VIVEK SRIVASTAVA
209-***-**** acs5sw@r.postjobfree.com
Governance Risk Compliance & Cyber Information Security, Risk Advisory
PROFESSIONAL SUMMARY
** ***** ** ********** ** Governance Risk Compliance Implementation & Administration.
Expertise GRC Tool Archer,Agiliance,Business Analysis, High Level Design, Source Code
Execution of Project Plan,Budgeting,Cost Management, Scheduling Plan,Metrices Report
Compliance Manager, Policy Manager, Enterprise Risk Management, Vendor Risk Management
Threat & Vulnerability Management, Incident Management, Automated Data Collection, Security Assessment. Audit Management, Business Continuity Management, Workflows
Information Security Risk Management based on BITS Framework,COBIT,NIST 800-30, ISO 2700
RSA Archer eGRC Platform Version 5.5 (Application Builder, Access Controls, and Data Feed Manager, Business Continuity Management, Audit Management, Administration-Reports).
Hands on Exp in LDAP,Simple Network Management Protocol, Authentication, Single Sign-On
Exp in Risk Management, Threat, and Vulnerability Assessments, Authentication & Access Controls and Splunk Integration/Data Import Feed
Hands on in IT-GRC Domain with Regulatory compliance such as PCI/SOX/HIPAA/NIST/Cobit
Exp in Firewalls, Intrusion Detection Systems, Network switches and routers, Network Designs,VPN,,TCP/IP communications, Cloud Computing
Developed Test Scenario for Cluster/n-Tier Setup, Installation, Upgrade, Update, System, Integration
Implemented Performance Scalability Test, Big Data, Estimation, Planning and Execution
Developed Test Scenario in Vulnerability Assessment, Penetration Testing, Security Testing.
MyOneLogin, Multi Factor, Cookies/Certificate based Web Application, SAML, Single Sign On.
iKey/USB/OTP Token based Web Application
Smart Card/Public Key Infrastructure (PKI) based Web Application
Banking Domain –Cryptography, SSL/HTTPS, Encryption-Decryption-Web Based Application.
Developed Test Scenario for Web Based Browser Two Factors, ID Tool, Authentication Ladder.
Developed Test Scenario for Jasper Soft Reporting Tools to Manage the Report and Dashboard
Hands on Exp in Team Management, Task Management, Task Tracking and Report Management.
Hands on Exp in Agile-SCRUM Methodology Development and Release Process.
Developed Set UP for Configuration Management [CVS/SVN].
Hands on Exp in Testing protocol such as HTTP, HTTPS, SMTP, POP3, IMAP4, SSL, FTP,
Hands on Exp in Web Services Deployment, Web Security.API Testing.SQL Injection, Cross Site Scripting and Fiddler,Burp and Fortify Security Tools
Exp in Web Performance Load Test Tools 4.2
Exp in Mobile-e-commerce J2MEE based Web Application
UNIX, flavors (LINUX) and Windows platform and MYSQL5.5.
Mobile/Windows/Desktop Application, Client/Server Application.
Deployment of Web Based JAVA/J2EE /J2ME Application/VC++/MFC/C#/Dot Net Application.
Exp in Installer using Install Shield X for VC++/MFC Application.
EXPERIENCE:
Contracting with BNY Mellon as Vulnerability Manager-RSA Archer GRC from Oct 2015-Till Date
Contract with Deloitte as Governance Risk Compliance RSA Archer SME-July 2015-Sep 2015
Contract with Infosys, as Archer GRC Senior Engineer from April 2015 –June 2015
Worked with HCL Technologies as GRC Archer Associate Consultant-Dec 2014-March 2015
Worked with Agiliance, as Governance Risk Compliance Lead from March 2008-Nov 2014.
Worked with OutworX as Senior Software Engineer April 2004-Feb 2008
TECHNICAL EXPERIENCE SUMMARY:
Security Scanner Tool
Programming-Language
Web Technologies
C++ Technologies
RDBMS
Web Server
Operating Systems
Project Management Tool
Web Inspect7.5,Nessus 3.0,Qualys,Arcsight,Appscan,SkyBox,n-Circle,Eye-Retina,NetIQ
C++/Java and .Net, Ajax, Java Script, Groovy Script
Web 2.0, AJAX, Servlets, JSP, Applet, HTML, DHTML, XML, Asp. Net,.NetFramework
Windows Programming (Win 32), STL, MFC, Microsoft VC++ Studio.
