SUMMARY:

• Confidential has 19+ years of experience in IT industry ranging from Systems, Networking, System integration and 10+ years of IT Security / IS Risk Programs.
• Worked in Security Program office as Senior Project lead in Insurance customer managing multiple projects including Network Access Control, Radius Upgrade and COBIT Audit items and EISP standards.
• Has extensive experience customer facing Infrastructure Security Portfolio manager leading Onsite/offshore Security delivery (Operations, GRC and Projects) team in Confidential Group leading the Delivery Assurance of Managed Security Services.
• Conducted structured review of projects, quality processes and responsible for delivery of projects, induction, resources
• Have excellent knowledge and 6+ years of experience in Software development SDLC right from Project Planning, Requirements Gathering, Implementation and Testing, Risk planning, mitigation, estimation, resource planning and metrics reporting to management.
• Has excellent leadership skills and has led diversified teams onsite/offshore model, contractor/employee combination, led to account growth and mentored team on ILP and knowledge management within the team.
• Has 5+ years of Project management on IS Risk Governance audit/ process automation projects as Internal auditor for testing
• Internal controls for ERP systems such as SAP, Oracle and CRM.
• Exposure to Regulatory compliance issues like Identity management, HIPAA, GLBA and Sarbanes Oxley and ISO 27001 and COBIT/COSO Framework.
• He has a keen ability to understand and resolve issues, commitment to client satisfaction and excellent communication and presentation skills.
• Received Appreciation and Q s for excellent team leader skills and timely completion of projects.
• Results - driven Information Technology Professional with demonstrated performance in working at highest level of productivity while adhering to compliance standards, policies, and procedures.

PROFESSIONAL EXPERIENCE:

Confidential, IL

Security Program Lead

Responsibilities:

• Lead IT Security, Risk, Compliance projects
• Manage Security projects like Network Access Control that involved a diversified team of 12 (E.g Wntel/AD/Security Architecture/Testing/Network/Service delivery/Desktop/PKI/Radius/DR) engaged in Proof of Concept with two vendors Bradford and Cisco ISE and assist directors with NAC solution in accordance with EISP and COBIT related Audit requirements.
• Lead a team of testing and process analysts work with them to build processes around test strategy for SPO projects. FW, NAC, Compliance, Net IQ security engineers and business interaction on solving customer requirements in security architecture and enhancements to prevent Advanced Persistent Threat.
• Participate Strategic governance meetings and provide monthly status update to management.

Confidential, TX

Security / GRC Tower Program Manager

Responsibilities:

• Lead IT Security, Risk, Compliance projects and lead Portfolio Delivery team
• Responsible for driving cross functional teams, program level planning, tracking dependencies, capturing risks and highlighting to internal and external steering committee.
• Execute Security projects establishing PCI Compliant requirements. Gap analysis with GRC framework and provide recommendations.
• Design Network Security Architecture including Palo Alto, Juniper, Check Point Firewall rollout, Network Access Control, PKI assessment,
• Lead Active Directory Migration projects and including project governance and mentoring and security consulting to customer requirements.
• Track PCI Audit findings, remediation and report supporting auditors.
• Lead a team of FW, NAC, Compliance, security engineers and business interaction on solving customer requirements in security architecture and enhancements.
• Worked on IDAM projects based on Net IQ access manager federated single sign on to applications onsite as well as cloud based applications to enable AD credential based authentication.
• Participate Strategic governance meetings and provide monthly status update to management.
• Key role in Program management office working with auditors and SWAT team that enables addressing gaps found as part of gap analysis with service level agreements and SOW.
• Support project management office and make sure delivery risks are mitigated enabling successful project completion.

Confidential, TX

COB Compliance Program Lead

Responsibilities:

• Manage IT Risk management projects and lead Portfolio Delivery team
• Manage and Lead COB tests across datacenter for Mainframe and distributed applications including desktop applications.
• Test Planning and lead test coordination for Datacenter COB tests.
• Review Application Recovery Plans and Business Continuity Policies and
• Procedures and perform gap analysis and provide roadmap for COB strategy.
• As IS Risk SME support Business Continuity and Disaster recovery for Confidential IT

Confidential, TX

BSA Program Lead

Responsibilities:

• Support in Project selection, prioritize with PMO steering committee, project Kick-off meetings
• Authored Confidential application Security enhancement user stories based on agile development methodology, Support UAT, test scripts, use cases.
• Work with tech leads and satisfied project requirements. Mentored and reviewed Delivery team right from Requirements Gathering till Go-Live in COAF Auto Loan services portfolio.
• Developed and Lead packaging teams of Wipro BSA’s and assist in development and approval of Business Requirements.
• Project/service execution follow up and issue/problem resolution with development team involving Teradata in DWH
• Delta Polaris Escape - Security Requirement Gathering efforts in Interactive Map based travel booking web page security enhancements
• Lead Mobile application Requirement and Production Application Development programs on Facebook based Delta application development

