| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name ,New YorkEmail: EMAIL AVAILABLEPhone: PHONE NUMBER AVAILABLEAVP-IT Infrastructure Production Support Lead Engineer, GRC-Cybersecurity(1) Candidate's Name LinkedInPROFESSIONAL SUMMARYExperience15+ years, IT Infrastructure, Production IT Application, Operations Support, Governance Risk Compliance, Cyber Security, Vulnerability, Risk Management, Security Risk Assessment, Vendor Risk Assessment, IT User Technical Support, Production Job Schedule, IT Policies Development, Technology Development, System Functionality, IT Systems, Data Security, Regulatory Reporting, IT Audit, Financial Institutions, Healthcare, IT Consulting, GRC-Archer, ServiceNow, Risk Vision.Disaster Recovery & Business ContinuityDisaster Recovery Plans, Business Continuity Plans, IT-Policies, IT-Procedures, Enhancing Monitoring, Operational Run Books, Efficiency Improvement, Capacity Monitoring, Technical Support, Incident Management, Business Testing, Infrastructure Functions, Firewall, Load Balancer, Database Configurations, Network Security.IT Operations24/7 Production Support, L1, L2,L3,First Line Defense, Technical Support, Application Monitoring, Event Command Center, SLA Management, Service Level Agreements, KPI Metrics, Incident Response, Security Operations Center, Security Orchestration, Automation and Response (SOAR), SolarWinds, Monitoring, Alert Management, Log Collection and Analysis, File Integrity Monitoring.Compliance & Risk ManagementIT Governance, Risk Compliance, IT Audit, Regulatory Frameworks (FFIEC, GLBA, CCPA, HITRUST, NIST), Compliance Manager, Policy Manager, Threat Manager, Vendor Management, ISO Standards, IT-GRC Domain, PCI/SOX404/COSO, Cloud Security, Security Risk Assessments, Vulnerability Remediations, Finding, Exception ManagementCloud & AutomationCloud Technologies, AWS, Azure, GCP, Hybrid Cloud, OpenShift, Kubernetes, Terraform, Automation, API Integration, CI/CD, GitOps, Cloud Governance Framework, Cloud Control Matrix, Real-Time Compliance, Service Catalog Constraints.Business ApplicationsInfoLease, Rapport, Sagepro, DocuSign, Customer Identity and Access Management (CIAM), Equipment Finance Division, Loan Origination, Digital Services, Application Development, System of Records, Business Analyst, Enterprise Solution Design, Equipment Finance Division Systems, Commercial BankingCommunication & ManagementStakeholder Engagement, Team Management, Onshore/Offshore Coordination, Reporting, Governance Risk Compliance, Issue Resolution, Agile Methodology, Daily Standups, Cross-Functional Collaboration, Business Signoffs, Event Management.TECHNICAL SKILLSProgramming/ScriptingC++, Java, .NET, Ajax, JavaScript, Groovy Script, WSDL/XML/SOAP/REST/JSON, SOAP UI, XMLSpy, UML Modelling, Windows Programming (Win 32), STL, MFC, Microsoft VC++ StudioIT Management SkillsDelivery Management, Project Management, Agile Transition Management, Agile maturity assessment, AGILE/SCRUM/KANBAN Methodology, Stakeholder Management, Project Planning, Control and Execution, Risk Management, Resource Planning and Management, Process Improvement and Service Delivery.CI/CD ToolsJenkins, GitLab, GitHub, SVN, Terraform, Docker, Kubernetes, CI/CD (General)Web TechnologiesWeb 2.0, AJAX, Servlets, JSP, Applet, HTML, DHTML, XML, ASP.NET, .NET Framework, Java API, CSS, HTML5, JavaScriptCloud TechnologiesAWS, OpenShift, Microsoft Azure, Google Cloud Platform, SAAS, PAAS, IAAS, Compute as a Service, EC2, VPC, VPC Routing, Subnet, Lambda, EBS, Object Storage with S3, CloudTrail, CloudWatch, CloudFront, CloudFormationWeb Servers/Cloud ToolsApache 2.0, Tomcat 5.0, IIS6.0, Amazon AWS, Microsoft Azure, Google Cloud PlatformOperating SystemsWindows 2000 Professional, XP Professional, Vista, Windows 2003, Windows 2008, Windows 2012, Windows 2016 Server, Linux, MAC (Macintosh), FreeBSD (UNIX), UniDataProject Management ToolsJIRA, Confluence, MS Visio, Kanban Board, Agile Process, Scrum, Webex, Microsoft TeamsGovernance, Risk & ComplianceRSA Secure ID, RSA Archer, Agiliance/Risk Vision GRC, Oracle e-GRC, CyberArk Ver 