I am an accomplished IT risk management and security consultant with advisory and pragmatic management approach that can speak to the security landscape and communicate effectively with senior members of a client management and/or executive teams. I engage my customers with the depth of knowledge and experience in the core security domains of GRC, IAM, vulnerability management of web and mobile and security assessment and audit of data center operations, applications or 3rd party service provider operations. I provide subject matter expertise in the form of workshops, and consulting engagements, which assess a client's security capabilities, in the policy, process, technology or organizational areas. I identify gaps and recommend cost effective best practices to reduce client risk and increase their handle on security risk.

I generate positive impact by visible and positive ROI documentation, solution presentation followed with proven path for its successful implementation and structured effective communications. I work closely with business lines, infrastructure teams senior management, to contribute to the successful outcome. I actively look for ways to improve the processes around the program to provide a best of breed, world class service. I possess exceptional verbal and written communication skills, along with capability to quickly adapt to new concepts, technologies, and environment. Experience in pre-sales, sales, closure, and then to organize the delivery of security consulting services with local teams.

Areas Of Expertise

• IT Risk and Security Management
• IT Security Audit and Assessment
• Security Best Practices SME
• IT Program Management
• IT Infrastructure Coordination
• Process Design and implementation
• Business Analysis
• Project Planning
• Policy/ Procedure Creation
• Professional Experience

Confidenital

Global IT Security Program Manager:

• Designed, implemented and transformed the web application vulnerability management initiative for security and privacy posture of 700 web applications across the enterprise. 65,000 employees, 50 countries, 2000 Web Developers . The program exploded, with highest levels of maturity and enterprise engagement, from 10 to 700 applications within a period of 4 years.
• Discovered a deep understanding of current threat, vulnerabilities, attacks and countermeasures and process capability to respond effectively to them. Built training program for consistent change initiative for long term impact on the enterprise teams.
• Lead by taking ownership and driving forward the capabilities and maturity of the MetLife vulnerability, compliance and threat management programs by identifying appropriate technologies, policies, communication channels, organizational structures and relationships with third parties.
• Created web application security policy, procedure and measurement KRI, KPI criteria aligned with OWASP and CVSS. Applied deeper knowledge of and experience for applying Common Weakness Enumeration CWE and Common Vulnerability Scoring System CVSS to get the optimum ROI from the program.
• Developed meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk. Participate in dialogue with business teams to present technical concepts in non-technical and meaning full manner. Generated value by being adaptable and flexible while working in a dynamic environment fostered and maintained relationships with key stakeholders and business partners both regionally and globally.
• Created and operationalized threat modeling tool for web application security at design stage WAS-DS based on OWASP. Engaged enterprise architects and interdepartmental teams for implementation across the enterprise.

• Confidenital
• Participated in the development and deployment of new Archer Platform for enterprise GRC processes, risk assessment and management, threat management and incidence response.
• Conducted application risk assessment audits for IT datacenter, IT processing site and vendor processes for client server, web or multi-tier applications. Conducted audits needing regulatory compliance for HIPAA, PCI, SOX, and SAS-70 reports.
• Coordinated IT risk assessment and risk management for more than 1200 applications across application platforms, IT projects, and M A projects.
• Improved processes for offshore work for IT Risk Assessment of more than 1200 applications and 800 vendor providing IT services to MetLife.
• Managed 10 offshore resources under the outsourcing work model and improved process to increase efficiency, effectiveness, quality and compliance with company policies and practices.

IT Security Project Manager

• Confidenital
• Managed key projects to achieve critical success for MetLife by meeting time sensitive targets in the key areas of Identity Management , Access Control and Business Processes Outsourcing projects. Created strategic vision for MetLife for identity and access management.
• Managed projects to deliver business continuity and disaster recovery solution implementation for 18 business processes under Global Outsourcing Project BPO .
• Developed documentations for project planning, initiation, cost, resource estimation, time, schedule, cost and integration management across multiple projects. Worked on reporting structure in the enterprise program management tools.
• Implemented compliance process for IT security policies, managing the project through its complete life-cycle across 25 countries.

Confidenital

• Created and used extensive planning, scheduling, monitoring and reporting layouts using Primavera Project Management solution.
• Managed projects in the technology domains of network security, wireless access, VPN, core routers, Oracle Financial 11.5.9, Expedition upgrade to 8.5.9, Clarion CX700 EMC SAN, IT service management using Frontrange HEAT suite, VMware for workstation and servers, and Windows Server 2003 upgrade.
• Owned support for an IT application for capital planning development system . Improved import efficiency by 200 and optimized integration of data with other applications. Utilized Visual Basic, .Net, Oracle, Crystal Report and XML.

Confidenital

Networking and Performance Architect Team Lead Contract for INDUSA Technologies

• Generated 50 to 200 performance improvement with 10 global teams for multi-tier business applications by applying several performance monitoring tools and rigorous interaction with inner departmental teams.
• Implemented Six Sigma practices to deliver performance improvement solutions.
• Systems involved included GiMAN PDM , eMatrix PLM , Citrix, Web, Newton, LAN-WAN, Servers, Proxies, WebSphere, WebLogic, Clusters, NLB, and F5 load balancer technology.
• Applied rigorous methodologies using 20 IT tools to identify performance bottlenecks - Compuware: Vantage, Expert. Load Runner, QA Run, BMC Patrol, Team Quest, Fog Light and Spot Light, VitalNet, HP OpenView, QoS Works Sitara / Allot, Packeteer, Packet-shaper, Netcelera, Sniffer, NetMon, Performasure, and NetIQ.