Quality Assurance Management

Taran K Bhasin

516-***-**** acd5zo@r.postjobfree.com

Summary: 15 years’ experience in the field of IT Audit, Security and IT Risk Management; Infrastructure, Databases, Applications and

SOX Audits, Implementation Quality Assurance reviews, Business Process Re-engineering, Risk Control Assessments and Third Party

Assurance Services for Financial Services clients.

Objective – To seek a position as a Senior IT Audit Manager.

Work Experience

CitiCorp New York, NY

Technology Information Security Risk Management Consultant August 2012 – Present

o Risk Assessments and Quality Assurance reviews of Technology Infrastructure and Applications.

o Knowledge of Global Risk Management systems and processes including Information Security Risk Assessment Process

(ISRA), Third Party IS Assessments (TPISA), Infrastructure and Applications Risk Management, Information Security Incident

Risk Assessment (SIRT).

o Reviews of Issues, Exceptions and Remediation efforts by various teams globally including North America, Canada, Asia

Pacific, EMEA, Europe, South America and Australia.

o Provided training on Risk controls and use of Archer system to team members globally.

o Creation of Risk Metrics reports including for Senior Management providing a standard and consistent view of IS risks, issues,

actions and progress to all sectors, businesses and regions.

o Worked closely with Business Information Security Owners (BISOs), Technology Infrastructure Security Owners (TISOs),

Information Security Officers, Risk Officers, Business Owners, Audit Management and Citi Architecture and Technology

Engineering (CATE).

o Knowledge of Key Risk Management Systems: Archer, Integrated Corrective Action Plan System (iCAPS), City Information

Risk Assessment System (CIRAS), Third Party IS Assessment Questionnaire (iTPAQ), Citi Systems Inventory (CSI), City

Technology Catalog (CTC).

o QA Reviews including Risk assessments of Global Issues and Exceptions.

o Ensuring appropriate reporting of violations of CISS 8.0, COB, CITMS, System Security Testing (SSTS) standards.

o Reviews of Global Issues and Exceptions related to Application Vulnerability Assessments (AVA), Citi Infrastructure

Vulnerability Assessment (CIVA), Multi-Factor Authentication (MFA), Electronic Transfer Media (ETM), Vulnerability and Threat

Management (VTM), Continuity of Business (COB) etc.

Morgan Stanley New York, NY

Technology Information Security Consultant Sept 2010 – July 2012

o Infrastructure security reviews including AC2, RACF, Top Secret, AS400, Databases and Unix environments.

o Work closely with the business process owners, risk managers, security administrators, database administrators to evaluate and

monitor processes, design, controls and remediation of Issues.

o Developed and maintained SharePoint site for documenting security processes including provisioning, privileged access,

entitlement reviews, use of Functional Ids, Metrics reporting, tracking Issues, Exceptions and Remediation plans.

o Worked closely with risk managers and Audit management to discuss remediation plans for outstanding Issues.

Jefferson Wells New York, NY

IT Audit, Technology and Information Security Consultant June 2006 – May 2010

o Sarbanes Oxley Planning, aligning internal controls framework with global standards (HIPPA, COSO, COBIT, NIST, ISO,

HIPPA), Process reviews, developing test plans, execution of test plans and remediation of deficiencies for Financial and Insurance

clients.

o Strong knowledge of System Development Life Cycle (SDLC), participation in Pre-implementation, Post-implementation, and

Applications reviews. Participation in IT Project Initiatives of Mergers and Acquisitions and identification of opportunities for

conversion of applications/ data.

o Security entitlement reviews of various front and back-office applications including Treasury Management System (TMAN,

TREASURA), Bonds Access Management system (BAMS), JD Edwards and Great Plains Financial systems (Account Payables,

Account Receivables, General Ledger).

o Review of User acceptance (UAT) and Quality Assurance (QA) testing and independent testing for various applications including

BAMS (Bonds Access Management System) and Reinsurance systems.

o Change Management system reviews including PVCS, CVS and Tripwire.

o Knowledge of middleware including Informatica, Data Junction and MQ Series.

o Knowledge of SAP Basis/ Netweaver, SAP BW, segregation of duties (SOD) for SAP FI module and use of tools Virsa

Enforcer, Virsa Calibrator, SAP Netweaver/ Basis.

o Development and management of Microsoft SharePoint site to collaborate with security and risk managers during security and

risk reviews.

o Creation of reports in Business Objects.