9.3.0, Sentinel, Security Triad, Vulnerability Management, Penetration Testing, MITRE ATT&CK, SIEM, EDR, NDR, MFA, WAFData & Database TechnologiesOracle 11g, MySQL 5.5, PostgreSQL, Aqua Data Studio Tool, MS SQL Server, Snowflake Database, InfoLease EFD DatabaseSecurity ToolsWeb Inspect 7.5, Nessus 3.0, Qualys, ArcSight, Appscan, Skybox, n-Circle, Eye-Retina, NetIQ, IBM QRadar, Fortify, Microsoft Defender, DAST/SASTMonitoring & OperationsSolarWinds, Dynatrace, ServiceNow, Cherwell, Operations Support, Application Root Cause Analysis, Security Group, Endpoint, Detective, InspectorDevelopment ToolsSOAP UI, XMLSpy, UML Modelling, DevOpsCertifications:Candidate's Name 's Credentials wallet SkillSoft Digital BadgesDevOps Deployment: Deploying Applications Using Deployment ToolsExploring SecOps Tools: Digital Forensic Collection with AutopsyAWS Cloud Practitioner 2022: Technical Essentials Part 2AWS Cloud Practitioner 2022: Cloud Deployment & OperationCISSP 2021: Fundamental Concepts & PrinciplesAWS DevOps Engineer Professional 2021: Governance & ComplianceSecurity Risks: Key Risk Terms & ConceptsCISSP 2021: Risk ManagementCISSP 2021: Security Assessment & TestingCISM 2020: Managing IT RiskCISSP 2021: (ISC)2 & the CISSP ExamCertified Information Systems Auditor (CISA) 2019: Information System AuditingCertified Information Systems Auditor (CISA) 2019: Data Privacy & RiskCertified Information Systems Auditor (CISA) 2019: IT Management FrameworksAWS Cloud Practitioner 2022: Core AWS ServicesAWS Cloud Practitioner 2022: Cloud Security & ComplianceMoving to the CloudAWS Cloud Practitioner 2022: Technical Essentials Part 1Bitcoin Design & SecurityWORK EXPERIENCE:IT GOVERNANCE RISK COMPLIANCE -CYBERSECURITY March 2024 - NOWKIAN CORPORATION,Tracy CaliforniaAVP IT Delivery Manager -GOVERNANCE RISK COMPLIANCE -CYBERSECURITY APRIL 2016 - FEBRUARY 2024BNP/BOTW/BMO BANK, Tempe, ARIZONADeveloped, configured, and administered GRC frameworks as needed. Managed dashboards, data feeds, API integrations. Identify, address threats and vulnerabilities using Qualys scanning across various servers and environments, including IBM Cloud, database, web, Windows/Unix, Citrix, and production servers. Analyzed daily and weekly scan reports, automate vulnerability alert assignments, and oversee patch management and antivirus projects. Communicated with business unit stakeholders regarding security issues and updates.Resolved production issues and provided solutions for partners and customers involved platforms, cloud services, databases, firewalls, file transfers, network data/security. Managed Endpoint security, network security, application security. Managed critical issues via Webex, Microsoft Team, address Development, UAT, Staging, Production, Disaster Recovery problems. Performed IT Remediation tasks Daily Business/Critical applications and servers, including Java, Dot Net, Python PowerShell, Oracle, SQL, Legacy, IT Cloud Systems, manage weekly/monthly IT Patches, certificate renewals, disaster recovery plans. Ensure data governance and security across blockchain and cryptographic systems.Lead and coordinate security remediation projects, implementation, maintaining, deliverable Equipment Financing Division, InfoLease, Rapport, Web Portal for Java web applications in a Unix Tomcat environment. Oversee the administration and monitoring of these environments 24/7, implement SAML/SSO for Java and .NET applications.Conducted comprehensive third-party risk assessments to identify potential cyber threats, ensuring robust security measures.Developed and implemented risk mitigation strategies, significantly reducing vulnerabilities within the organization.Monitored third-party compliance with cybersecurity policies and standards, ensuring adherence to stringent security protocols.Established and enforced policies and procedures for third-party cyber risk management, aligning with organizational goals.Ensured third-party vendors adhered to cybersecurity requirements, safeguarding company data and resources.Oversaw the evaluation, selection, and monitoring of