Confidential

Configuration/Release Manager

Responsibilities:

• Worked with development team on Informatica ETL Code changes and E- Commerce web applications
• Lead Environment and program configuration board and enabled Business approvals
• Conduct Audit of IT Insurance Application portal w.r.t configuration
• Developed To-Be process for release and configuration management
• Lead Environment and configuration team and enabled Business approvals
• Gap analysis of IT configuration management against Configuration ITIL framework.
• Track projects status monthly with customer
• Presented environment and configuration strategy for customers

Confidential, NJ

IT Risk Portfolio - Delivery Manager

Responsibilities:

• Manage program on the aspects of delivery, operations, quality, and .
• Manage requirements gathering of massive release of IT Security Risk Governance applications.
• Managing Customer Relationship and SOW Contract Management.
• Lead Business Analysis Projects / service execution follow up and issue/problem resolution. Established Issue resolution mechanism.
• As IS Risk SME support Business Analysis team in and mentoring
• Manage IT Risk management Portfolio Delivery team. Lead GRC efforts including POC evaluation for Archer and RSAM GRC tools in accordance with Business Requirements.
• Conducted structured review of projects, quality processes and responsible for delivery of projects, induction, resources

Confidential, NJ

VP - IS Programs

Responsibilities:

• Manage requirements gathering of massive release of IT Risk Governance suite of applications
• Design IS Risk Model and Business, Application and Infrastructure Risk based Compliance Questionnaires, aligning Corporate IT Standards with Industry Best Practices and IS standards.
• As SME, Support Documenting Business Requirements and support in Product Development Lifecycle. CIRAS, ISRA, RCSA, Catalyst, iCAPS, TPISA, COBTrac
• Design Baseline Top-down Important Risks, Key Controls and Suggested test procedures for Risk disciplines for the applicable Risk family.
• Present Industry standard and regulation updates to the team as knowledge sharing.
• Provide Risk and controls matrix for enterprise automated risk assessment and risk reporting
• Development of risk control framework and support in design and test enterprise risk assessment methodology proof-of-concepts.
• Assist and participate in Working Group as SME providing feedback as well as document the process flows, design, support and re-engineering.
• Participate in systems development projects with responsibility to ensure delivery with thorough product acceptance testing of products into the business unit
• Impact analysis of Corporate Standards on current assessment processes and presentation to WG.
• GAP analysis of corporate standards with Industry standard regulations such as COBIT, Sarbanes Oxley, ISO 17799, FDIC and GLBA.
• Design test plans and perform Product Acceptance and User Acceptance test on Automated IS assessment programs.
• Active participation in process team supporting the task force in developing Corporate wide Information Security Risk Assessment Process (ISRA)

Confidential

Project Lead

Responsibilities:

• GAP analysis of corporate standards with Industry standard regulations such as COBIT Assessment of efficacy of existing controls.
• Design of Corporate Security Policy and detailed IT security policies and Procedures
• Design secure architecture after IT infrastructure assessment SDLC review for SAP, Oracle applications.
• Selection of Controls and audit recommendations

Confidential, New York

IS Audit Consultant - Project Lead

Responsibilities:

• Testing & Documenting the Risk, Expected Control, Actual Controls and Gaps within the IT Process/Application /Application interfaces. Develop Risk and control library for information security discipline
• Design Baseline Controls and Controls Assessment after Corporate Risk assessment
• Provide Risk and controls matrix for enterprise automated risk assessment and risk reporting
• Development of risk control framework and enterprise risk assessment methodology
• Compliance assessment on content of Risk Control library for corporate
• GAP analysis of corporate standards with Industry standard regulations such as COBIT, Sarbanes Oxley, ISO 17799, FDIC and GLBA. Evaluate POC for Archer and RSAM GRC tools in accordance with Business Requirements.
• Testing & Documenting the Risk, Expected Control, Actual Controls and Gaps within the IT Process/Application /Application interfaces.
• Test the operating effectiveness of general controls like Access control, Change control, Backup, VM, MBS and application controls in Horizon, Advent and other application environments. Review firewall and IDS audit logs.
• Develop narratives for network domain for security controls mapping for general controls
• Build detailed audit programs for assisting internal audit teams for management in ERP application security for SAP, AS 400, Oracle applications.

Confidential

IS Audit Project Leader

Responsibilities:

• Risk assessment using BS 7799 standard / GMITS guidelines
• BS 7799 GAP analysis
• Vulnerability Assessment & Penetration testing
• Analysis of Infrastructure vulnerabilities with knowledge gained from currently published attack methodologies and exploits
• Performance of onsite and remote Penetration tests and vulnerability analysis,
• Scanning and using necessary exploit code for testing
• Reporting on vulnerability to various remote and head office sites
• Internal Pen test
• Application Audit in ATM Switch Application
• Designing IT Security Policies and procedures, Develop security policies for Unix, Windows servers and Implementation Road Map for Compliance