SUMMARY
Accomplished, motivated and versatile IT professional with 18+ years of in
depth experience in the IT industry and business. Engaged in multiple
assignments covering all phases of application implementation, requirements
gathering, design, development, testing and production support. Areas of
expertise include SAP FI and SD, Database, Security, Testing, IT audits,
networking. Innovative and driven, consistent over-achiever, excellent
coordinator and organizer, responsible and efficient Sr. IT consultant.
Excellent skills in Auditing, IT Security and Risk Management, Successfully
Managed IT Risk Management Professionals .
[pic]
EDUCATIONAL QUALIFICATION & CERTIFICATIONS
. CQM (Certified Quality Manager)
ISO,BS1799 Audit Curriculum, IIQM, India
. Advanced Diploma in Software Eng.
(Java, C, Unix, Oracle, Cobol, NT) APTECH, India.
. Certified SQL Server and Windows Administrator
(MCSE/MCDBA)
. Certified SAP BOBJ( Admin & Security) SAP
. SAP FI,SD,Security, Audit
Toronto College of Technology
. MBA - Information Systems
ITM Bombay, India
. Bachelor of Commerce
Bombay University, India
[pic]
Skill Sets
. Determined the risks and IT control objectives within the scope of IT
audit projects.
. Provided assistance to business audit teams in the conduct of
technology related components of business audits. Provide solution and
guidance as to secure the IT Enterprise Infrastructure.
. Understood current risk management and control activities through
review of documented internal policies and procedures, and performance
and documentation of end-to-end process walkthroughs.
. Documented a control matrix to summarize and assess the key risks,
control objectives and control activities.
. Designed and conducted walkthroughs and tests to assess the design and
operating effectiveness of key risk management and control processes.
. Identified and assessed the significance of risk management and
control weaknesses and ensure a full understanding of root causes.
. Worked with management to determine practical recommendations to
mitigate identified weaknesses.
. Validated audit findings with Clients. Design System Operating
Procedures and key controls.
. Prepared working paper documentation in compliance with the internal
audit methodology.
. Drafted clear, concise and objective reports on the results of audits,
including recommendations that add value to the business to be
provided to line management, senior management and the Audit
Committee.
. Provided assistance to the Internal Audit management team in the
quarterly enterprise risk assessment and Audit Committee reporting
processes. Gave solutions as to how to Harden the Database and Network
Servers and How to patch them
. Regularly follow up and communicate with management to assess the
timeliness and appropriateness of actions taken by management to
address audit findings .Obtained and reviewed supporting documentation
to validate that audit findings have been adequately addressed
. Developed and maintained effective working relationships with
Information Technology and Internal Audit team members and with other
control and corporate oversight functions, senior management and other
stakeholders.
. Participated in department initiatives designed to improve
communications and efficiency of GRC activities.
. Maintained awareness of emerging issues in the regulatory and external
technology environments as a source of current knowledge to support
internal audit advice and recommendations and share knowledge with the
internal audit team.
. Maintained current knowledge of information technology audit
standards, tools and techniques.
. Maintained current knowledge of business developments that have
significant technology components.
. Assisted in team development through mentoring and acquiring and
sharing of information with other internal audit staff.
. Completed audits of corporate and business projects that contain
significant technology risks.
WORK EXPERIENCE
1. Loblaws - Sr BI Auditor (Performance Testing) ( Nov 2013- Dec 2013)-
Leading Canada Based Super Market
. Gathering Information from the Key users- the objects to be test.
. The Work flow from HOP To BI Server (POSDM) To Ecc6.Implementing
Audit and Security Procedures in BI and BOBJ, Data Preparation and
testing Average load, Peak Load, End state. Worked extensively with
IBM Tivoli Identity Management tool
. Added new security services (Threat modeling/Penetration
testing/Security Risk Assessments) to the company's portfolio
. Doubled revenues by streamlining processes, increasing client
satisfaction and response times
. Created and refined processes for performing PCI and PA DSS compliance
verification efficiently
. Created and delivered PCI DSS and PA DSS awareness courses.Designed
online tools for managing ongoing PCI compliance management
. Delivered presentations on security topics at industry events
. Redesigned the company website and made it easier to use, in addition
to other internal improvements
2. Kapadia & Associates - IT Security Architect, and Risk Management
Consultant(May 2012 - Sep 2013) - Leading Toronto based accounting firm
with offices in Canada, US and India. Inducted for gathering information
from stake holders and Planning the business activities to mitigate the
risk . Excellent skills in Auditing and implementing Governance Risk and
Compliance in SQL Server and Oracle.