Bank of America New York, NY

IT Audit Consultant Dec 2003 – June 2005

Security entitlement reviews of UNIX, AS400 and Windows environments.

o

Performed reviews of Sybase, Oracle, DB2 and SQL server database configurations and compliance with guidelines.

o

Knowledge of various project management methodologies including use of tools (Erwin, Test Director, ISS Scanner for

o

UNIX/ Windows, Cognos, Crystal reporting, Microsoft SharePoint).

Project Management and Applications Reviews including integrity controls, interfaces, file transmissions, input, output,

o

processing and security entitlement controls of Financial Applications such as Front-Office (Trading, Treasury, Credit Risk, Market

Risk) and Back- Office applications (Fixed Income and Equities ADP, General Ledger) systems.

o Reviewed TCRIS, MACRISK and ALGO (Credit, Market Risk and Collateral) systems functionality including risk engines

and analytical tools (Riskwatch and Risk Warehouse).

`

o

HSBC Bank New York, NY

Senior IT Audit Auditor Dec 1996 – Nov 2003

Developed detailed understanding of various financial assets and processes including equities, fixed income and

o

derivatives from applications risk and risk management perspective. Demonstrated expertise in understanding complex business

processes including front-office and back-office trading systems, securities custody and settlement processes and systems. Prepared

flowcharts using Visio to document process flows and identifying key risks and controls. Continuous Controls Monitoring and

consistent set of rules across businesses.

Applications Reviews including controls over interfaces, file transmissions, input, output and processing controls, integrity

o

of data and security entitlement reviews of FNX Option system, FX Foreign Exchange, PM Precious Metals, MUREX (Emerging

Markets), Electronic Data Interchange (EDI), Banknotes, Clearing House systems including DTCC, Euroclear and Cedel,

Silverlake Financial systems. Demonstrated global project experience.

Review of Business Recovery and Disaster Recovery processes and procedures and participation in routine tests.

o

Participation in Automation projects for the audit departments.

o

Use of Lotus Notes, Auto Audit, Microsoft Word, Microsoft Excel, Microsoft PowerPoint, Microsoft Project, Visio, ACL,

o

SQL Queries.

Implementation of six Sigma Tools including root cause analysis, management by facts (MBF), DPMO (Defects per

o

million outstanding), DFSS (Design for Six Sigma).

KPMG Peat Marwick New York, NY

IT Auditor May 1994 – Nov 1996

o Conducted SAS70 audits and reviews for major Third Party Data Centers including ADP and FISERV.

o Participation in Infrastructure audits including information security, databases (Oracle, Sybase), change controls, disaster and

business recovery of UNIX, Linux, Tandem, IBM Mainframe (MVS – CA Examine, ACF2, RACF, Top Secret) and AS/400

operating systems.

o Extensive experience with services industries and vendors including ADP (Brokerage Processing Services /BPS, IMPACT

/Fixed Income) and SUNGARD (INTRADER).

Applications reviews including Assets inventory, Checking, Savings, Demand Deposits and Investment Management

o

systems.

Education

STONYBROOK UNIVERSITY Stonybrook, NY

Masters in Economics

BA - Economics, Minor in Computer Science

Skills/Activities

o Excellent written and oral communications skills

o CISA – Certified Information Systems Auditor

o Various technical seminars and courses include; Certificate in Computer Information Systems, Queens College;

o Audit and control of Risk Management and Financial markets (Carnegie Mellon); International Money & Capital

o markets (New York Institute of Finance); Fundamentals of Securities Industries (New York Institute of Finance);

o Network TCP/ IP Windows NT Server (Global Knowledge); Certificate in Client/ Server technology including

courses in UNIX, Data Modeling, Oracle, programming concepts in E-Commerce.

o

Courses in SAP Virsa Enforcer and Virsa Calibrator (SAP); SAP Netweaver/ Basis, MySAP Finance Modules

o

including FI, Planning and Implementation SAP Projects (Skillsoft)

o Advanced skills in Microsoft Word, Excel, PowerPoint and SharePoint.

Contact this candidate