Shahriar Chowdhury

Jersey City/Secaucus Area, NJ 07094

ab8mmn@r.postjobfree.com 347- 321-4385

Summary

Shahriar is an experienced Security Specialist and Project Manager

certified as Information Systems Security Professional (CISSP), Information

Security Auditor, Manager (CISA, CISM) with 10 years of progressive

experience in the IT industry. He has more than 7 years of experience in

Security Architecture audits, design, and IT Risk Management in financial

industry. Shahriar has experience in improving IT risk and operations

management using industry standards (ISO 27002, NIST, ITIL Guidelines).

Shahriar performed technical audits of Fortune 500 companies, and prepared

SEC, SOX, FFIEC and SAS security audit reports for audit and compliance,

and provided guidance to multiple industries on regulations Security and

Privacy.

Certifications

Certified Information Systems Security Professional (CISSP # 79182)

Certified Information Security Auditor (CISA # 978308), Manager (CISM)

Certified in Risk and Information Systems Control (CRISC), Governance of

Enterprise IT (CGEIT)

Experience

Lead Consultant/Vice President, IT Security & Risk Management Practice

IALogix Corporation, New York, NY May

2004 - Present

Clients: Moody's Corporation, City of New York, Federal Reserve Bank of

New York

. Provide strategic guidance to CISO/CIOs of Financial Institutions and

Government agencies to achieve regulatory compliance to SEC/SOX/ NYS

privacy laws, and assess need and level of compliance PCI, HIPAA, HITECH.

Recommend solutions and best practices for Information Security

Governance and practical approaches to IT Service Management and risk

management frameworks, such as ITIL, ISO.

. Act as primary point of contact for application development projects, and

software and system change reviews on various stages of SDLC. Standardize

application and systems controls using COBIT/COSO frameworks, write

documentation and manage Risk Assessment, perform security control gap

analysis using ISO 27000 standards, and write security policies in both

technical and non-technical areas.

. Extensive application security review experience, including web

application, web 2.0/mobile and cloud. Integrated security review into

standard SDLC process, including architecture and code reviews.

. Implemented a comprehensive security incident management procedure and

managed daily operations of the IDS/SIEM, firewall, proxy teams,

including escalation management.

. Manage co-ordination of security event handling to comply with various

privacy laws and internal compliance objectives. Perform Application

Security, Systems vulnerability and penetration testing.

. Perform Infosec and Controls review for new project requests from various

teams. Manage projects and make purchasing decisions relevant to

Infosec and audit areas, including Enterprise Single-Sign-On, and Data

Loss Prevention (DLP). Tools: Oracle and Tivoli Identity/Access

Manager, Varonis Data Advantage, Quest ChangeAuditor, IBM Appscan, HP Web

Inspect/ Fortify, Websense/Mcafee/Symantec DLP(Vontu)

Client Projects for: Federal Reserve Bank of New York, City of New York

agencies. (Aug 2007-Aug 2009)

. City of New York: Performed technical audit of NYCServ, an $8B Online

Transaction Systems; Security Project lead of NYC-wide $750M Mobile

Wireless (3G) Network implementation for emergency service use.

. Federal Reserve Bank-NY: Provided comprehensive Incident Management

services to enhance intelligence sharing across districts and with other

federal agencies; performed categorization of assets based on risk

exposure, and documented vulnerability and incident management process

based on defined risk levels.

Past Client Projects for: Morgan Stanley, Citigroup, SIAC/NYSE

Morgan Stanley (January 2006 - August 2007) Role:

Security Engineer

. Managed technical escalations of Security Operations team, and maintain

managed service provider relationship, including operational, service-

level, and performance metrics to identify and mitigate any issues

affecting services or SLA. Played critical role in perimeter security

integration of Retail and Institutional environment as a result of Merger

& Acquisitions activities. As a member of Global IT Security Operations,

responsible for approving security access changes, perimeter access

control maintenance; Security events detection and Escalation; DNS and

email security.

. Standardized processes related to IDS Event Detection and escalations; co-

ordinated investigation and correlation of global security events

reported to security operation center using enterprise monitoring tools.

Provided technical support in various security products (hardware and

software) for other groups. Managed 100+ servers dedicated to network

security, monitoring, and access control.

Citigroup: Systems Security Consultant (Dec 2004- Dec 2005)

. Served as Security Expert for incident response to malicious/ phishing

websites and identity theft investigations related to online banking

portal. Implemented optimizations and improvements in Security

Investigation processes that reduced average response time by 60%.

Audited risks and security controls of financial products, and Online

Banking.

. Lead investigator for online credit card frauds and online banking

security. Investigated security events and produced reports for senior

management for corporate security. Arranged meetings, provided support

and training to software developers in IT security issues during SDLC

lifecycle. Improved existing change management processes for efficiency

and control.

SIAC/New York Stock Exchange (NYSE): Network Engineer (May 2004- Dec 2004)

. Monitored 1000+ node multi-platform network for high availability,

security and performance; provided technical support for the NYSE

network, and escalated issues to specific departments.

. Performed responsibilities as a site engineer in the NMS group to

facilitate site migration to a backup data center. Created network

diagrams, and updated procedure documentations.

Senior Customer Support Engineer, Manager

August 1999 - May 2004

Thinklink Networks, New York, NY

. Performed consulting for business web/application hosting solutions for

multiple clients, and supported network maintenance, hardware, software

installation, configuration, and troubleshooting, capacity planning,

security incident response and timely resolution of incident ticket.

Education

Pursued BS/MS in Computer Engineering at New York University-Polytechnic

Institute, Brooklyn, NY

Bachelor's Degree in Computer Science. Thomas Edison State College, NJ

Technologies

Operating Systems: Windows XP/Vista/7/ 2000/2003/2008 server family, Linux;

Solaris, HP-UX, Novell.

Software & Technologies: Firewall/Proxies, IPSec, VPN, SSH, PGP, PKI,

Encryption and Digital Signatures.

Perimeter: Cisco PIX, AAA, IDS, Radius, ACE, Juniper NetScreen, SSL VPN,

Checkpoint Firewalls, Websense.

Security Management: Oracle/Tivoli Access/Identity Manager, Varonis

DataPrivilege, Quest ChangeAuditor, Archer, Arcsight ESM, RSA envision,

SecurID, Symantec/RSA/Mcafee DLP, Qualys, Mazu, Encase, Nmap, Nessus,

Splunk, loglogic, TippingPoint IDS, Juniper IDP, OSSIM, Guardium, Imperva,

DBProtect.

Networking Technologies: TCP/IP, Ethernet, WAN Wireless, VLAN, VPN/IPSec,

Openview, Netcool.

Programming Skills: C, C++ (Intermediate); UNIX Scripting, Perl, Windows

Scripting.

Others: Microsoft Office Suite, Access, Project, Visio, HTML, SQL,

WebSphere, Remedy, PeopleSoft, .NET J2EE, XML, SAML, LDAP (Novell/ Sun).

Contact this candidate