. Responsible for managing and supporting network and database
connectivity. IT security and Risk Management
. Analyze security risks and network vulnerabilities and work with team to
mitigate these risks. Excellent skills in ACL
. Administration and advance troubleshooting of enterprise level Firewalls,
IDS/IPS, Proxy, Antivirus, SIEM, DLP, VPN and Encryption technologies,
Manage and spear Patch and Vulnerability Management Program .In depth
Knowledge of IBM Identity Management Tivoli tool.
. Manage remediation of Audit gaps. Excellent skills in understanding
Business Process and implementing SOD.
. Security Management -Excellent skills in Oracle database Security
. a. Design and implement security by creating of user
groups, granting access to users and adding security restrictions
(application level, folder level and report level) based on user role
and user groups. Worked with Oracle Management Identity tool.
. b. Have good Knowledge of configuring and integration
of third party authentication types like LDAP.
. Good knowledge of -Portal integration process, integration of Infoview
with Java application.
. Responsible for backup, recovery of universe, reports. Experience of
server installation/upgrading of BO XI 3.1 and higher.
. Performance management and capacity planning (reviews performance
statistics, sets thresholds)
. Able to resolve report problems because of up gradation, installation
of any patches.
3. NXG - Sr. IT Auditor and Security Consultant (Jan 2011 - March
2012) One of the leading Business Analytics Consultant Firm in Australia.
Inducted for the post of BOBJ and BPC Security. Excellent skills in
securing and Auditing the HANA DATABASE server.
. Instrumental in Business Analytics, Planning and Consolidation
solution,Designing the Models and the Dimension.
. Set up the application security practice (primary business)
. Identified and implemented cost saving measures which were very
important to a self-funded start up company
. Set up and managed training services. Developed and delivered training
courses for clients. Managed the conversion of all courses to online
format for scalability. worked in Oracle identity Management tool with
ease.
. Designed and managed development of an online application that enabled
clients to verify skills of contractors and employees. Features
included randomized questions and customizable tests
. Developed and refined processes for application security assessment
engagements.
. Created and refined processes for performing PCI and PA DSS compliance
verification efficiently
. Created and delivered PCI DSS and PA DSS awareness courses
. Designed online tools for managing ongoing PCI compliance management
4. Armtec Inc- IT Audit &Security Consultant (Sep 2010-Jan 2011). A
leading global infrastructure and construction materials company
. Lead Auditor in ERP implementation project. Identifying the Key
controls and Breaking into Granular Controls.
. Set up the application security practice (primary business)
. Identified and implemented cost saving measures which were very
important to a self-funded start up company
. Set up and managed training services. Developed and delivered training
courses for clients. Managed the conversion of all courses to online
format for scalability. Trained users in identity Management tool
Control Minder from CA.
. Designed and developed a Learning Management System (LMS) to host
online training courses. Features included user tracking and
reporting, bookmarking, auto-resume and automated registrations
. Designed and managed development of an online application that enabled
clients to verify skills of contractors and employees. Features
included randomized questions and customizable tests
. Developed and refined processes for application security assessment
engagements
. Preparation of test plans, which specify testing overview, testing
approach, testing strategy, roles & responsibilities and scope of
testing.
. Knowledge of UNIX, Web logic. Business Process Audit of various
application in Finance, SD,MM and Re-engineering of the same
. Good knowledge and extensively worked on Central Management Console
(CMC), Life Cycle Manager(LCM ), Import wizard, Infoview . Good
knowledge of client tools WEB Intelligence, designer and Xcelcius
5. Mahindra Satyam - Technical Security Auditor (Sept 2009 - Feb 2011 ).
Mahindra Satyam Now Tech Mahindra is USD 2.67 billion technology services
entity with 84,000 professionals serving over 540 customers across 46
countries.
. Created procedures and processes associated with performing
penetration testing and vulnerability assessments
. Created checklists for providing security certifications to clients'
software
. Standardized threat modeling and vulnerability rating methods to
promote consistency
. Designed an online asset management system and oversaw development.
Worked in Open SSO identity Management tool with ease
. Spoke on web application security at various industry events.
Auditing, Securing and Hardening Oracle and SQL Server Servers.
. Assess project and business needs prior to implementing the correct
solutions to maintain security posture while reducing risk. Perform
regular audits on various firewall and access . Access control
testing. Worked on GRC 5.1(Audit tool)
. Administration and advance troubleshooting of enterprise level
Firewalls, IDS/IPS, Proxy, Antivirus, SIEM, DLP, VPN and Encryption
technologies, Manage and spear Patch and Vulnerability Management
Program
. Managed remediation of Audit gaps, User attestation and access
control testing.
. Maintained currency of Security assets through life cycle management
practice
. Maintained vendor contracts and renewal terms, Creation of
documentations and standard operating procedures
. Daily monitoring of security dashboards,. Management of SOC
(Security Operations Center)
. Handling and timely resolution of incidents, problems, and service
requests.. Managed incident and request bin or IT Security
Operations
6. City of Halifax -Sr. IT Security Consultant (Jan -2009 - June 2009)
with Procom .
