QUALIFICATIONS

• High-energy achiever with experience in business analytics, information security assessments, penetration testing, security vulnerabilities identification, application support, product testing, and regression testing. Adept at administering, coordinating, and managing several projects across multiple locations. Reputed for work in global team settings and finding alternative solutions to current processes.
• Highly regarded for excellent communication and interpersonal skills, serving as a collaborative leader and as an IT Security consultant ensuring the implementation of security best practices. Known to have commitment to managing teams, operations, and projects flawlessly. Demonstrated keen understanding of business priorities while contributing to business development and revenue-producing activities.
• Knowledgeable in SOC1, SOC2, SOC3, FFEIC, and PCI-DSS Audit procedures, Penetration Testing, Ethical Hacking, and security testing methodologies skilled at identifying application and technology threats as well as recommending and implementing security risk solutions. Familiar with Performance Monitoring WUGs, Concord, WebLogic and Performance Analyzer , SQL queries and database, front-end IFS and SAP applications, and SAP RA3 application.

Technical Skills

• Computer Languages: VB.Net ASP.Net Visual Basic 6.0 C /C Java
• Operating Systems: MS Windows 9x/0x/ME/XP/Vista/Windows 7 UNIX/Linux MS-DOS
• Databases: MS Access MS Server 2003 and 2008 SQL Server
• Software: MS Office 9x/0x/XP/2007/2010/2013 MS Project MS Front Page MS Visio MS SharePoint
• Web Development: HTML DHTML Dreamweaver JavaScript
• Packaged Software: SAP Ariba IFS
• Application Servers: WebLogic
• Security Tools: Nessus IBM AppScan Auditor WebInspect BackTrack MetaSploit EtherPeek Snort Hackin 9 Orphcrack CrypTool
• Security Frameworks: ISO 27000 series NIST 800-53 OWASP Sarbanes Oxley HIPAA COBIT PCI-DSS North American Electric Reliability Corporation Standards NERC/SERC Classification of Infrastructure Program CIP Active Directory IIS Data Classification Protection Standard 1809

Professional Experience

Confidential

Senior IT Assurance Consultant

• Work with other IT Assurance team members to plan and execute an effective IT assurance and consulting engagement
• Plan and execute value-adding IT control, compliance, security and/or operational audits leading to issuance of formal reports
• Supervise and train IT audit staff
• Perform Service Organization Control SOC 1 and 2 attestations of significant financial and IT related services
• Perform FFEIC Audits
• Provide input to the financial audit manager relating to the external audit plan
• Audit areas include: Information Security Privacy, Networks LAN/WAN, Wireless, VPN , Database Administration, Computer Operations, System Development and Maintenance, Physical Security, Logical Security, Business Continuity Disaster Recovery
• Perform PCI-DSS reviews
• Internal Penetration testing
• Analyze results of audit procedures and testing to assess risks and provide recommendations for corrective action
• Develop relationships with IT clientele and market IT services to prospective clients
• Assist in the selection and tailoring of approaches, methods and tools to support service offering or industry projects
• Identify opportunities to improve engagement profitability

Confidential

Business Analyst/Project Manager

• Assists in the analysis and implementation of business processes or systems.
• Support the implementation team.
• Convert data into actionable information, building models to measure key business metrics.
• Report progress in all areas to drive change.
• Manage the entire software upgrade life cycle requirements gathering, writing functional requirements and use cases, testing, deployment and training
• Establish/maintain effective working relationships with managers, employees, clients and customers
• Support user departments with system problems/questions, if needed forward and document issues to application vendor.
• Actively leads a team of cross-functional members responsible for delivery of software projects.
• Is responsible for establishing plans and schedules for software development projects.
• Proactively tracks and reviews software accomplishments and results against the plans and adjusts these plans based on the actual accomplishments and results.
• Establishes and maintains necessary resource commitments to ensure successful software project completion.
• Executes appropriate risk management to ensure business priorities and quality standards are met.
• Actively manage responsibilities in the end to end upgrade of the ERP platform
• MS SharePoint Administrator
• Project Manager for the Microsoft SharePoint 2007 upgrade to SharePoint 2013
• Radley Administrator
• ISO Internal Auditor
• Currently Project Manager leading a team that is creating and implementing a companywide Disaster Recovery Plan
• Established process improvements in the use of the current ERP platform IFS
• Administer security by setting up new user security profiles, identifying and resolving user security issues