Oracle 11g,MySQL5.5
Apache 2.0,Tomcat 5.0, IIS5.0,IIS6.0
Windows 2000 Professional, XP Professional,Linux,MAC (Macintosh),FreeBSD (UNIX),Windows Vista/Windows 2003/Windows 2008 Server
Web Load Test Tools, Smart Sheet Project Management Tracking Tool, QA Traq, Traqroot,JIRA,Sharepoint,Qualys Tool
EDUCATIONAL QUALIFICATIONS:
Master in Computer Application from School of Management Sciences, Varanasi-India
Bachelors of Science in Applied Mathematics, Physics from DDU University, Gorakhpur-India.
PROFESSIONAL EXPERIENCE DETAILS
BNY Mellon@ Pittsburgh,PA
RSA Archer-Cyber Security & Threat,Vulnerability Manager, Oct 2015-Till Date
Enterprise Governance Risk Compliance & Information Security
Working as a Vulnerability Manager with RSA Archer Developer to Designing/Configuring/resolving and fixing the Vulnerability Alerts,Qualys Scan Reporting, External Scan, Internal Scan,Remedy,BladLogic which has been reported into the Production for Security Incident Management Operations,Threat, Vulnerability Management Solutions, Finding Application, Remediation Application, validating Workflow,Notifications,Data Driven Events, Business Calculations, customizing the solutions using Application Builder, Designing fields, creating and evaluating Sub Forms,Designing i-views,Reports,Dashboards,Roles Access Permissions up to the Archer administration level, creating Reports/Validating Report, Datafeed,Manage workspaces, Manage Packaging, validating all the issues on Development and QA Environment and then moving smoothly on Production Environment for various On Demand Application Management, Facilities and Application, Policies, Control Procedures/Risk Framework
Deloitte, LLP @ Commonwealth Of PA,State Government,Harrisburg, PA
RSA Archer SME, July 2015-Sep 2015,Enterprise Governance Risk Compliance & Risk Advisory
Working as a RSA Archer Developer to Designing/Configuring/resolving and fixing the issue which has been reported into the Production for Security Incident Management Operations,Threat, Vulnerability Management Solutions, Finding Application, Remediation Application, validating Workflow,Notifications,Data Driven Events, Business Calculations, customizing the solutions using Application Builder, Designing fields, creating and evaluating Sub Forms,Designing i-views,Reports,Dashboards,Roles Access Permissions up to the Archer administration level, creating Reports/Validating Report, Datafeed,Manage workspaces, Manage Packaging, validating all the issues on Development and QA Environment and then moving smoothly on Production Environment for various On Demand Application and Technical Business Analysis for Threat and Vulnerability Management, Risk Management, Facilities and Application, Policies, Control Procedures/Risk Framework
Infosys@Aetna, Hartford, CT
RSA Archer Developer, April 2015-June 2015, Governance Risk Compliance,Information Security.
Worked as a RSA Archer Developer to resolving and fixing the issue which has been reported into the Production for Business Continuity Management, Incident Management,Vendor Risk Management Solutions, validating BCM Plan,Workflow,Notifications,Data Driven Events, Business Calculations, customizing the solutions using Application Builder, Designing fields, creating and evaluating Sub Forms,Designing i-views,Reports,Dashboards,Roles Access Permissions up to the Archer administration level, creating Reports/Validating Report, Datafeed,Manage workspaces, Manage Packaging, validating all the issues on Development and QA Environment and then moving smoothly on Production Environment for various On Demand Application and Audit Project Management using a risk-based scoping methodology along with Disaster Recovery Risk Management and Technical Business Analysis for Threat and Vulnerability Management, Risk Management, Compliance Management, Policy Management, Audit Management, Facilities and Application.
HCL Technologies, Noida India
RSA Archer Consultant Dec 2014-March 2015, Governance Risk Compliance, Information Security.