. Inducted for the post of Business Analysis, Security and Risk
Management, SAP Security Consultant BI & ECC6 Security
. Reviewed existing Business Process Procedures "AS-Is" Designed and
Mapped it to the Required " To Be" Scenario.
. Providing Solutions and Hardening of the Oracle, MS-SQL, Active
Directory and the Unix Servers.
. Maintained awareness of emerging issues in the regulatory and external
technology environments as a source of current knowledge to support
internal audit advice and recommendations and share knowledge with the
internal audit team.
7. City of Halifax -Sr. IT Security Consultant Halifax- (Jan 2008- June
2009) with CGI - CGI is Canada's largest IT services provider have presence
in more than 40 countries around the world
. Involved in the preparation of test plans, Successfully worked with
Compliance Calibrator and Fire Fighter with GRC 5.3 . Performed various
SAP Security and Audit task with ease. Perform a variety of performance
related tests for applications; SAP GRC Access control
. Identifying Key controls and breaking the key controls into Granular
controls both IT and General controls.
. Process Mapping, Designing and Defining the roles for users keeping SOD
as the Key factor
. Maintained current knowledge of information technology audit standards,
tools and techniques.
. Maintained current knowledge of business developments that have
significant technology components.
8. QUINNOX INC -Sr. Sap Security Auditor (May2007-Dec2008) India and US
operations
. Reviewed Business Process Procedures and Blue Print and did requirement
analysis and Developed Test Plan, Test Scope, and Test strategy,
designed. Business Process Audit, Identifying Gaps and implementing
controls . Worked in change request management (CHARM) efficiently.
. Documented Test cases corresponding to business rules and other
operation condition. Worked in SAP identity Management tool with ease
. Created and refined processes for performing PCI and PA DSS compliance
verification efficiently
. Created and delivered PCI DSS and PA DSS awareness courses. Designed
online tools for managing ongoing PCI compliance management
9. GBS INC - IT Security Auditor Specialist (April 2005 - April 2007)
Toronto - Canada
. Involved in the preparation of test plans, which specify testing
overview, testing approach, Testing strategy, roles & responsibilities
and scope of testing. Audit and securing the Oracle Database.
Auditing the Grants Given to various users .Audited the default user
id and Passwords.
. Documented Test cases corresponding to business rules . Worked
efficiently with CA Identity Management tools (Control Minder).
10. Royal Bank of Canada- Senior Sox Consultant (Jan 2005 to Mar 2005)
Toronto- Canada
. Responsible for SOX 404 internal control compliance by performing
Audit, gap analysis, risk identification, segregation of duties (SOD).
Understanding and Auditing the Role Matrix, Sod in SAP. Validate the
key controls given. Business Process Audit
. Provide the checklist for Health Check of Various Applications.
Worked in Cobit and COSO Framework extensively and Audited the
Checklist.
11. Vanguard Technologies INC Audit & Security Consultant(Jan 2004-Dec
2004) Toronto - Canada
. Completed Database Audits as well Network Audits for Various clients.
Worked on Various Identity Management tools with ease
. Oracle database security. Business Process Security and Re-
engineering. Worked In Open SSO with ease
. Approved infrastructure changes relating to the mySAP NetWeaver
landscape
12. Moores Rowland Consulting PVT. LTD. Info Systems Audit & Risk
Management - India (2001-2003)
. Inducted for the post of Asst Manager System Audit and RISK Management
.Actively involved in defining and implementing
Operation/enterprise/people Risk Management, IT Testing& Security.
Business Process Security Management. Cost Benefit Analysis.
Implemented Cobit Framework on the COSO Business Framework with Ease.
Major Clients were HDFC Bank, Allahabad Bank, Central Bank of India,
Online Lottery company Lotto, Small Industrial Development Bank of
India.
Successfully Completed various Application Audit, Database Audit, Network
Audit, Data centre Audit, Disaster Recovery and Business Continuity
Plans, Governance Risk and Compliance. Development on security for custom
transactions, Security role design, creation/changes.
13. APTECH Hardcore - Asst. Managers Systems (1996-2001)
India
. Responsible for the overall planning, testing, deployment, maintenance
and security of the server infrastructure systems (mix of physical and
virtual systems).Determining server infrastructure capacity
requirements, managing change, executing rigorous testing, responding
to escalated support requests, and implementing corrective action.
14. Business India Information Technology - Customer Support India (1994-
1996) India
. Inducted for the position of Customer Support (Database management and
networking Solutions)
15. APTECH LTD Instructor/ Programmer- (1992-1994) India
. Responsible for giving database solutions for fox pro and Oracle
. Training on higher End software and Software Development.