Security Manager
Resume:
VAMSIDHAR PURANAM, CISSP, CISA
*********.*******@*****.***
Summary
. Ten years of experience in the field of Information Technology and
experience in diversified fields of Information Security/Governance,Application software development, maintenance, administration and re-
engineering projects in PeopleSoft, Java and mainframe related
applications
. Expert in implementation and administration of security for PeopleSoft
HRMS and Financial applications in large scale installations
. Has industry recognized certifications in security/audit
areas(CISSP/CISA)
. Experience in Implementing /analyzing Information Security / Audit
/Governance process for new implementations
. Experience in implementing Data Management /Data Security Policies
. Experience in implementing/analyzing Enterprise Information
Management policies and implementing industry best security practices
. Six years of experience in implementing comprehensive security
solutions for PeopleSoft Human Resources / Financial / Enterprise
Resource Management Systems
. Experience in change control and single sign-on systems
. Experience in implementing and creating security policies, standards,
and guidelines for PeopleSoft systems based on the enterprise
standards of the company
. Experience in implementing and creating security for business
intelligence systems / Business Objects and in implementing single
sign-on solutions between PeopleSoft / Business Objects
. Experience in implementing security polices and tools to implement
segregation of duties and least privilege principles in PeopleSoft
systems
. Experience in creating/testing Business Disaster/Continuity planning
. Experience in internal audit and Compliance functions
. Experience in participation of external audit for SOX compliance
Certifications
Certified Information Systems Security
Professional (CISSP)
Certified Information Systems Auditor
(CISA)
Technical Skills
ERP: PeopleSoft 8.8/8.42/8.0/7.5; GL, AR, AP, Billing, Treasury, Expenses,
eProc, PUR, INV & AM. PeopleSoft HRMS
8.8/8.3/8.0/7.x; Human Resource, Payroll, Benefits,
Administration, Base Benefits, Time and Labor and
Collaborative Applications (eProfile, ePay, eBenefits
& eRecruit)
PeopleSoft Tools: PeopleSoft Security, Application Designer,
PeopleCode, Ps/Query, Workflow, Process Scheduler,
Process Monitor, Upgrade Assistant, & Tree Manager
OLAP Tools: Business Objects XI R2, Crystal Reports XI, Hyperion Essbase
9.3.1
Job Scheduling Tool: CONTROL M Enterprise Manager
Data Management Tools: Data Mover, Import Manager.
Integration Tools: Application Engine, Application Messaging, Component
Interface and Business Interlink
Reporting Tools: SQR, PS/nVision, and Crystal Reports 8.5
Databases: Oracle, DB2 UDB, & MS Access
Project Profile
Bank of America Date: February, 2005 - March 2010
Position: Specialist Info Security Engineer
Job responsibilities in this position included:
. Implementing security policies, procedures, standards, and guidelines for
all PeopleSoft and related projects in accordance with the enterprise
guidelines. This also includes role-based access system policies and
procedures for User Administration.
. Implementing role-based security based on the Job functions for
PeopleSoft Finance /HR / EPM modules. Creating new roles and permission
lists and unit testing changes to determine that end users are not
inappropriately exposed to sensitive data.
. Analyzing and creating roles to implement data level security to enable
end users to retrieve to authorized Business Units and Departments
information necessary for their job responsibilities. Also, analyze the
changes to department hierarchy or consolidation of business units and
divisions and make the required security changes to the data level and
row level security.
. Analyzing database tables and implementing database roles so the end
users will not be able to access a higher level of information from the
database. Working with Database Admins to create views based on
restrictions such as business unit(s) and department(s) for user access
as detailed in the business requirements.
. Implementing security controls for securing PeopleSoft objects such as
trees, records, queries and implementing STAT for change control of these
objects.
. Performing regular audit on QA and unit test environments so no
authorized users/changes are present.
. Analyzing the new patches and modules for security bugs, vulnerabilities,
or incidents. Implementing vendor supplied security fixes thru the SDLC
process.
. Implementing and auditing for the least privilege policy on the user
roles.
. Analyzing the user roles for segregation of duties (SOD). Preparing SOD
matrix for new roles and analyzing SOD between Application Development
and production users, as well as between various Business functions like
Vendor Creation/Vendor approval.
. Implementing LDAP solutions for PeopleSoft to implement authentication
against Microsoft Active Directory to allow users to use the single sign-
on password to authenticate against the network /Business
Objects/PeopleSoft.
. Implementing PeopleSoft Portal to enable single sign-on for various
PeopleSoft modules such as Human Resources, Finance, EPM, and CRM.
. Implementing audit trails on all sensitive tables such as vendors, users,
and the customers profiles so all table alterations are tracked.
. Implementing timeout thresholds on both servers and applications to
enforce logoff inactivity limits.
. Conducting reviews to establish compliance with EIM standards/guidelines
. Creating password control policies and implementing password controls
based on enterprise security policy. Clipping levels were also set to
track incorrect login attempts.
. Working with internal and external auditors to ensure enterprise policies
are being followed for change management and user administration. Provide
base information to auditors to assist in the audit of users, objects,
and processes.
. Performing monthly and quarterly audits of roles and users with data
owners to verify the user roles are appropriate.
. Implementing policy for usage and audit of generic IDs and System IDs
within the PeopleSoft applications.
. Implementing audit trails on all sensitive tables such as vendors, users,
and the customers profiles so all table alterations are tracked.
. Configuring digital certificates for encryption in PeopleSoft
applications.
. Implementing security controls on the tables and data the users can query
in the Business Objects Business Intelligence System to enforce the same
access restrictions as in the PeopleSoft applications.
. Implementing security groups in Business Objects so users can run only
the reports assigned to them.
