SUMMARY:

• Over 12 years of experience in Analyze Information Security, Incident Management, Governance, Risk, IS Audit, Software Development and Information Technology Projects
• Developed Incident Management framework according to ISO 27000 standard
• Formulated Strategy, Policy, Directives and Guidelines for covering aspects of Cyber Security based on NIST recommendations and SANS 20 Critical Controls
• Managed projects for Incident, Vulnerability Malware Defense, eMail Security and Encryption, Filtering, DDoS, IPS/FW/F5/SIEM, Policy Management and System Compliance
• Developed Information Security Governance framework, covering Information Security Strategy, Policies, Directives and Guidelines based on ISO 27001
• Experienced in evaluating risk and controls within the purview IT General Controls (ITGC) and IT Enterprise Controls (ITEC)
• Worked variety of projects for Phone Apps, Websites, Portals and Hadoop
• Developed and prepared Disaster Recovery & Business Continuity Plan
• Worked on infrastructure projects included IT Security, Compliance, Networks, Data Center, Cloud Computing, Storage and Virtualization
• In depth knowledge and experience in Hortonworks, Kafka, Flink and Cassandra
• Strong working experience in Agile, SCRUM and Waterfall methodologies
• Outstanding in Communication and Presentation Skills
• Hands on experience in Software Development Life Cycle (SDLC) from requirement analysis, management, communication and process improvement

PROFESSIONAL EXPERIENCE:

Confidential

Information Security Analyst

Responsibilities:

• Responsible for Incident Management planning, analysis, design, construction, testing and implementation of IT Security for business units
• Developed Risk Management and Governance framework
• Prepared documents for Change, Incident, Disaster Recovery and Vendor Management
• Managed Advanced Threat Detection and Web Application Security projects
• Conducted GAP analysis to implement cloud solution in IS Security environment
• Implemented cost effective solutions with third - party vendors through requirements, selection and deployment
• Established Change Management process for Infrastructure and Development team to minimize scheduled outage
• Managed full lifecycle Asset Management processes to track critical assets
• Ensured BCP and DRP are tested to minimize the disruption to critical business systems
• Prepared test plan, use cases by using Python scripts and communicated to QA team
• Scheduled end users training for security awareness

Environment: /Tools: SQL, Solaris, Oracle, Java, Microsoft Suite, LINUX, Python, Java Scripts, Palo Alto, Fortinet, Cisco ASA, Remedy, ServiceNow, SharePoint

Confidential

Incident Management and Security Analyst

Responsibilities:

• Responsible for Incident Management planning, analysis, design, construction, testing and implementation of IT Security for business units
• Developed Information Security Risk Management framework while aligning it with the prevailing Enterprise Risk Management framework within the organization
• Implemented Information Security Risk Management framework across the organization wherein multiple risk registers maintained by different divisions
• Conduct GAP analysis for incident management to minimize the network downtime and improve efficiency
• Establish and implement data logging projects to make sure data is secured and protected
• Manage implementation and reporting of Security Operations Center (SOC)
• Conduct review and update of Business Continuity Plan and testing/drills
• Establish continuous vulnerability assessment and management program, including internal assessments and external penetration testing activities for security weakness
• Anticipate security alerts, incidents and disasters and reduce their likelihood
• Conduct training on information security awareness as well as Business Continuity
• Suggest & recommend approach for Risk Control Self-Assessment (RCSA) to be adopted which is currently being adopted

Environment: /Tools: IT Enterprise Controls, BCP/DRP, SDLC, NIST, SQL, Solaris, Oracle, Java, Microsoft Suite, LINUX, Palo Alto, Fortinet, Tableau, Cisco ASA, SalesForce, Cisco IOS and NX-OS routers/switches, ServiceNow, Check Point, Juniper Netscreen, Juniper SRX, Splunk

Confidential

Incident Management Team Lead

Responsibilities:

• Developed Information Security Strategy for entire Banking Group
• Developed Cyber-Security Policies, Directives and Guidelines based on NIST recommendations and SANS 20 Critical Controls
• Met 99% of time & budget constraints by addressing motivation issues and spearheaded documentation for alignment among entities
• Conducted due diligence to uncover variations in control structure included risk assessment for audit, SOX, fraud monitoring and business restructuring
• Produced comprehensive statement to address potential fraud at client firm, coordinating input from 30+ cross-functional resources/process owners
• Managed Data Classification and Leakage, Loss Protection & Prevention projects to keep compliance with regulatory requirements
• Implemented migration plan for Security Management Systems (SMS) from Bank Smart (legacy system) to T24 R8 in 285+ branches
• Established direction to benchmark best practices, identified Gaps and documented Business Requirements
• Analyzed vendor performance to assure compliance with service level agreements
• Developed and deployed Information Security Incident Management process based on ISO 27001 standard
• Setup Security Operation Center (SOC) for monitoring and reacting to security events based on defined terms of reference and escalation procedures