Confidential

IT Security Consultant

• Performed network security assessment for local small and mid level companies analyzing the network and applications for vulnerabilities using open source tools such as the Metasploit Framework.
• Suggested system hardening and security improvements to the client improving system security
• Provided comprehensive reviews of all IT business plans with recommendations for short and long term information security objectives
• Collaborated with client on updating current security policies and procedures
• Analyzed updated security policies and procedures as well as security best practices with client staff

Business Consultant

• Advised local general contractor as a business consultant during company start up and ongoing as needed
• Review current and recurring vendor and client contracts and proposals for accuracy
• Performed reviews of current departmental procedures, safety and security policies, and collaborated with client on making updates to the current policies
• Administered safety and security training to contractor employees

Confidential

Application Security Assessment Specialist

• Skillfully executed application security assessments and penetration testing using IBM AppScan for testing on the application level, network scanning and log analysis, and open source tools for manual testing
• Performed security design reviews on various types of applications, development technologies, and frameworks
• Collaborated with different application development and support teams in classifying and extricating security vulnerabilities
• Assessed security controls, designs, and architecture diagrams for any abnormalities, and determined any security vulnerabilities by ensuring security sub-areas, such as business risks, general architecture, authentication mechanisms, access controls, system hardening processes, auditing and logging, administration and provisioning, business continuity, and disaster recovery
• Provisioning and de-provisioning, analyzing and maintaining system access.
• Led efforts in empowering team processes, thus improving team efficiency conferred with the global team members to implement the best possible business solution and ensure consistency in the presentation of information to the clients
• Processed and validated application through interviews to get required information and penetration testing to assess the application and the infrastructure
• Suggested recommendations to the client concerning mitigation, system hardening and security improvements
• Demonstrated astute leadership and guidance to the assessment team accountable for reviewing the security of the entire application framework

Application Product Management Analyst

• Significantly contributed as part of the application analysis team, supporting the technology side of procurement applications as well as product testing and regression testing for new releases and code migrations
• Provided System Administrator functions performing Identity and Access Management functions, investigating network performance, application and user issues
• Served as customer liaison, explaining the application side in a non-technical manner and providing application support to business and troubleshooting issues involving the Ariba Buyer application
• Led a team during the cut-over planning and activities for SAP 9.1 upgrade for the Ariba Buyer application platform worked with the team on several deployment plans for small releases
• Determined and settled Remedy tickets per SLA requirements pertaining to application issues and performance by researching using procurement tools or by working with Tier 3 support
• Involved in product release testing and coordinated test results, determining opportunities for improvement of the CIO work environment

Highlights

• Elected as Employee Council Chairperson in March 2008 and Employee Council Representative in 2007
• Established relationship with Global Employee Councils shared feedback received from employees, leveraged ideas, and communicated status of work efforts
• Initiated and proposed Employee Council's strategic direction/plan based on Global People Survey results and other feedbacks received
• Formed a Career Development Fair, People Development Awards, Mentor Breakfast, Senior Executive in Residence Days, and other employee programs
• Facilitated orientation for new Employee Council representatives while assigning tasks/initiatives to workgroups

Confidential

Project Administrator/Project Coordinator/Project Manager

• Directed the activities of direct reports, internal marketing, applications, and electrical engineers in multiple projects across numerous disciplines
• Rendered vendor costs to application and marketing engineers to help attain 100 quoting accuracy to ensure project completion within budget constraints
• Involved in project changes and delivery throughout project lifecycle, involving 100 accuracy in contract/project review
• Procured parts and equipment per customer specifications, organized the schedule of Rockwell Automation, and provided control equipment and vendor-provided equipment
• Resolved any client and project/team issues and analyzed Final Bill of Materials per engineered drawings

Highlights

• Awarded with Capture the Moment Award in 2004 for achieving specific results and executing process improvements
• Created three procedural policies, wherein two of which were published as Rockwell Automation's Best Practices
• Helped in reducing cost by 25K or more in each of the past four years
• Facilitated and chaired two National Project Coordinator Meetings

Confidential

Project Manager/Database Developer

• Developed SQL database with complete inventory, sales, and reporting capabilities
• Provided complete documentation of the database and its uses utilizing Visual Basic and SQL to ensure accuracy and integrity of data in the database
• Established consistent communication channel with client to meet both client expectation and project requirements

Highlights

• Restored the Microsoft Access database using proper database design techniques, which permitted the client to effectively add, update, and retrieve customer data
• Completed projects on time, with additional features beyond the scope of the job