Sr. IAM Consultant
PC Bank
Total years of experience :15 years, 10 Months
Architecture & Information Security, Technology
Communicate and coordinates information security issues with the business units concerning the business applications and delivery of technology. As a Focal point to technology & governance risk and review information security standards to various areas of PC Bank
•Provided recommendations for enhancement to the information security standards, compliance with the information security policy and compliance with information security governance
•Reported on compliance issues to the IT Operations Committee, identifies information security governance issues and provide evidence of compliance to Internal Audit
•Responsible for implementation of information security program strategic planning, maintaining the governance framework, documentation of the Information Security Policy and Standards
•Reviewed and assessed Exemptions, effectiveness of risks with infrastructure application
•Defined information security procedures, vulnerability & risk assessments and technical solutions for business
All perimeters on-boarded in SAILPOINT and using to enhanced ReFOG by future assignment data
•Analysis application access review SailPoint IQ, SAP system profile review, reconciliations of target system and third
Party applications validation (DTCC)
•Managed SAP reports and Identity and Access Management controls
•Mapping DTCC Application and analysis raw data from ISAM to SailPoint Identity IIQ and migrating IAM governance
•Remediated IG Audit findings, re-evaluated the current process and update governance procedures & documents
•Liaise with application owners and IT Security groups worldwide and control process monitoring and continuous improvements
•Implemented implementing IAM controls and reconcile an application controls and governance, review system profiles, mapping of system profiles to a IAM platform
•Restructured the entire product to reflect direct provisioning across a large number of applications. In the process of upgrading the IdentityIQ product from SailPoint
•Responsible to manage Administration functionality of the Sailpoint such as loading data, create roles, create policies, scheduling tasks, certifications and reports
•Collaborated with senior leadership to perform analysis of business process and develop functional
The TRMIS-RAMP program is continuously evolving to mitigate risks to the bank, including introducing new initiatives and improved defense with a layered approach to protect customers, employees and the bank from threats. TD manages the challenges and reviews technology controls for all business applications
•Role-based Access allows us to define Applications, unique Functional Roles based on common system access and entitlements.
•Accountable for privileged and non -privileged access, mitigation of risk around excessive privileges and lays for foundation for role-based fulfillment and attestation.
•Managed IAM documentation for Role Entitlement Mapping, Role Management Interface, Enterprise Role Management at TD Bank
•Performed Role based Mining on selected sets of logical groupings of user privileges and access rights that map to a department, geographical location, job function, reporting relationship or other organizational attributes
•strong understanding of core IAM concepts Role Based Access Control, User Lifecycle Management, Entitlements, Resources, provisioning, Access Control and processes
•Contributed strategic guidance to business functional leaders to ensure escalated concerns or regulatory or governance related program issues are appropriately managed
•Proactively identifies and tracks project risk and develops mitigation plans to manage risk (i.e., risk related to technology, change management, business process management, requirements management)
•Adhered to enterprise project gating and governance controls to ensure that projects meet all the performance, quality and compliance standards and conforms to appropriate methodology
•Oversees the scope during the project and collaboratively adjusts scope where necessary ensuring adherence to established project change management processes
•Monitored project health continuously and engages management as required if project health changes. Identifies all project dependencies and risks, ensuring that they are effectively managed
•Participated in the execution of aligning applications and systems to enterprise IAM Governance framework, including Audit, Access certification, centralized provisioning, and application onboarding
•Providing a point of coordination for all security related activities, coordinating between Technology Risk Management & Information Security (TRMIS), Risk & Control, Internal/External Audit and TDS Technology Solutions teams to ensure activities are within TD’s risk appetite and risk management policies
•Assessed technology risk and control with ability to proactively identify risks and recommend sustainable road map, measureable solutions and Aiding the business in addressing technology-based Audit findings and awareness of security gaps and technology processes, standards around applications and infrastructure
As part of GIAM, highly skilled Logical Access Governance framework team with the objective of implementing access governance to improve across our critical Window’s and Mainframe environments. Facilitating to allow the group to deliver operational improvements as well as regulatory and audit driven projects.
•Participated in the effective governance and business level strategy of IT through involvement in steering committees, policy & standards development and execution of IT risk reduction strategies
•Hands-on experience on SailPoint to deploying large-scale enterprise Identity & Access Management solutions
•Managed Access Management, Multy factor Authentication (MFA), Authorization and Role Based Access Control (RBAC)
•Operational responsibility for access administration of ACF2 DTCC, salesforce, Euroclear, AD, UNIX and Dataset access.
•Actively Track all platform, Systems logs and assurance & analyzing Reports using SAP, SailPoint, and QRadar
•Maintaining application security administration on both the TSX-AD, CDS-AD, LDAP and Midrange systems
•Assist with the ongoing maintenance of internal applications that are administered through Cloud based application, ISAM, TIM/TAM and Oracle IAM
•Execute health checks across the Active Directory to ensure compliance with Audit and regulatory requirements.
•Analysis of current environments to develop proposals for improvements and efficiency gains in alignment with client requirements.
•Enhancing existing utilities to better serve our clients, focusing on data cleansing, life-cycling of rules, and reporting utilities.
•Interact with Lines of Business, Support Groups and Front-Line Operations to understand requirements and recommend solutions.
•Maintained a very strong understanding of the monitoring capabilities of the tools (QRadar) Maintain an expert knowledge of SharePoint to leverage it as an access point for internal and external groups to understand Engagement offerings and status.