Environment: /Tools: LINUX, UNIX, Solaris, Windows, PCI DSS Compliance, Tableau, Cisco ASA, SalesForce

Confidential

IT Security & Incident Management Consultant

Responsibilities:

• Worked with Business, IT, internal and stakeholders to meet project scope per agreed base line
• Developed and formulated IT/IS Programs, Checklists and Risk Grading Matrix
• Redrafted Audit Reports format to reflect COBIT architecture
• Developed 170+ SQL based reports for assisting financial auditors and data analysis
• Deployed Distributed Denial of Service Mitigation Capabilities
• Replaced Log Management and Security Information Event Management Solution for High Security Management Solution (Privileged Users)
• Implemented Role Based Network Access and Multi-factor Authentication for Virtual Desktop Interface (VDI)
• Upgraded Symantec End Point Protection (SEP)
• Implemented Data Scrubbing in the Performance and Implementation Test Environments
• Managed and prioritized resources, work package assignments and budget using critical path method (CPM) and earned value (EV)
• Designed and developed Business Continuity Plans & Disaster Recovery Plan
• Evaluated operational security policies of firewalls, Updated Risk Logs on weekly basis to ensure management awareness of high priority issues
• Prepared documents to measure Key Performance Indicators (KPI’s)

Environment: /Tools: Sybase, SQL, Solaris, Java, Windows, LINUX

Confidential

Project Manager

Responsibilities:

• Delivered Cyber Security services included firewall management, secure remote access, PKI, SSL certificate lifecycle management, IDS/IPS, endpoint security, vulnerability management and web content filtering
• Developed corporate cyber security policies and guidelines
• Developed cyber security Incident Response Plans (IRP)
• Implemented cyber security training for all employees
• Define standard operational maintenance activities
• Deployed Security Event and Incident Management (SEIM) tools and services
• Designed and segmentation for business and ICS networks
• Implemented standard documentation for networks and systems configurations
• Developed cloud-based services security services assessment
• Managed multiple vendor partnerships
• Identified gaps and opportunities for improvement
• Documented Flow Charts & Process Flows for the major activities
• Employed SQL to directly target exception scenarios and generate reports

Environment: /Tools: Regulatory Compliance, ISO 27001, ISO 27002 and PCI DSS

Confidential

Project Manager

Responsibilities:

• Developed and implemented IT Governance framework, included IT Strategic Plans, Policies and Procedures
• Developed project management plans and associated communications documents
• Responsible for identifying, monitoring and responding to risk and prepared Risk Mitigation Plan
• Effectively communicated project expectations to team members and stakeholders in a timely and clear fashion
• Liaised with project stakeholders on an ongoing basis
• Estimated the resources and participants needed to achieve project goals
• Formulated and managed a department while leading the team
• Trained new staff members and end users and prepared letters for communicating with the executive management for various reasons

Confidential

Project Manage

Responsibilities:

• Worked with in-house and off-shore development teams
• Conducted GAP Analysis to identify & recommended alternatives to streamline the service level offering
• Documented business and system use cases along with process scenarios
• Generated Unified Modeling Language (UML) diagrams such as activity, state transition and sequence diagrams to demonstrate critical processes
• Produced functional specifications and conducted weekly meetings with developers to discuss outstanding technical issues and ensured that deadlines were met on time Formulated and implemented various IT related Policies and Procedures based on various international standards and best practices resulting in cost saving
• Solely formulated and deployed Disaster Recovery Plan (DRP)
• Prepared presentations for management on various topics related to different projects
• Prepared shell script files for auto executing certain tasks

Confidential

Systems Analyst

Responsibilities:

• Responsible for gathering requirements
• Drafted BRD, SRS & FRS documents & conducted structured walkthroughs to review/confirm the requirements
• Documented business and system use cases along with process scenarios
• Generated Unified Modeling Language (UML) diagrams such as activity, state transition and sequence diagrams to demonstrate critical processes
• Developed requirements traceability matrix (RTM)
• Remotely provided direction to off shore testing team and ensured that an appropriate level of application quality was maintained

Confidential

Professional Services Consultant

Responsibilities:

• Liaised with SME to elicit, analyze, document and validate the various processes being utilized
• Documenting and creating flow charts for current and new processes and procedures
• Responsible for managing the validation process of various internal systems used to capture and document requirements, develop and test system specifications
• Reviewing the BRD and RS documents & conducted structured walkthroughs to confirm project scope
• Conducted weekly meetings with developers to discuss outstanding technical issues, to ensure that deadlines are met
• Leading the team responsible for reviewing and evaluating processes and recommending improvement