third-party vendors, ensuring high standards of cybersecurity.Conducted regular audits and assessments of vendor security practices, maintaining integrity and security.Managed contracts and service level agreements (SLAs) with third-party vendors, securing favorable terms.Developed and maintained an incident response plan for third-party breaches, ensuring swift and effective action.Coordinated with third parties during cybersecurity incidents, facilitating timely resolution and minimizing impact.Conducted post-incident reviews, implementing improvements based on lessons learned to enhance future responses.Prepared regular reports on third-party cyber risk management activities for senior leadership, ensuring informed decision-making.Maintained accurate and up-to-date documentation of all third-party risk assessments and mitigation efforts, supporting transparency and accountability.Worked closely with internal teams such as legal, procurement, and IT security, ensuring cohesive and aligned efforts.Built strong relationships with third-party vendors to ensure effective communication and collaboration, enhancing security measures.Stayed updated on relevant cybersecurity regulations, ensuring third-party compliance and protecting the organization from legal risks.Worked with legal and compliance teams to address regulatory requirements related to third-party cyber risk, ensuring thorough compliance.Applied strong understanding of cybersecurity principles, frameworks, and standards (e.g., NIST, ISO 27001) in risk management activities.Utilized risk assessment tools and methodologies to identify and address potential cyber threats effectively.Maintained knowledge of common cyber threats and vulnerabilities, staying ahead of potential risks.Analyzed complex data to identify trends and patterns, informing strategic decisions and risk management efforts.Demonstrated strong problem-solving skills to address and mitigate cyber risk issues promptly.Conveyed technical information to non-technical stakeholders through excellent verbal and written communication skills.Prepared clear and concise reports and presentations, ensuring comprehensive understanding across the organization.Led and managed a team effectively, driving change and influencing positive outcomes across the organization.Guided third-party vendors in adhering to security protocols, fostering strong vendor relationships and compliance.Oversaw multiple risk management initiatives, demonstrating strong project management skills.Prioritized tasks and managed time effectively, ensuring timely and successful project completion.Significant experience in cybersecurity, risk management, and related fields, ensuring robust and comprehensive security measures.Proven track record in senior management roles, specializing in third-party risk management.Administrator, Configure PAM for extensive server and user management. Administrator, Configure Sentinel for Identity Access Management, Administrator CyberArk for secret password for service accounts, ensure security policies are enforced during production deployment changes.Manage DevSecOps tasks using OpenShift and hybrid cloud environments. Write and configure EFD code, monitor resource usage, and automate the build and deployment processes through GitLab. Deploy code to Kubernetes clusters, handle OpenShift commands, and ensure the operational status of Pods, Nodes, and other cluster components. Implement IAM solutions and manage GitLab configurations, including building, scanning, and deploying Liferay images, and handling secrets and certificates.Use Compliance Manager to handle and evaluate compliance programs across various regulations and standards. Automate compliance processes through general computer controls (GCC) and questionnaires. Collect evidence, configure data ownership, and support frameworks like ISO 27002, CIS, HIPAA, and PCI-DSS. Enhance process efficiency, data integrity, and reliability.Utilize Agiliance Enterprise Risk Manager to identify, assess, and mitigate risks. Apply qualitative and quantitative risk