Project Management for mid to large size enterprise level projects

AREAS OF EXPERTISE IN:

• IT Risk and Security Assessment
• Application Security Assessment
• IT Audit
• Vulnerability and Penetration Testing Services
• Risk Management
• Vulnerability Management
• 3rd Party Risk Officer
• Firewalls HIDS NIDS administration
• Database Access Monitoring
• Disaster Recovery and Business Continuity Manager
• Access Management
• PCI Assessment
• Incident Management
• Project Planning & Support
• IT Project Management
• Logs Reviews
• Privacy Risk Assessment
• Database Security Testing (All Platforms)
• BRCM Monitoring
• Control Monitoring & Assessment
• Regulatory & OCC Support
• Risk Analysis
• PCI, SOX, Audit, GLBA Compliance Support
• Level III Technical Customer Support
• 3rd Party Vendor Management Support
• Business Risk Management Support
• System/Application Risk Assessment Services
• Network Analysis & Administration
• Incident Management Services
• Executive Dashboard Reporting
• Archer Management
• Wireless LAN, WAN Networks Security Assessment
• Data Center & Infrastructure Assessment
• Security administration of Windows, UNIX, AIX, Mainframe Z/OS, DB2, Oracle, SQL platforms

SKILLS:

Business Information Security Officer, IDS, Firewall Incident Management support, and other experience with tools such as Apache Web Server, Archer, Microsoft IIS,, Server Backup Utilities & Tools, SSL Digger, NMAP, OWSAP Tools, DBProtect, IBM App Scan, OnDemand, Telnet, SSH Secure Client, Test Director and Guardium

PROFESSIONAL EXPERIENCE:

Confidential, Buffalo, NY

Sr. Consultant & VP/ Business Information Security Engineer

Responsibilities:

• Business Information Security Risk Engineer for US Service Delivery & Operations department IT Project Management, Compliance Management, Privacy Assessment, Risk Assessment, 3rd Party Risk Assessment, Business Controls Auditing, Legal & Compliance reviews, SOX / GLBA reviews, OCC regulatory support, and Risk Management support for Information Security & Risk projects. Incident Management and Data Leakage & Prevention support services.
• Business Risk and Control Monitoring Assessments & Auditing services for business functions.
• Regular interaction with Sr. Executives for remediation effort for emerging / existing risks.
• Risk Management services support part of Strong Enterprise Risk Management program Management of team of over 18 Deputy BIROs for Line of Business Info Security program ACF2 discretionary access control, access verification certification, role based access controls (RBAC), inappropriate segregation of duties with applications and Identity Management processes for Operations department.
• Strong knowledge of IT Risk assessments, proficient with Risk management frameworks such as COSO ERM/ NIST / ISO 31000 / Risk IT / ISO 27005
• Strong understanding of Audit lifecycle, issue management, remediation and exception management including ITGC framework.
• Compliance management (ISO 27001 / FFIEC / NIST / Data privacy / HIPAA/ FDA etc.) including familiarity with some IT GRC tools
• Responsible for creating internal department compliance policies, standards and procedures for IT, Information Security, and Privacy related requirements.

Confidential, Buffalo, NY

AVP / Consultant Information Security & Risk

Responsibilities:

• Application and mobile based application testing responsibilities, collaborate with development teams to test and schedule production releases of web services and major upgrades. . Vulnerability testing and penetration testing services for Confidential
• Research and analysis of emerging enterprise risks & IT vulnerabilities in Confidential N.A infrastructure
• Responsible for SOX, PCI, and GLBA compliance for databases, applications of enterprise infrastructure Vendor Management support services and management of request for proposal (RFP) for 3rd party Infrastructure Assessment of regulatory & mandatory project Project Management support for Information Security Risk sponsored projects for Confidential North America Security Consultant Services, Enterprise Risk Assessment, Infrastructure & Application Security Risk Assessment (includes mobile based applications) Firewall, Intrusion Detections, Domain Controllers, HIDS, NIDS, Wireless Network, WAN, LAN security assessment and monitoring.
• Database Access Monitoring and IDS monitoring support Application Security & Vulnerability Assessment services for CORE banking applications e.g. Internet
• Banking, Credit Cards Operations and Mortgage applications.
• Management of offshore resources for the testing team Experience with Security Assessment of all major database platforms (DB2 SQL, Oracle, Sybase.. and Windows, Linux, AIX, Unix all other systems & other platforms)

Confidential, Buffalo NY

Sr. Analyst IT Security & Risk

Responsibilities:

• Group Application Risk Assessment and consulting support Access Management and Active Directory management support.
• Vulnerability Management support (includes servers and application penetration testing services) Application Security and Infrastructure Security testing support for Confidential owned applications.
• PCI and ASV testing services for compliance of Confidential external networks SME support for PCI/SOX/GLBA/OCC compliance and risk remediation projects.
• Participated in development with Group Confidential Team to build Database Testing standard RSA Archer Vulnerability Management services for risk reporting and remediation related efforts
• Experience with testing applications

Confidential, Orchard Park, NY

ASP Application Developer / IT Support

Responsibilities:

• Develop and QA UAT Test Bridges TV website using ASP programming Administration and development of User Interfaces by determining Design Methodologies and Tool Sets Prepare Workflow Chart and Diagrams for Development & Release Planning Monitor Release Schedules, and follow Project Management & Development Methodologies.
• Network Administration Windows 2003 Servers, and Client XP Systems.
• Troubleshoot Company's Local Area Network Problems, Connectivity issues, Spy ware, Malware, and Anti-Virus Support