. Implementing controls on Metadata in EPM warehouse to allow only Super
Users access to the Metadata pages for update.
. Implementing data controls in EPM Warehouse for user level security based
on Business Unit /Department/ Accounts dimension.
. Working with Database Admins to implement data scramble in the test
environments so production data is not available to developers and other
non-approved users.
Experience Profile
Company: Satyam Computer Services, LTD. Date: February, 2002 -
February, 2005
6500 LeesBurg Pike
Vienna, VA 22182
Position: PeopleSoft Security Consultant
Job responsibilities in this position included:
. Implemented security policies, procedures, standards, and guidelines in
PeopleSoft applications based on the enterprise guidelines. This also
included role-based access policies and procedures for User
Administration.
. Created password control Policies and implemented password controls based
on enterprise security policies. Clipping levels were also set to track
incorrect login attempts.
. Worked with internal/external auditors to ensure enterprise policies were
being followed for change management and user administration. Provided
base information to auditors to assist in the audit of users, objects,
and processes.
. Performed monthly and quarterly audits of roles and users with the data
owners to verify the user roles were appropriate.
. Implemented the policy for usage and audit of generic IDs in the
PeopleSoft applications.
. Implemented role-based security for the job functions in PeopleSoft
Finance, HR, and EPM modules. Created new roles and permission lists and
unit tested changes to determine end users were not inappropriately
exposed to sensitive data.
. Analyzed and created roles to implement data level security to enable end
users to retrieve to authorized Business Units / Departments information
necessary for their job responsibilities.
. Analyzed database tables and implemented database roles so the end users
were not able to access a higher level of information from the database.
Worked with Database Admins to create views based on restrictions such as
business unit(s) and department(s) for user access as detailed in the
business requirements.
. Implemented security controls for securing PeopleSoft objects such as
trees, records, queries and implemented STAT for change control for these
objects.
. Performed regular audit on the QA/unit test environments so no authorized
users or changes were implemented.
. Analyzed new patches and modules for security bugs, vulnerability, and
incidents.
. Implemented and audited user roles for enforcement of the least privilege
policy.
. Analyzed the roles for segregation of duties (SOD). Prepared SOD matrix
for new roles and analyzing SOD between Application Development and
production users, as well as, business users as well as between various
Business functions like Vendor Creation/Vendor approval.
. Implemented LDAP solutions for PeopleSoft which implemented
authentication against Microsoft Active Directory to enable users to use
the single sign-on password to authenticate against the network/Business
Objects/PeopleSoft.
. Implemented audit trails on all sensitive tables such as vendors, users,
and customer profiles so all table alterations were tracked.
. Implementing timeout thresholds on both servers and applications to
enforce logoff inactivity limits.
. Configuring digital certificates for encryption in PeopleSoft
applications.
. Implementing controls on Metadata in EPM warehouse to allow only Super
Users access to the Metadata pages for update.
. Working with Database Admins to implement data scramble in the test
environments so production data is not available to developers and other
non-approved users.
. Provided upper management with security evaluations of new products and
modules.
. Worked with Auditors/Management to implement SOX changes required in the
documentation and roles.
Company: Satyam Computer Services, LTD. Date: November, 2001 -
February, 2002
6500 LeesBurg Pike
Vienna, VA 22182
Client: Standard Charted Bank, India
As a PeopleSoft Developer, installed the customizations required for the
implementation of PeopleSoft security as per Fit/Gap analysis. Provided
production support for the PeopleSoft security configuration for HRMS
production environment. Implemented the departmental security as per the
business needs. Developed batch jobs in COBOL to populate and delete users.
Participated in the re-design of the security procedures and in the
training of client personnel.
Company: Satyam Computer Services, LTD. Date: November, 2000 -
August, 2001
6500 LeesBurg Pike
Vienna, VA 22182
Client: LifetecNet Product Development
LifetecNet developed and delivered e-business solutions to Life and
Pharmaceutical industry. Responsible for designing and coding of the
security for the various profiles in the Lifetecnet product.
Responsibilities also included coding the various modules used by system
such as shipping, delivery and creation of invoices. Also involved in the
product unit and system testing phases.
Company: Satyam Computer Services, LTD. Date: May, 2000 - November,
2000
Floor I Mayfair Center
Secundarabad- 5000003
Tel: +91-40-306*****
Client: Voucher Shopping
The system is similar to a business-to-consumer shopping trolley style web
site. Instead of selling products, the site sold "gift vouchers" from
retailers to consumers. As a developer, was responsible for identifying
the system requirements, designing using UML methodology (Included database
and class design), coding Java and JSP pages and testing the application.
Company: Satyam Computer Services, LTD. Date: November, 1999 - May,
2000
Floor I Mayfair Center
Secundarabad- 5000003
Tel: +91-40-306*****
Client: Motor Insurance Quotation System
A standalone system was developed in Visual Basic for calculation of
Premium for Auto insurance.
As a developer, was responsible for identifying the system requirements,
designing using UML methodology (included database and class design),
coding Java and JSP pages and testing the application.
Company: Satyam Computer Services, LTD. Date: November, 1998 -
February, 1999
Floor I Mayfair Center
Secundarabad- 5000003
Tel: +91-40-306*****
Client: State Farm Insurance,Bloomington
As a Support Analyst, was responsible for corrections, modifications and
enhancements required by different customer applications to keep them
operational. It involved various stages of software engineering process
such as analysis, preparing technical system design (TSD) documents, code
change documents, coding, testing, reviewing, and checking the quality of
the software.
Education
Bachelor of Technology (B. Tech) - 4 year degree in Mechanical Engineering
Contact this candidate