Information Security Advisor
Scotiabank
مجموع سنوات الخبرة :10 years, 9 أشهر
Global Identity Access Management Lead
• Implemented Access Manager Solution as below:
• Single Sign On
• Cloud Services (SAML)
• On-premise (Reverse Proxy)
• Simple and Strong Authentication
• Adaptive Authentication
• RBAC
• oAuth 2
• Service Based Integration API
• Web Interface for administration
• Created Identity Management process, strategy, best practices and architecture documentation including Access Management, Password Management, LDAP Management, Provisioning, Delegated Administration, and Sponsor Lifecycle Management utilizing the Rational Unified Process (RUP). Creation of Cost/Benefit analysis, Project Charter and Project Plan. Identity Management vendor and services selection.
• Wrote Business Requirements, System Requirements, RFI, RFP and all supporting documents leading to Vendor selection and management. Ran Proof of Concept. Planned and ran product implementation of Sail Point IDM solution in provisioning project as replacement of Oracle IDM.
• Led and managed the project of ‘Vendor Remote Access Remediation’ by migrating VPN PKI certificates to Vendor OU’s (Organizational Unit) and configured OU’s with firewall and ports rules to ensure that vendor users access is based on the ‘least privileges”; Separated LAN connections for the vendors working on site by configuring different subnets on VLAN
• Led and managed the project to integrate multiple LDAP directories with LAM (Logical Access Management) tool for the recertification of privileged accounts.
• Participated in migration from IDM to IIQ SailPoint tool used for provisioning and de-provisioning of privileged accounts.
• Participated in deploying Centrify tool in order to establish single sign on across the platform such as Windows and UNIX for privileged accounts.
Server Hardening/End Point Security
• Set the GPO (Group Policy Objects) standards for server hardening and workstations lockdown as per the enterprise policies; advised GPO’s settings to infrastructure steady state and project teams.
• Deployed of McAfee end point security clients via GPO’s.
Mobile Payment Security Project
• Consulted Network teams to segregate Cardholder data, shared services and corporate resources on LAN by implementing firewall rules as per the PCI-DSS Standards.
• Implemented Futurex HSM Infrastructure by integrating with existing PKI; Ensured Point-to-Point Encryption (P2PE) to protect cardholder data across endpoints for securing Mobile payments.
Other Projects and Accomplishments:
• Anticipated and thwarted the threat of “man in the middle” called “poodle” that exploits the vulnerability in SSLv3 protocol; Deprecated SSLv3 and deployed TLS 1.0 through a GPO push on all the workstations across the enterprise
• Deployed QRadar client on servers to capture granular system and security logs; established criteria to determine false positives.
• Wrote formal risk assessments reports, technical writing (advisory papers) to deliver to senior business management teams by aligning security and risks objective with the business.
• Reviewed technical/security controls and configuration of firewall complexes devices including firewalls, routers, switches, SSL and IPsec VPN devices, proxy infrastructure, load balancers, etc.
• Worked closely with risk governance teams to make sure that all security issues and risks identified during IT security assessments are managed appropriately and recorded in risk governance tool.
• Recommended preventive, mitigating, and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy.
• Responsible for account provisioning and removals across all applications in order to meet audit requirements for SOX applications. Maintained SOX binder and conducted quarterly certification.