Objective


To find a challenging position in Information Security/ IT Audit/ Risk Management/ IT Compliance/ Network Security/Project Management/ that will enable me to contribute my technical experience and management skills to the overall success of the organization.



Summary





Over 20 years of IT experience, Information Security Consultant, Network Manager, Network Architect, Project/Program Manager and Pre-Sales Solutions Architect.
Extensive experience in managing IT/IS/Network Security Designing/Planning and Implementation, Network/Operating System Vulnerability Assessment, Network Designing, Network Configuration.
Business Continuity/Disaster Recovery Planning, IT Infrastructure/Server and Data Center Consolidation.
Managing IT Risk and Control/IT Audits involving Operational Audits, Technology Audits and SOX/HIPPA/GLBA/CFR Part-11/ITIL/FISMA/FERPA/VISA PCI/VISA TG-3/SAS70 audits, ATM Backbone Design, IT consulting and Technical Sales.
International Team Management/Supervision and 10+ years of International IT Security Consulting.
IT Hardware/Software and OS experience : Various Routers, Switches, Wireless Access Point, VPN Concentrator, Voice/Data Multi-plexers, Firewalls, IPS/IDS and scanners, Protocol Analyzers, Sniffers, Frame Relay/MPLS Networks, VoIP and IP Telephony, Servers, SAN, Fiber Channel SAN switches/Directors, Various Operating Systems, Various Databases and ERP Software. BindView Vulnerability and Configuration Management Tools, Nessus and McAfee FoundStone Vulnerability assessment scanner, TCPDump, ISS Internet and System Scanner, Network Access Control Devices NAC and KavaDo ScanDo Web Application Scanner.


Employment

May, 2007 -  Present
Consultant

Managing and conducting various technology and compliance audits eg PCI, SAS 70, VISA TG-3, ISO 17799, HIPPA, GLBA, FISMA, SOX etc.
Managing and conducting various Information Security and Risk Assessment projects.
Managing and conducting Business Continuity and Disaster Recovery Planning projects.
Providing presentations to the C-Level Executives.
Managed PCI Payment Card Industry Compliance project for a large health care provider.
Managed Information Security project for a large health care provider.
Managed and developed Risk Management Framework for a large health care provider.
Managed SOX projects for various clients.

September, 2006 -  May, 2007
Information Security Officer

Providing recommendations on overall enterprise technical security management and developing recommendations for standardized campus-wide information security practices, policies and procedures.
Managing and maintaining a campus information security plan and providing oversight of campus compliance with information security laws, policies, rules and regulations like HIPPA, FISMA, NIST, FERPA, GLBA, SB 1386, VISA/MasterCard PCI, VISA TG-3, international data privacy laws, US and international anti-terrorism laws like OFAC and Patriot Act and encryption export laws like BXA etc..
Identifying internal and external information security risks ; performing gap analysis ; performing risk and cost benefit analyses to determine appropriate levels of security controls.
Managing, developing and conducting security assessments/audits based on ISO 17799/ISO 27001.
Evaluating IT systems various operating systems, databases, ERP Systems, web operating environment ; network topologies, firewall, protocols, network access, data and voice transmission, remote access to ensure compliance with privacy and information security policies and procedures.
Monitoring/investigating complaints of non-compliance related to DMCA/RIAA.
Serving as primary liaison with various University departments, like Department of Public Safety, Internal Audit, HR and Fiscal Affairs ; advising on campus-wide security related administration.

Serving as liaison with other campus Information Security Officer s ISO's, the California State University CSU Chancellor's Office and external auditors related to information security issues.
Participating in internal and external audits based on HIPPA, FISMA, FERPA, GLBA, SB 1386, VISA/MasterCard PCI and VISA TG-3.
Developing and managing Incident Response procedures that needs to be followed in the event of breach and hacking incident.
Key stakeholder in design reviews across the university regarding developed applications.
Responsible for defining security architecture and strategy, data protection and retention, intrusion detection/prevention, network security, host-based security and database security.
Evaluation of products like FoundStone vulnerability scanner and NAC products.

August, 2005 -  September, 2006
Senior IT Auditor

Managing IT Risk and Control, IT Auditing involves SOX/HIPPA/GLBA/CFR Part-11/ITIL Audits.

Managing, designing and performing Integrated Audits with our Operational/Financial Auditors some of these audits are Cash Management Software Audit, Employment Kiosk Audit, Patriot Act - Anti Money Laundering Audit.
Designing and performing Risk Assessment of IT and Business Processes.
Data Mining/Data Analysis and Fraud Detection using ACL software used in Patriot Act Audit.
Managed, designed and performed VISA PCI/CISP Payment Card Industry Data Security Standard/Cardholder Information Security Program Audit mandated by VISA Corporation 1 of regulatory and compliance Audit.
Managed, designed and performed VISA PIN TG-3 Security Audit another Regulatory and Compliance Audit.
Managed Application Reviews and SDLC System Development Life Cycle Audits.
Managed projects in which we used ScanDo Web Application Scanner for web application vulnerabilities assessments.

