SUMMARY

• Software Engineering professional with over seven years of experience with strong analytical skills and a broad range of computer expertise.
• Have four years of experience in Archer GRC, Technical analyst/lead, functional experience in development, maintenance, migration projects, GRCTool with its implementation in multiple Business Units and management of multiple vendor applications.
• Develop and maintain a formalized GRC framework, utilizing standards based controls aligned to business specific threats.
• Assess, prioritize and update existing IT security policies and standards to reflect theGRC framework.
• Expertise in writing SQL queries and P/L SQL - Stored procedures, functions, sequences, cursors, triggers, indexes etc in different DBs like MYSQL and SQL Server.
• Evaluate and maintain up-to-date knowledge of the effectiveness ofGRCstandards and compensating controls in mitigating IT risk
• Define GRC framework metrics and key risk indictors, maintain a management dashboard and produce an annualGRCframework compliance report for executive management
• Provide training and support to management and employees regardingGRCprograms and requirements

TECHNICAL SKILLS

Programming Languages: Java, SQL

IDE’s: Eclipse, My Eclipse, RSA and Net beans

Web Technologies: JavaScript, HTML, XML

Operating Systems: Windows, UNIX, LINUX

GRC Tools: RSA Archer eGRC SmartSuite Framework 5.x

PROFESSIONAL EXPERIENCE

GRC Consultant/Archer Developer

Confidential, Carrollton, TX

Responsibilities:

• Develop and maintain a formalizedGRCframework, utilizing standards based controls aligned to business specific threats.
• Assess, prioritize and update existing IT security policies and standards to reflect theGRC framework.
• Perform risk assessment of new IT projects, identify areas of potential technical and process vulnerability, recommend compensating controls and maintain the IT risk register.
• Review existing systems and processes against theGRCframework and prioritize remediation plans based on business risk.
• Evaluate and maintain up-to-date knowledge of the effectiveness ofGRCstandards and compensating controls in mitigating IT risk.
• Interact with Internal Audit and IT teams to ensure on-going compliance with company IT security policies and standards.
• DefineGRCframework metrics and key risk indictors, maintain a management dashboard and produce an annualGRCframework compliance report for executive management.
• Provide training and support to management and employees regardingGRCprograms and requirements.
• Work with internal and third party IT security partners to stay current on industry trends, controls and security technologies and services.

GRC Consultant/Archer Developer

Confidential, Reston, VA

Responsibilities:

• Analysis of existing core and “on-demand” applications in RSA Archer to facilitate business process improvements to meet client needs in RSA Archer v5.
• Updated and implemented Enterprise PCI processes into v5.2 environments as well as incorporating business process improvement.
• Consult clients on automating business processes & risk management activities in theRSAArcher GRCplatform.
• Highly skilled in working with clients to properly capture and document requirements, including system requirements specification (SRS), use cases, business process flows, user interface design mockups, data maps for data migration and tool integration, andArcherdesign binders forArcher-specific requirement
• Experience with migration, cleansing, and analysis.
• Experience in developing On-Demand applications.
• Professional experience with RSA Archer data feeds, questionnaires, calculated fields, custom workflows, custom objects, reports, dashboards and also done user acceptance test.
• Consult auditors and Information Security leaders on all GRC tasks.
• Provided extensive contract acquisition research, support, and other related professional services.

RSA Archer

Confidential, McLean, VA

Responsibilities:

• Experience with Archercore solutions, on-demand applications, and data feeds.
• Experience in creating fields, reports, iViews and dashboard experience in configuring access control, record permissions, events and notifications.
• Design Third Party Risk Management solution.
• RSAArchersolution designing and implementation.
• RSAArcherpolicy management & compliance management solution consulting.
• Managing Application and Questionnaires to create fields, DDE's, Data importing and Notifications.
• Utilized Notification option extensively for email notifications.
• Field creation and configuration - cross-reference fields, calculated fields, custom value lists.
• Managing access control of the users on Archer. Adding new users to the platform rapid application development tools.
• Workflows based on dynamic record permissions, events and notifications.

Java Developer

Confidential

Responsibilities:

• Involved in the development, testing and maintenance process of the application.
• Developed Use Cases, Sequence and Class Diagrams using Rational Rose.
• Performed system analysis and design using OOA/OOD and UML diagrams.
• Used Hibernate as the ORM tool to communicate with the database.
• Developed Persistence layer using Hibernate using java classes and Business layer using stateless session beans incorporating session facade design pattern.
• Involved in coding for the presentation layer using Apache Struts Framework, AJAX and XML.
• Configured EJB and Hibernate on WebSphere Server.
• Involved in writing queries, stored procedures, and modifications to existing database structure as required per addition of new features. Created PL/SQL procedure to update and select in one transaction.
• Implemented to read mutual exclusive transactions by different process Engines.
• Used Prepared Statement in JAVA to insert data into the tables. Used JDBC to access the database & Callable Statement to execute procedure from DAO class.
• Used code version controlling using SVN.
• Involved in the Database structuring and Tables creation needed for the project.
• Supported the applications through production and maintenance releases.
• Involved in unit testing using JUNIT and Integration testing.

Environment: Java 1.4, JSP, Servlets, Struts framework, Validation frame work, XML, XSD, Apache Tomcat, BEA Web logic, JDBC, JNDI, EJB - session beans and entity beans, Oracle 8i, Java beans, Windows NT, JUNIT, SVN, QC, JUNIT, Log4J, FileZilla, Putty, TOAD.