•Maintained expert knowledge of the monitored platforms: UNIX, Windows Server, Z/OS and TIM/TAM.
•Managed expert knowledge of middleware layers: IMS, DB2, Oracle, WAS, WAA and WUA
Formalized compliance requirements need to be enforced in a top-down organizational approach, while security and software development professionals need to work together to ensure that all systems enforce concrete IAM principles at all levels
•Monitored and Pre-audit reported on investigations into ways to optimizing and identifying Inherent systems risk and participate in Internal and External audit activities
•Managed and monitored all Privileged access id, data and resources
•Reviewed security related events, assessing risk and validity, as well as reporting all platforms using clockware
•Receive, analyze, and process access control requests in accordance with internal Service Level Agreement
•Managed all Mainframe (RACF, ACF2, z/OS, MVS/TSO, IMS, CICS) and Symcor inquiries, high-level security requirements and reviewed third party security
•Analyzed all ACF2 monthly re-certification report and firecall report and Acf2 user issues
•Participate to develop and run the Enterprise Access Governance operating model by building rules on Role-Based Access Control and framework documentations, etc.…
•Performed required tasks for the Enterprise Access Governance function; tasks relevant to Logical Access Management (LAM) including access request, access certification, communication, and documentation of operational processes and procedures
•Ensure that security policies are followed in accordance with SOX requirements and best practices
Monitored privileged access audit, SOX compliance and minimize the risk of resources. Also, maintained the Cyber-Ark tools that stores privileged IDs and passwords (Cyber-Ark-PIM replaces the Mainframe Code Red’ datasets) and responsible managing multiple ongoing projects and activities. Work effectively as a team, supporting other members of the team in achieving project/business objectives
•Managed Privileged Access on RCAF/ACF2 by ensuring the Process Risk and Control Assessments approved and attested
•Development of documentation outlining Core Solution Monitoring processes and identification of monitoring enhancements
Monitored DB2, Oracle, Sybase and SQL Daily and Weekly Monitoring of Significant events (Reviewing logs and email confirmation that the events were justified.
•Implemented privileged accounts management for multiple Operating Systems and Database platforms utilized capabilities of CyberArk Enterprise Vault (EPV) and Privileged Session Manager (PSM)
•Delegated in defining project scope based on business and technical requirements, designed road-map and accounts on-boarding strategy for enterprise wide roll-out of CyberArk solution
•Daily Sentinel (Novell) Admin Failed Logins and Sentinel (Novell) ADM of any Admin Accounts
•Pre-Audit experience through performing Cyber-Ark Audit Log checks weekly for Enterprise Access Management Vault
•Managed an application (Vault) which houses all Fire Call ID’s and performed Security Operations Network Log Monitoring events
•Worked with SME’s to identify standards for monitoring deployments. Such as Logging standards and message standards as well as opportunities for applications to build a more effective means of helping with monitoring.
•Fraud Prevention Monitoring from unidentified sources attempting to sign on
•Perform testing according to test plans, monitor and report on results, and work with others on problem resolution
Communicate project status and provide timely escalation of issues to ensure project objectives are met
Assessed the overall inherent risk with references to information processing technology and information Classification decisions
•Identified deficiencies and ensured Security occurrences are appropriately reported, investigated and resolved quickly complied with the controls and protection requirements defined by designated "information/system owner"
•Used all reasonable means to ensure the continuous integrity, confidentiality, availability of Data and Resources
•Information and supporting systems, resources and interconnections worldwide
Ensured all Systems (Salesforce & RACF2) and Network facilities and Deliverable were available
•Monitored Security Consoles and performs initial event Control identification analysis, process mapping assessment and escalates
•Performance of all production systems and supported the groups receive detailed information upon escalation
•Ensured the system IPL’s are completed and any documentation changes that relate to MVS and Batches
IT Security Focal - IBM -Manulife
Monitored and Pre-audit reported on investigations into ways to optimizing and identifying Inherent systems risk.
•Maintained day to day administration over Active Directory, 320 Unix servers (back-up for Unix Team)
•Maintained and managed all Mainframe (MVS/TSO, IMS, CICS and high-level security requirements and reviewed third party security
•Day to day administration on Active Directory including creation of workstations, user id sign-on and privilege updates
Cleaned up ACF2 empty rules & delete them on Retail LPAR and investigate the change records for bi-monthly dataset deletion report
•Implemented ACF2 Rule Aging Facilities to clean-up the info-storage on Retail and Developed Audits to expose vulnerabilities from systems configuration changes and fraud prevention measures
•Instituted information security risk management policies and defined audit policies & compliance
Analyzed and created new ACF2 Datasets and Userid String to replace/expand acronyms files and access impact of new acronyms file
•Ensured the ongoing security and integrity of Information System and against unauthorized access
•Implemented password reset automation solutions including synchronization to multi-platforms
Created and updated all RACF2 & ACF2 rules, dataset, Firecall Id’s, logon ids and password reset as requested
•Liaised with users to determine user needs, responsible to log such needs and disseminate information to proper authorities for approval of training, new software and/or new hardware.
•Handled wide variety of security issues while ensuring that proper escalation procedure is followed and
Monitored Security Management reports and maintained RBFG documents development
•Coordinated daily access datasets & transaction resource rules and processed logon ids password resets for RBFG and ensure policy compliance and service level agreement of two business days
courses: Cyber-Ark Privileged Identity Management Suite - TD