Management Security
Resume:
Mujahid Kamal
Compliance, governance, risk management, it security, it audit
CHICAGO IL 60630
********@*******.***
(773) 969 - 2300
PROFESSIONAL SUMMARY
Over 13 years of experience in the Information Technology industry and about 10 years of experience working with Law Enforcement Systems pertaining to Oracle applications, IT security, controls, Information systems management, audit and project implementation. My strength is centered on my ability to conduct readiness assessments, evaluate results, and present findings in a logical and easy-to-understand manner. I have been involved in project life cycle and several short and long term engagements. I possess the skills to quickly adapt to any environment. I am able to organize, prioritize, and meet tight deadlines. I have working knowledge of web application security grid, setting and maintaining the resources, compliance, procedures, policies and programs. I have been instrumental in creating audits and organization reports to upper management. I have broad understanding of most operating systems, databases, networking techniques, programming knowledge, servers and high level understanding of overall IT structure of an organization.
OBJECTIVE
Apply technology to align with business strategy to achieve the corporate goals using my diverse IT background.
EDUCATION
Internet Fraud / White Collar Crime Detection, MBA Jan 2007 – Dec 2009
Saint Xavier University, Chicago, Illinois USA
Studies Information Systems fraud detection, technical planning, and business case analyses, IT project management, and internet technologies.
Information Technology, Bachelor of Science, BSc Aug 1995 – Dec 1999
Northern Illinois University, DeKalb, Illinois USA
Studies focused on operations management, information systems, telecommunication, networking, programming, business forecasting and statistical decision making.
Economics, Bachelor of Arts, BA Jun 1987 – Jul 1989
University of the Punjab, Punjab.
Studies focused on macro economics, micro economics, accounting and business management.
Professional Trainings: Jan 2001 – Sep 2016
CISM – Certified Information Security Manager from Info. Security Institute
SharePoint Administration & Governance from Learning Tree International
ORACLE Introduction to the Web technologies from Oracle University, USA
ORACLE 10g Develop Applications Using HTML from Oracle University, USA
ORACLE 9iAS Generate Dynamic HTML from PL/SQL from Oracle University
ORACLE 11i Systems Administration from Oracle University, USA
ORACLE 9i Database Security from Oracle University, USA
ORACLE iDS Forms: Build Internet Application from Oracle University, USA
ORACLE Dynamic HTML and HTML_DB from Oracle University, USA
ORACLE 8i (SQL and PL/SQL) from Global Knowledge, USA
ORACLE 8i Developing PL/SQL Program Units from Oracle University, USA
ORACLE 8i Advanced PL/SQL SK from Oracle University, USA
ORACLE Data Modeling and Relational Database Design, SDLC from Oracle University, USA
Solaris 8 Operating Environment for Systems Administration from Sun Microsystems inc. USA
Solaris 8 Systems Administration I from Sun Microsystems inc. USA
Solaris 9 Intermediate Systems Administration II from Sun Microsystems ins. USA
Windows NT (Workstation & Sever 4. 0 – MCSE) Review Classes, USA
Intro to Cisco Routers and Switches (CCNA) from Global Knowledge Inc. USA
A + training from New Horizon group Inc. USA
Software Quality Assurance (QA) training
PCI DSS - Payment Card Industry Data Security Standards
PROFESSIONAL EXPERIENCE
Manager Information Security Aug 2015 – Present
Chicago Housing Authority, Chicago, Illinois USA
Developing, maintaining and helping to ensure the enforcement of Authority-wide information security policies, procedures and controls are up to date.
Overseeing the deployment and integration of new or enhanced security solutions.
Serving as an advisor on IT security-related issues across the Authority.
Developing and executing an ongoing training and awareness program on matters related to information security.
Assessing ITS procedures and activities to ensure appropriate controls are in place for system-related activities.
Sr. IT Security Consultant (IT Governance Risk & Compliance) Mar 2015 – Aug 2015
Allstate Insurance Company, Northbrook, Illinois USA
Frameworks utilized, NIST 800-53, HIPAA, PCI DSS, GLBA, SOX, ISO 27000 series.
Leading IT risk assessment initiative for newly operational overseas location.
Revised & updated IT security standards and compliance controls (NIST800)
Established communication among IT stakeholders and IT risk partners.
Leading GRC strategy & roadmap as required by IT Security Management.
