SUMMARY

• Experienced Information Technology and Security professional with 12+ years of success in supporting Information Security and Administration for Databases and Applications within the financial industry.
• Led and implemented complex Global IT solutions successfully in business mergers, migrations and workflow solutions using multi technology environments.
• Effectively prioritizes activities and achieves defined objectives with high quality and standards.
• Ability to work in new technologies, environments and translate business requirements into IT solutions.
• Skilled technologist that thrives in a fast paced, rapidly changing environment and always brings an uncompromising commitment to customer satisfaction.
• CISO I&AM Unstructured Data Access Governance function is the continual enhancement of the confidentiality, integrity and availability of unstructured data through a robust Unstructured Data Access Management (UDAM) strategy.Responsible to deliver into production, in concert with the GTO / CISO teams, the end to end access control technical solution, as per the engineered solutions for File Shares (Unix and Windows), SharePoint and Shared Mailboxes.

TECHNICAL SKILLS

Databases: SQL, PL/SQL, Transact SQL, Oracle, Sybase, MS SQL Server and MS Access

Testing Tools: HP QTP/UFT, HP Quality Center/ ALM, SoapUI, Version one, Microsoft Test Manager, Jira

Operating Systems: UNIX AIX 4.0, HP UNIX 11, Sun Solaris, and Windows 95/98/NT/2000/XP

Identity Management and Security: Citimarketplace automated products, CA IdentityMinder, Sun Identity Manager, Sun Access Manager, Login Management System Single Sign - on (SSO), Oracle Identity Manager, Security Event Monitoring System, RSA Access Certification Manager (Aveksa), Dell One Identity Manager.

Other: VB/VBA programming and UML design methodologies, TOAD, DB Artisan, MS SQL Studio Management 2005/2008, Visual Studio 2005, Cobol, Java, C++, SQL, XML, HTML, MS Word, MS Project/SharePoint/Visio, MS Excel

PROFESSIONAL EXPERIENCE

Confidential, Jersey City NJ

Senior Analyst - Identity Access Management Analyst

Responsibilities:

• Reviewed Business Requirement Document, Technical Specification Documents for the UDAM, FSAM(File Share Access Management) Project and provided feedback.
• Worked closely with lead architects assisted with Low Level Design Documentation, provided feedback for Low Level Design documentation focusing on the design of the Use Cases, Business Processes and solution functionality.
• Worked towards UAT & QA testing of access governance model for the usage of unstructured data .
• Responsible to perform and execute end-to-end testing to meet business requirements
• Planned / developed / executed QA/UAT, Deployment Guides, Key Ops, Training Guides, User Guides, Ready for Prod Environment (including provisioning of IT equipment, licenses, etc...), Change Mgmt, Stakeholder communications, Role back plans, etc.
• Strong experience with technologies such as LDAP, Active Directory, RSA Access Certification Manager (Aveksa), Dell One Identity Manager, SharePoint, Unix and Windows Server Platforms
• In-depth knowledge in Identity and Access Management
• Strong understanding of information security access controls and recertification
• Worked closely with the project team members to deliver the working solution and test process for the access management solution. Worked closely with information security group, IT policy owners, end user technologies specialists and application architects.
• Worked on dbWith Onboarding process, technical access management (TAM) broker On-boarding which provided Role based Access control access for accessing application supported production and disaster recovery data servers.
• Worked on SDLC Governance Module (dbGatesPlus) in ServiceNow/ dbUnity.SDLC Governance is the governance of a release or set of releases during their delivery via SDLC. This governance ensures that software delivery adheres and meets the standards defined by the IT Management Policy and specific regulatory controls defined by the Control and Risk Organization.The SDLC governance is part of the Release Management process under ITIL framework.
• Worked and assisted as a release assurance manager who is responsible for SDLC Governance for a particular release on the project delivering one or more application releases .Maintained / created these releases on dbUnity tool.The activities are grouped into generic phases, for governance purposes, regardless of development method or release type. The phases include Define,Deliver,Accept,Deploy .All necessary artifacts were attached and the gates/controls have been satisfied and the controls which needed further verification were verified and the controls were closed respectively.
• Received Admin access on Confluence and in process of creating confluence wiki page for the FSAM team.

