Post Job Free
Sign in

Management Security

Location:
Cypress, TX
Posted:
March 13, 2014

Contact this candidate

Resume:

Rupinder Kaur

571-***-****

***** * ******** **** *** #1437, Houston TX 77065

*********@*****.***

OBJECTIVE

Seeking a position where I can grow professionally and further enhance my skills, knowledge, and

experience with Information Security policies and procedures, IT risk and controls (SOX, Non-

SOX), risk assessment, data analysis, reporting, problem solving, and leadership skills.

PROFESSIONAL EXPERIENCE

Freddie Mac, McLean, VA

Information Security Professional August 2013 – Jan. 2014

• Performed lifecycle management for Information Security policies, standards and configuration

requirements.

• Evaluated existing data security procedures and identify new areas of risk.

• Evaluated and managed the Violation Exception process to eliminate production outages and risk

exposure and ensure user accounts are in compliance.

• Performed Security Assessment activities related to External User Access.

• Worked with business areas to enhance security processes and controls into their technology solutions.

• Ensured that technology solutions that are being proposed are consistent with

Information Security policy, standards and data governance.

• Responsible of Information Security department reporting using advanced Excel functions as well as

Powerpoint presentations for Senior Management.

• Developed excellent client and internal relationships.

Freddie Mac, McLean, VA June 2011 – August 2013

Operational Risk Professional

• Lead the weekly issue status meetings to ensure issues are on target as well risks and controls

discussions with business partners from Information Security, Network Security, Database Management,

Backup & Recovery, Infrastructure Engineering processes.

• Performed root causes analysis for issues identified by Internal or External Auditors, Management Self-

Identified as needed.

• Documented potential issues and action plans to remediate those issues.

• Performed the Risk Assessment for Information Security, Network Security, Database Management,

Backup & Recovery, Infrastructure Engineering processes on quarterly basis.

• Facilitated the Operations Control project for ERM (Enterprise Risk Management) division by

mapping the best practices (ISO, NIST, ITIL, COBIT5, FFIEC) guidance to identify the gaps within

Freddie Mac’s IT processes.

• Worked closely with business partners drafting control wording to fulfill gaps identified during

Operations Control project.

• Assisted management to identify risks and mitigating controls during the audits and walkthroughs with

business partners.

• Managed Risk Acceptance process to exempt the accounts that are violating the Information Security

standards or controls. Assisted the management with recertifying the accounts in violation by

streamlining the renewal process and documenting Standard Operating Procedures.

• Worked closely with Internal Auditors to document potential issues in GRC (Governance, Risk and

Compliance) application and vet them with management and draft an agreed upon action to remediate the

finding.

• Generated Issues, Controls, and Risks reports for management and business partners.

• Continued building trustworthy relationship with business partners, Internal Audit, and team members.

Freddie Mac, McLean, VA Feb. 2010 – June 2011

Operational Risk Associate

Responsible for performing the following tasks that mitigate internal risks: by analyzing the root cause

and remediating Technology Services issues, assisting with testing the controls, reporting the issues’

status to business partners, and documenting closure packages to evidence the remediation of issues.

• Assisted in the remediation and closing of Technology Services issues.

• Assisted management preparing the material for performing the Risk Assessment for the following IT

processes: Change Management, Physical Security, Job Scheduling, Incident Response, Backup &

Recovery, Database Management and Configuration Management processes.

• Assisted management with providing controls guidance to identify risk and impact to the business and

systems during Internal Audit reviews.

• Assisted management with evaluating Operations domain controls for SOX designation by mapping to

COBIT objectives and prepared material for management to perform risk evaluation as a part of a

corporate-wide Controls Rationalization Initiative which reduced key controls by over 50%.

• Assisted business partners with Data Quality Risk and Control Self-Assessment.

• Performed Quality Assurance of Data Correction and Operations of Quality and Controls reports.

• Responsible for the communication with project managers for scheduling reviews, requesting

documentation and keeping the testers on target to meet deadlines.

• DBA for homegrown database tool called “Optima”:

• Removed and added users

• Backup and Recovery, Compact and Repairing the database

• Generated the monthly, quarterly, and yearly reports for the Delivery Services Leads, Directors,

VP, and SVP.

• Built strong relationships with business partners and team members by working collaboratively and

responsibly.

EDUCATION

B.S., Information Systems & Operations Management (Jul. 2009)

George Mason University, Fairfax, VA

Related Coursework

• Database Management Systems, Data Warehousing, and Data Mining

• Programming for Business Applications, Systems Analysis & Design, Public Sector IT Outsourcing,

and Management of Technology Projects

A.S., Business Administration (May 2006)

Northern Virginia Community College, Manassas, VA

CERTIFICATIONS

Oracle Database Specialist Certification (Dec. 2010)

Northern Virginia Community College, Manassas, VA

Business Information Technology Certification (Dec. 2010)

Northern Virginia Community College, Manassas, VA

CISA – June 2014

TRAININGS

Security Plus, Academy of Computer Education

IT Auditing and Controls Boot Camp, MIT

Operational Audit, The Institution of Internal Auditors

SQL Basics, ProTech

Leadership Competencies, Foundations of Risk Management, Interpersonal Communication Skills for

Individual Contributors at Freddie Mac University

QUALIFICATIONS & SKILLS

• Fluent in English, Hindi, Punjabi, and Urdu. Strong cross-cultural skills

• Successful team player with excellent oral, written, self-motivated, leadership, analytical,

organizational, problem solving, time management, presentation, and multi-tasking skills

• Proficient in the following softwares: GRC (Governance, Risk and Compliance), SharePoint, Planview,

Lotus Notes, Oracle Database 10g, Visual Basic .Net, Microsoft Word, Excel, Access, PowerPoint,

PageMaker, Project Management, Visio, and skilled at performing Internet-based research

• U.S. Citizen

REFERENCES AVAILABLE UPON REQUEST



Contact this candidate