methodologies to evaluate inherent, current, and residual risks, and generate detailed reports and dashboards. Support risk methodologies such as COSO and ISO to monitor and understand the organization's risk posture.Manage Third-party risks by auditing and assessing vendors according to standards like ISO 27001, PCI, and FISMA. Classify and report on vendor risks using standard control frameworks or custom frameworks. Facilitate vendor assessments through a portal and apply appropriate controls based on vendor classifications. Automate and scale risk management processes for large vendor populations.Consolidate threat and vulnerability management using a unified platform. Integrate data from vulnerability scanners and early warning systems to detect and address vulnerabilities. Perform inferred scans to assess risks for assets not reachable by scanners and manage vulnerabilities through a closed-loop remediation process.Oversee enterprise policies using a centralized Policy Manager. Enforce policy standards across various departments and locations, and automate policy creation, review, and approval processes. Utilize policy templates for consistency and manage policy awareness campaigns with distribution, attestation, and comprehension tools.Collect, classify, and manage IT and non-IT incidents through Incident Manager. Handle incidents reported manually or automatically from monitoring systems and Security Incident Management solutions. Assess and classify incidents based on workflows and provide feedback for policy and control evaluations. Prioritize responses based on the criticality and business impact of incidents.Oversee the build and deployment of EFD Partner Portal Cloud applications using GitLab and OpenShift. Manage the build process for Liferay images, including creating and publishing modules and images. Deploy Liferay images to various server environments based on versioning and configuration in OpenShift.PROJECT MANAGER, CYBER SECURITY & VULNERABILITY OCT 2015 MARCH 2016BNY MELLON, PITTSBURGH, PALed the implementation of the Information Security Manager and Vulnerability Manager solutions for Archer on Demand. This involved obtaining data feeds and Qualys daily scan vulnerabilities, and managing the user interface dashboards for executives, focusing on high-visibility remediations across enterprise-wide hosted servers and financial applications.Developed plans, policies, and procedures to ensure compliance with regulatory requirements.Oversaw the acquisition of hardware, software, and information systems, ensuring adherence to IT-related laws and policies.Integrated information security requirements into acquisitions, procurements, and outsourcing efforts.INFORMATION SECURITY ANALYST JULY 2015 SEPT 2015DELOITTE, LLP @ COMMONWEALTH OF PA, STATE GOVERNMENT, HARRISBURG, PAResponsibilities-Implemented Incident Management Solutions for IT Government Office using Archer GRC Framework, Configured Policies and Procedures and IT Security Questionaries and Controls for COWPA using Splunk -Big Data Managements Tools and Data Feeds via third party API Tools Integration.Technical Writer within the State's Information Security Office is a multifaceted role combining ability in information security, program management, acquisitions, policy development, and technical writing with Industry Compliance Standards SOC 2, IRS Pub 1075, CMS MARSDeveloped contract language to enforce supply chain, system, network, and operational security. Policy Development and Advocacy.ARCHER APPLICATION DEVELOPER APRIL 2015 JUNE 2015INFOSYS CONSULTING-AETNA @ HARTFORD CONNECTICUTDeveloped a Third-Party Vendor Risk Assessment on Demand solution for a healthcare application managing PHI, ensuring governance, risk, and compliance.Handled the development, configuration, and administration of all PHI data within the healthcare industry to manage Vendor Risk Assessment Reports and EPIC Application Systems.GRC ASSOCIATE CONSULTANT DEC 2014 MARCH 2015HCL TECHNOLOGIES: NOIDAResponsible for Agiliance Governance Risk Compliance-Vendor Risk Assessment on Demand