Environment: MS SQL Server, Oracle, dbGates, dbWithOnboarding, HP ALM (Quality Center), MS Project/SharePoint/Visio/, MS Excel, LDAP, Active Directory, RSA Access Certification Manager (Aveksa), Dell One Identity Manager, SharePoint, Unix and Windows Server Platforms, ServiceNow, Confluence, LotusNotes

Confidential

Senior Analyst

Responsibilities:

• Experience working in an Agile environment, attended daily standup meetings, reviewed user stories.
• Excellent Business writing skills in creating Business Requirements Document (BRD), UseCase Specifications, Functional Specifications.
• Designed and developed Test plan based on BRD and User Stories and developed and executed Test Cases in VersionOne Tool.
• Tested all modules - Patient Management, Doctor, Admin and Insurance Claims.
• Written and executed SQL queries and Joins, Group By clause, having clause etc. to validate the data.
• Filed and tracked the defects using HP Quality Center (ALM).
• Developed and executed test cases for EWS (Enterprise Web Services) /XML / SOAP and RESTFul services using SoapUI tool.
• Validated reports by executing SQL queries and compared the data using File comparison tool ExamDiff.
• Created Test Data for QA and UAT.
• Involved in Smoke Testing, Regression Testing and User Acceptance Testing and involved in planning test execution activities, defect reporting and analyzing test metrics.
• Prepared daily/ weekly status reports on Test case execution, defects, RTM etc.
• Followed Agile/Scrum Methodologies for all of the project activities.
• Expertise in testing various applications developed in Java, .net, Oracle and C++ and well versed in analyzing Requirements, System Specifications, Use-Cases and Technical specifications Tested WebServices /XML / SOAP and RESTFul services using SoapUI tool
• Experience in writing Test Plan, Test Cases for Web and Client/Server applications, good experience in SQL queries and Joins Executing Shell script in UNIX / Linux, experience in GUI Testing, Regression Testing, Data Driven Testing, Functional Testing, Database Testing and User Acceptance Testing, experience in Black Box testing and good at bug-reporting and bug-tracking using Test Management tools like Quality Center, VersionOne and Jira.
• Excellent Team player work in conjunction with testing, development and other teams in validation and testing complex scenarios and projects and in the maintenance of Quality Standards in Projects.

Environment: JAVA, PHP, Apache Tomcat, Dream Viewer, JQuery, Java Script, HTML, SoapUI, SQL, QTP, HP ALM (Quality Center), VBScript, XML, Web Services, Informatica, MS Project/SharePoint/Visio/, MS Excel

Confidential

IS Cob & Controls Senior Analyst/ SME /Identity Access Management

Responsibilities:

• Set up products for Sybase, Oracle, MS SQL for Login ID/User/Group/Role provisioning.
• Enhanced request processing through Citi Market Place (CMP), a site similar to the shopping cart where clients/users can place an order for their requests to perform their job functions. UAT of more than 150+ products was conducted and then published to production.
• Made enhancements to the global identity administration team CMP products as per business recommendations and requirements.
• Implemented sunidm automation on all servers supported globally to enhance request processing from 2 day SLA's to immediate user provisioning and reduced head count.
• Determined how many requests were processed in the targeted SLA.VSR Reports to run daily to track the available work/tickets in queue and also monitor request completion.
• Generated weekly and monthly reports to calculate total number of requests completed/total number of actions completed for bulk requests.
• Designed provisioning/deprovisioning workflow use cases, password management use cases, test cases and provided training.
• Worked on Sun Identity Manager (SunIDM) to automate Database provisioning/De-provisioning.
• Responsible for testing automated products which used Sun Idm from Dev to UAT to Production implementation.
• Trained both level1 staff and end users on Sun IdM automation product.
• Worked towards facilitating the process of user ID provisioning / deprovisioning and account/role setup/modification. The product with a controlled workflow reduced errors, while enabling automated account fulfillment. As administrators had the ability to instantly view and change access rights. Citimarketplace had products/set workflows for managing access requests, with the option of multiple stages of reviews with approval requirements for each request. The application manager or business manager or BISO could further approve the request based on the complexity of the access being requested. This mechanism facilitated setting different risk level-appropriate approval processes for higher-level access.
• Provided comprehensive Database Architecture and Administration support for Sybase, MSSQL, Oracle
• 24/7 Client Support for 14,000 data servers globally, provide production support for existing processes
• Developed functional documentation which fully describes the current structure of the system, along with impacts to the system resulting from proposed changes.

