Technology Risk and Controls
BA Continuum India Private Limited (Bank of America Subsidiary)
Total years of experience :16 years, 6 Months
Responsible to review controls for 1500 applications (Front office, Middle office and back office)
Review DR plans and ensure timely updating and approvals
Provide training
Act as an auditee during internal and external audits
Ford Motor Company, RMZ IT Park, Perungudi, Chennai, India. (www.india.ford.com )
Develop Policy, standards and processes based on the feedback received from the various stakeholders and changes to the organization controls framework. Create a Communication, review and training plans for the proposed policy changes
Evaluate the adequacy of control practices for Joint venture (JV), Supplier and Offshore Development Center (ODC) in accordance with organization Information Security Policy
Provide guidance, direction and consultation on completion of the Systems Control Review Program (SCRP), in line with Company deadlines and processes.
Assist with the identification of IT Control Gaps and assess associated risk.
Analysis and assessment of IT controls risks, describe risk in business terms, support development of correct actions.
Consult with application teams and coordinate with Internal Control Coordinators for Application/Infrastructure Control Reviews and Risk Assessments (i.e. ACR/ICR/CIA rating).
Serve as Subject Matter Expert for department/organization on IT Policy, Company control processes, and compliance.
Review security and control deliverables and provide SCC consultancy (and sign-off as required) for Project Quality gateway reviews, decommissioning documents, Purchasing RFQ/RFI
Provide metrics and status to management regarding compliance with information security requirements.
Provide input to process improvements related to IT security & controls, including strategies to manage risk, improve controls efficiency.
Identify and lead projects to improve IT security & controls or implement best practices.
Conduct training and awareness sessions.
Participate in the IT Security & Controls Community of Practice
Own/manage local business continuity plan
Serve as S-Ox SCRP Inspector
Perform control assessment for any new sites come under the radar and report the control gaps to the management with corrective actions.
Accenture Services Pvt, Ltd, Sholinganallur, Chennai, India (www.accenture.com )
Design and implement the information security controls for a health care client to meet the HIPAA compliance requirements.
260+ controls in different domains implemented and audited in a span of 4 months. Physical security, Workstation security, Personal Security, Information Security, Network Security, Asset Management, etc.
Create stringent processes and circulate it to all the stakeholders involved (e.g. Physical security process, Visitor security process, workstation compliance, etc.)
Evaluate the internal controls compliance every month and provide status to the senior executives
Primary Action owner for the observation identified during the client external audit.
Conducting training to all the employees on a Monthly basis to adhere to the security policies.
Tata Consultancy Services, SIPCOT, Siruseri, Chennai, India. (www.tcs.com )
• Configuring and troubleshooting the IT Security Compliance tools.
• Monitor and troubleshoot the availability of the Security tools.
• Monitoring Alerts from Tripwire, IBM Tivoli Compliance Insight Manager, Net Boundary, and IBM Internet Security Services.
• Monitor, Investigate the identify security incidents root cause, corrective action plan and prepare final security incident report
• Ensuring Payment Card Industry Data Security Standard (PCI-DSS) and Sarbanes - Oxley (Sox) Audit check-list Compliance.
• Conduct periodic Vulnerability and Patch Management meetings with several internal teams.
• Grant, revoke, extend SSO IDs for system, application and FTP using ESS tool by comply with process
• Auditee during the Internal and External audits.
• Follow-up with different internal teams and get the audit artefacts on time. (e.g. Patch report review, Physical access control review, Logical access control review, BCP/DR Plan review)
• Create Security Awareness with in the project relationship by conducting series of Security Awareness meetings.
Tata Consultancy Services, SIPCOT, Siruseri, Chennai, India. (www.tcs.com )
• Monitor, troubleshoot 3000+ Network devices all around the globe
• Troubleshoot the Local Area Network issues. (LAN)
• Raise incident tickets for Wide Area Network issues. (WAN)
• Follow-up and proper escalation charts handled with service providers - Verizon, Sprint, Cable and Wireless, AT&T
• Configuring the network devices - Router, Switch (Layer2 and Layer3), and Wireless Access point.
• Resolving issues related to RSA Secure ID
• Monitoring the ASA firewall logs through Cisco SDM.
• Basic understanding of F5 Load balancer and troubleshooting load balancer issues, configuring Virtual IPs and i-rules.
• Acted as Risk Manager for “Global IOS upgrade” program.
• Preparing the Highly utilized Network link reports on weekly basis using NetQOS tool.
• Collect/Retrieve, review Network device logs using Cisco Works.
• Maintaining Incident Tracker, RMR device tracker with up-to date
• Providing Service Improvement Plan to remediate concurrent network issues.
• Enabling Network syslog management server using SNMP protocol
First class with distinction
Obtained School level first mark