Solution customization for Banking client DNB Norway.GOVERNANCE RISK COMPLIANCE -INFORMATION SECURITY-LEAD MAR 2008 NOV 2014RESOLVER, [SUNNYVALE-USA/INDIA]Risk Vision System runs an enterprise-class server application to watch and enforce policies, send receive information from client agents connectors, process, display all compliance security risk data, perform other operations requested by users. Agiliance uses a relational database store policy result, evidence, survey questionnaire, controls, sub-controls, responses, provides web-based console application. Users can control based on the roles associated permissions that users have been granted system administrator need connect Appliance network has TCP/IP connectivity with systems computers you wish & manage. Develops and supports an effective internal control framework that defines the ways and methods governance is implemented, managed, and monitored in the designated business. Governance framework includes policies, guidelines and provides programs, practices, and measures to promote transparency, accuracy, consistency across groups. Applies specialized knowledge of Risk Management, regulatory compliance, and internal controls. IT-Controls & Governance, Understanding, ensuring IT Policies, Procedures, Practices align with Agencies/Financial Line of Defense Operational and Technology Risk and Compliance Requirements, IT Controls-FFIEC, GLBA, CCPA, ISO 26262 Security Controls Managed IT in implementing any Operational and Technology Risk Control assessments initiatives, Inherent Ratings, Matching Controls Risks Conducted Compliance Manager, Policy Enterprise Management, Vendor Management, Threat, Risks, Incident Conducted Security Application Risk Assessments, Findings, Remediations, and Threat & Incident Automated Data Collection. Configured Servers with Apache, Tomcat, MySQL, and Oracle Windows for 32/64-bit platforms. PCI-DSS, COBIT, NIST 800-30, 27005, Authentication NTLM, Kerberos, Digest, Basics, OAuth 2.0 protocol, SAML Policy Mapping Mapped controls policies vice, enabling an organization governance track automation execution control. Endpoint, Cloud, Network, Firewall, Burp suite, Firebug, HP Web Inspect Tools, Smart Card/Public Key Infrastructure (PKI) Support Controls and Governance (C&G) First Line of Defense activities focused on Client Acceptance Committee NIST Cybersecurity Framework (RMF), 800-171, 800-53 CIS Critical Security Controls, SOC1, SOC2, CIA, CSA, CCM, CISv7, FISMA Information based on BITS Framework, ISO 2700, IASME, MITRE ATTACK Framework, AIS, CISA, STIX, TAXI Common Vulnerabilities and Exposures CVE, Common Vulnerability Scoring System CVSS, National Vulnerability NVD, NIST Firewall Configuration, Intrusion Detection Systems, Network Switches, Routers, Network Design, VPN, TCP/IP Communication Malware techniques, Forensic Analysis, Secure Web Proxy System Hardening Benchmarks, e-mail Gateway, ISO 27001 ISMS Threat Manager, Compliance Manager, Enterprise Risk Manager, Vendor Manager, Policies Procedures, IT Regulatory Controls Experience Technology Information Banking Laws Regulations (FFIEC) of security activities, Center for Internet Security CIS Knowledge of Bank Secrecy Act (BSA) and Corporate Social Responsibility (CSR) Implementation, REG W and Training Material Data Privacy & Risk, Experience Communication (ICT) Risk, Operational Frameworks, Category, Administrative, Technical Automated Data Collection, IT Audit, Business Continuity Disaster Recovery Plan, Factor Analysis of Information Risks LDAP, Simple Protocol, Authentication, Authorization, Single Sign-On, Privileged Access, Risk Authentication, Splunk Integration/Data Import Feed Experience Services Deployment, Security, API Testing, SQL Injection, Cross Site Scripting, Fiddler, Burp Fortify Maintain Server Environments, SDLC, DevOps, DevSecOps, Agile/Scrum Development Practices Developed Scenario Load Balancer/Cluster/n-Tier Setup, Installation, Upgrade, Update, System, and Integration.EDUCATIONMasters Degree In Computer Application-Dr APJ UP Technical University-Lucknow India |