Confidential

IS Cob & Controls Senior Analyst/ SME /Identity Access Management

Responsibilities:

• Conducted RCSAs within internal audit during the past several years. RCSA is a useful tool to front-end the audit process. This technique involved bringing the staff of an entire unit (or several interrelated units) together for a facilitated workshop. Not only risk and control issues were exposed and action plans were devised to address those issues. This allowed involvement of teams in assessing risk since they know the business process better than anyone else
• Details while processing RCSA self-assessments: A) Obtained an understanding of business requirements, associated risks, organization structure, roles and responsibilities, policies and procedures, laws and regulations, management reporting and the control environment. B) Evaluated the controls by reviewing whether documented processes exist, there are appropriate deliverables, responsibility and accountability are clear, and effective and compensating controls exist where necessary. C) Testing and validation of the controls .The assessments were tracked, submitted on the RCSA site. Gaps identified were escalated to senior management to have them remediate it.iCAPs were initiated to fix gaps.
• Worked on Design and Development of Information Security initiatives like Functional Id Management, Segregation of Duty, Emergency/Temporary Account management.
• Management of access control workflows and questionnaires in a standardized tool, reviewed and approved requests within a standard SLO
• Identified risks to the release by carefully evaluating scope and its complexity, and mitigated by partnering with Development and Product teams.
• Provide Subject Matter Expert level support for Confidential across multiple database systems.
• Cooperate with CATE Solution development teams and help with implementation of automation solutions on databases level. UAT conducted on Citi marketplace products
• Worked with QA team to facilitate feed testing, worked on HP Quality Center with all of its modules.
• Reviewed and responded to all user feedback to ensure all items are addressed during test execution.
• Created Surveys for client / user feedback for the products being used within SME team to better improve processing/enhance products.
• Conducted daily, weekly checkpoint meetings with UAT participants during execution of tests.
• Documented BRD, FRD functional requirements, producing detailed functional specification.
• Work with build and component testing staff to ensure deliverables meet business requirements, work with business partners to help identify, analyze and resolve data errors and inconsistencies and worked in Identity and Access Management (IAM) projects and implemented them to global business.
• Generated daily, weekly, monthly metrics for the team.

Environment: HP UX, IBM AIX, Sun Solaris, Windows, Sybase 12x, Oracle 9i/10g/11g, SQL Server 2000/2005, VB Script, Unix Shell, ASP 3.0, SQL Server Management Studio 2008, Visual Studio 2005, DB Artisan 8x, Toad 7.5, LDAP - site minder single-on, Sybase Power Designer, Erwin, MS Access, SharePoint and Business Objects 12x, QTP, UFT, HP Quality Center, JIRA, CA IdentityMinder, Sun Identity Manager, Sun Access Manager, Login Management System Single Sign-on (SSO), Oracle Identity Manager, Citimarketplace automated products, MS Project/SharePoint/Visio/, MS Excel

IT Analyst, Global ID Administration

Responsibilities:

• Virtual Security Request (VSR) Products Project: Set up references on VSR tags, mapped resolver groups to app managers/business managers.
• Designed product forms for Sybase, Oracle, MS SQL for Login ID/User/Group/Role provisioning .UAT was conducted for more than 150+ products and published to production.
• Coordinated and led meetings to gather information from Application teams and DBA teams.
• Ensured Application teams and DBA team’s requests for enhancements were accommodated.
• Established global standards of processes and procedures working with functional leaders of worldwide business groups.
• Implemented enhancements and integrated external applications to applications like Global Entitlement Review System, Login Management System and Security Event Monitoring System.
• Designed and developed workflows for ICG transaction processing of user requests, links and maps user ids to applications and managers.
• Conducted Level One support training to staff in India, Budapest and Mexico on handling basic system administration and customer service issues via phone, emails and tickets.
• Worked on time and motion study conducted and analyzed performance of Level One and Level Two staff; provided study recommendations summarizing results and budget implications on resource count