Security compliance metrics (PowerPoint, Excel) to ensure compliance.
SME on various IT domains and provided consulting services to team members.
Worked with Archer GRC tools to manage assessment records for remediation.
Developed IT Risk Register & initiated remediation process.
Updated IT Security policy & procedures to eliminate control gaps.
Effectively utilized KCIs, KRIs & KPIs
Sr. IT Security Consultant (IT Governance Risk & Compliance) Sep 2014 – Mar 2015
Bank of America, Addison, Texas USA
Governance Risk & Compliance team for Enterprise PCI DSS adherence project.
Participated in GRC strategy and roadmap as required by management
Security compliance metrics (PowerPoint, Excel) to ensure PCI DSS compliance (KPIs)
Assessed, verified and perform remediation to address control gaps.
SME on audit and logs requirement and assessment.
Worked with Archer GRC tools to manage assessment records for remediation.
Tracked Common Control Assessments (Excel) (CCA) with third party / vendors.
Participated in Pre and post life cycle assessment (KPIs, KRIs & KCIs)
Worked with Security Matrix and reporting (PowerPoint, Excel)
Established communication with Line of Business (LOBs) and risk partner to address control gaps.
Worked with IT Security policy and procedures to eliminate control gaps.
Sr. IT Security Consultant (Governance Risk & Compliance) Oct 2013 –July 2014
Trust Insurance Company, Chicago, Illinois USA
Initiated and led IT risk management for the IT department.
Provided guidance to the stakeholders to identify, address and remediate IT risks.
Implemented controls (ISO 27001-5) to mitigate IT risks and developed metrics.
Performed PCI DSS & HIPAA audit, tracked and prioritized the vulnerabilities.
Updated and implemented IT Security Policy & IT Best practices thought out the organization.
Monitored QualysGuardPCI vulnerabilities and worked with various teams for remediation.
Tracked DLP (Data Loss Prevention) vulnerabilities and coordinated with various teams for the remediation (Excel)
Worked with vulnerability management tools & performed remediation to minimize the IT risk.
Managed application access via RBAC (Role Based Access Management).
Provided secure application guidelines to the application development team.
Determined the presence of the application vulnerabilities. Plan and executed the remediation strategy.
Prepared and managed weekly IT risk reports for the IT management (PowerPoint)
Coordinated with risk partners to inform and planning for the vulnerabilities
Performed troubleshooting, tested for quality assurance and analyzed system on regular.
Made recommendations for the improvement of hardware and software solutions.
Tracked Active Directory, Email security (ProofPoint), antivirus (Sophos) vulnerabilities, and managed remediation process.
Lead System Administrator / Team Lead Apr 2013 – Oct 2013
USITplus Business Solutions, Chicago, Illinois USA
Client 3: Bank of America
Worked with IT Risk management and addressed remediation (KPIs, KRIs)
As a team member, review and revised IT Security policy.
Monitored system performance logs and tracked vulnerabilities.
Monitored and managed Antivirus Console and Qualys vulnerabilities.
Special focus on GLBA vulnerabilities and remediation process for the applications.
Applied ISO controls and created control gap.
Participated systems administration planning, testing, and implementation meetings with the in house and outside vendors.
Coordinated with IT Risk partners and stake holder for the vulnerability management.
Participated in for the Data Leakage prevention (DLP) vulnerabilities management process.
Senior Systems Administrator Feb 2011 – Feb 2013
USITplus Business Solutions, Chicago, Illinois USA
Client 1: SAC Wireless Inc. (Feb2012 – Feb 2013)
Client 2: Rewards Network Inc. (Feb 2011 – Jan 2012)
Worked with systems vulnerabilities, created log management systems.
Performed application security (access management) and user authorizations review.
Enhanced users, accounts and permissions management system.(RBAC)
Worked with a team to provided input on updated IT Security Policy.
Prepared GLBA compliance report for the application access management.
Performed data analysis to identify data integrity issues, rendered systems solutions proposals.
Provided deployment assistance (SDLC), JAD sessions, IT solution evaluations.
Provided training on new systems, bug tracking and reporting mechanism.
Assisted other Security Administrators with the implementation of security controls in new and existing applications and systems.
Involvement in the design phase of corporate/divisional security enhancement projects.