Due to my extensive Information Security experience and experience, I was managing all the Information Security Audits and helped senior management in pursuing appropriate remediation steps.
Development of a Privacy and Information protection awareness program.
Development of information compliance policies, standards, processes and long-term security strategy for the company.
Presentation of all the audit findings to the stakeholders and senior management.

October, 2002 -  July, 2005
Network Specialist

Managing projects that involve Network Security Designing/Planning and Implementation, Network/Firewall/IDS/IPS Technology Selection.
Strategic Planning.
Business Continuity/Disaster Recovery Planning.
Managing projects that involve assessment of vulnerabilities and Implementation of security on switches, routers Internal/WAN/Internet Routers, WAN/LAN, firewalls, VPN Concentrators, Web switches, Load Balancers, Wireless, SAN, Various Operating Systems, Databases and ERP Software SAP and PeopleSoft.
Managing projects that involve Network designing, network upgrades, IT Infrastructure Consolidation, IT Risk and Control/ IT Auditing SOX/CFR Part-11/ITIL compliance/audits, SAP Security Audits, Network Infrastructure Audits, Firewall/Intrusion Detection System/penetration system Audits, AIX/Windows 2000/Windows NT/Novell Audits, Database Audits, Application Audits, SDLC Audits, Backup Procedure Audits etc..
Providing Presales Consulting to Senior IT Management Team on many IT Security and Audit Projects.
Development of Information Security standards, processes and procedures for the company.

Responsible for realigning the Information Security strategic objectives with the business needs.

Managing a team of 3 Network Security Analysts and another team of 2 IT Auditors providing IT security and compliance assessment, policy development and consulting services for the organization.

Assessing skill sets of the junior staff and making on-going recommendations to senior management on career development opportunities.
Providing technical/non-technical presentations to senior management team.
Managing hosting of company and international websites, designing and management of internal networks which consist of Cisco switches, routers, Frame Relay and IP based WAN spanning 100 remote locations in US and 130 remote locations in Canada with various firewalls like Cisco, Shiva, Checkpoint, Symantec etc. and Holcim Worldwide Global Network HGN.

June, 1998 -  October, 2002
Consultant

Managing projects that involve IT/Network Security designing/planning and Implementation.
Presales Consulting to Senior IT Management Team.
Managed projects that involved designing and implementation of 80TB SAN Storage Solution using 15 Brocade fiber switches, 24/7 network/server support, designing and implementing Netbackup environment running 3000 backups per week of various operating systems, databases, Implementation of HP OpenView, MacAfee E500 SMTP Appliance.
Managing a 4 member Virus or Cyber Attack Incident Response Team.
Developing procedures and policies for auditing Disaster Recovery/Business Continuity Procedures, Database Security and Recovery Procedures.
Managing projects involving PeopleSoft HRMS auditing, Desktop Versioning Auditing and Patch Management Procedure Auditing.
Presentation of results to Senior Management.

Designing and planning technical and soft skill trainings for junior staff.

Gates Rubber Company, Colorado client of Rapidigm Inc :
Managing projects that include : IT Risk and Control/ IT Auditing.
IT Security planning and implementation.
Network Penetration planning and testing.
Network and Operating System Vulnerability Assessment.
IT Project Management.
Business Continuity Management and disaster recovery planning.
Tape Backup Strategy Planning and Implementation.

November, 1997 -  May, 1998
Project Manager/Technical Team Lead

GE Capital Fleet Services, Minnesota client of HCL America : Duties include project management and Technical Team Lead of the project involving migration of 1800 Ccmail users to MS Exchange. Project involved vulnerability assessment and designing/planning/implementation of the security on various operating systems and mail servers .I was managing 4 team members in this six-month project.

August, 1992 -  November, 1997
Associate Manager

Microland was 1 of the leading system integrator and reseller of networking products. We use to sell the IT Infrastructure Services and Network Security Assessment services. Over the period of 5 years my duties were : Managing IT Infrastructure Services and Network Security Assessment projects with a team of 10 Security Engineers that included Network Security designing and planning, Network Penetration testing/planning, Network/Operating System Vulnerability Assessment, IT project management, Business Continuity/disaster recovery planning for our Corporate Clients like Pepsi Foods, BOA, ANZ Grindlay s Bank, Deutsche Bank, American President Lines, WHO etc.
Providing presentations to CIO/CTO/CISO/CEO/CFO.

December, 1987 -  July, 1992
Customer Support

ComputerLand was system integrator and reseller of networking products and IT Infrastructure Services.
My duties were : Implementing networking turnkey projects for our clients that included designing and implementing various cabling, designing/implementing security at the OS and Application Software Level.
I was managing a team of 30 Network Engineers.

Education

Training

2

Certified Information Security Manager CISM .
Certified Information Systems Auditor CISA .
VISA PIN Security Audit Guideline ANSI TG-3 Certified .
Certified Information Systems Security Professional CISSP .

AT and T/Lucent Structured Cabling System Design and Engineering Certification .
AT and T/Lucent Structured Cabling System Installation and Maintenance Certification .
Compaq Accredited Systems Engineer ASE .
Novell Certified NetWare Engineer CNE .