Participated in the business impact analysis, risk assessments for new systems, testing and reporting PowerPoint, Excel)
Sr. Application Security Administrator – IT Security Group Oct 1999 – Dec 2010
Chicago Police Headquarters ( IT Division), Chicago, Illinois USA
Role based permissions (RBAC) and access handling on all systems resources.
Oracle Access Management (OIM), Web Access Management (WAM) and Single Sign on (SSO).
Managed day to day user access requests for granting / revoking access on various systems of the police department applications and other web resources.
User Access Management Audit, Reporting and aligning with Business rules.
User account management, password management, user profile management.
Data analysis for business intelligence (BI) for decision making by upper command.
High level Helpdesk support on various occasions for law enforcement users city wide.
Training Police staff on various database technologies and applications.
Complex SQL and (PL/SQL) codes/ queries and report generation (Crystal Reports).
Remote and wireless resource management (VPN) for the law enforcement systems.
Information system security policy and procedures.
Audit and compliances tracking on the various systems used by the department.
Joint application design (JAD) session and system development session (SDLC).
Newly developed software test, automated / manual testing of applications.
Created automated programs to compliment technologies used by law enforce.
Operational support of the law enforcement applications.
Research & Development (R&D) on various law enforcement cutting edge technologies.
Systems and database security and designing of security modules.
Physical security management of Police HQ via computerized security system (CCTV – SimplexGrinnell).
Worked with the mainframe systems to provide support.
Y2K readiness for the law enforcement systems.
Projects at Chicago Police Headquarter ( IT DIVISION)
Successfully accomplished the task as a senior team member to migrate mainframe to client server system of Chicago Police Department for the compliance of Y2K readiness. Worked on various tasks of the project such as networking, servers, databases etc.
Lead the team in a project to replace the Police Officer’s identification systems with a modern state of the art system to provide a detailed computerized identification for the law enforcement.
Designed and implemented security modules for the web based law enforcement software applications for the Chicago Police. Improved the system and network security based on my recommendations.
Over 500 different law enforcement agencies profiles were created (from all over the USA), created agency administrators and delegated them with second level admin access in order for them to allow related law enforcement users to tap into Chicago Police Department IT resources (remotely and securely) to share the vital data and information for fight crime on city, state and federal level.
Information Technology Consultant May 1999 – Sep 1999
TEK Systems Inc, Rolling Meadows, Illinois USA
One of the team lead in Windows NT migration projects for Motorola Inc. at Libertyville.USA
Network Coordinator, I/T Specialist Apr 1998 – Mar 1999
Micro Computer Inc., Morton Grove, Illinois USA
Responsible for complete support of IT infrastructure.
University Computer Lab Assistant, Summer Intern Jan 1996 – Jul 1997
Northern Illinois University, DeKalb, Illinois USA
Shift in charge at the university technology lab.
AWARDS
Crime reduction with effective use of technology presented by Superintendent of Police, Chicago
“Honorable Mention” for upgrading the Chicago Police Department network system, Chicago
William Foley Instructor award for the system training provided by the Chicago Police, Detective Division.
WORK STATUS
Permanent Resident –GREEN CARD
REFERENCE
Furnished upon request
Formal Trainings
Law Enforcement- Systems
PL / SQL
HTML
HTML DB
Apex
CCNA
TCP /IP
Unix Sys. Admin I
Unix Sys. Admin II
MCSE
JAVA
C +
Solaris 8
Solaris 9
A+ Plus
Windows
DOS
Oracle (various)
SUN
Skills
-Police Systems
-Audit / Policy
-Management
-Data Modeling
-Application Design
-SDLC
-Web- based technologies
-System security
-Database security
-App. security
-JAD
-Windows
-IBM
-Oracle
-UNIX
Related Course Work
-Management
-Corporate Fraud
-Internet Fraud
-Financial Fraud
-Networking
-DB- technologies
-Relational_DB
-Telecom
-Networking
-Programming
-Finance
-Mgmt. Accounting
-Marketing
-Business Law
-Corporate Law
-Corporate Policy
Awards
Crime reduction with effective use of technology presented by Superintendent of Police, Chicago, USA.
“Honorable Mention” for upgrading the Chicago Police Department network system.
William Foley Instructor award for the system training provided to the Chicago Police detectives.
License:
Real estate Broker, State of Illinois, USA (2007-current)
Contact this candidate