Worked as RSA Archer GRC Consultant/Administrator to Manage Users and Group, Manage Roles and Access Permissions, Manage Application, Manage i-Views,Manage Dashboards, Creating Application layout for various Solutions like Vendor Risk Manager, Compliance Manager, Enterprise Risk Manager, Policy Manager Solutions, Business Continuity Management, Incident Management Plan,Audit Management and Creating multiple email Notifications, Manage Workspaces, Data Driven Events, Business Calculations, customizing the solutions using Application Builder, Designing fields, creating and evaluating Sub Forms,Building i-Views,Building Reports, Dashboards, Managing Roles Access Permissions for various On Demand Application. Debug the Production issues on QA/Development Environment and Resolving/QA/Fixing/All reported issues on the Production/Development/QA Servers with Complete Business Analysis and Documentation
Business Analysis for Incident Management Plan
Business Analysis for Disaster Recovery Process.
Questionnaires/Assessment/Workflow/Program/Solution Process
Agiliance, Sunnyvale,CA
Governance Risk Compliance Lead & Information Security March 2008-Nov 2014
Agiliance System runs an enterprise-class server application to monitor and enforce policies, send and receive information from client “agents” and connectors, process, display all compliance and security risk data, and perform all other operations requested by users. Agiliance uses a relational database to store all policy compliance and security risk information and results, evidence, survey and questionnaire responses, and provides a web-based console application. Users can perform all operations to monitor and control Agiliance operations based on the roles and associated permissions that users have been granted by the Agiliance system administrator and need to connect the Agiliance Appliance to a network that has TCP/IP connectivity with the systems and computers you wish to monitor and manage.
Installed multiple configurations of Windows, Linux and Microsoft server software including Microsoft Active Directory, Configuring Servers with Apache, Tomcat, MySQL, Oracle on Windows for 32 and 64 bit platforms
Managed Vulnerability Assessment using IBM Security AppScan /Veracode Source Code Tool
Conducting Compliance Manager, Policy Manager, Enterprise Risk Management, Vendor Risk Management
Conducting Threat & Vulnerability Management, Incident Management, Automated Data Collection, Security Assessment
Common Control Framework
Correlates controls across multiple regulations, frameworks and programs enabling an organization to test once, and comply multiple times.
Automated Control Framework
Tests and reports control failures automatically without human intervention and without the use of surveys.
Policy Mapping Framework
Maps controls to policies and vice versa, enabling an organization to institute governance and track the automation and execution of policies against specific controls.
Risk Mapping Framework
Maps controls to standard or custom risk catalogs that further map to a risk management engine, enabling an organization to analyze the true business impact of control failures.
Technology- Java/AJAX, JSP, XML, HTML, Java Script/Xcode Server/hybrid web iOS/iPad
Agiliance, Hyderabad,India
Governance Risk and Compliance Lead March 2008-Nov 2014
Responsibility
Agiliance Big Data Risk Vision-Performance Requirements –
SOA based Web Service like import the Assets, Vulnerabilities and Controls data into Agiliance database. This component enables Third-party people to write the connectors to Agiliance product. ITGRCXML Web Service is developed as an Open source table component.
Compliance Management Server, a multiple-tiered auditing/risk management/compliance application comprised of an AJAX-based application running on Tomcat, Linux and Microsoft Active Directory network connectors, and Windows-based clients.
Browser sending request using https protocol to Apache Web Server, User Capacity Analysis calculates how many logged in concurrent users application can support based on the configured Performance Test, performance of the system as measured during the Test. Performance Test of many web pages, urls, page load times, data loading on landing pages, individual transactions of entire Web Application, User Authentication, Login, Logout.
Test Environment-System Details-RAM-4GB, Processor 2.67 GH, OS-Windows Server 2008 R2 Standard Type- 64 Bit.
Load Generation Machines Configuration Details-RAM-4GB, Processor 2.67 GH, OS-Windows Server 2008 R2 Standard System Type- 64 Bit.
Test Data Details-Create Data using MS Excel, XML for Server and CSV use in Web Performance Load Tester Tools.
Recording the Application Scenarios using Web Load Tester Tool
Technologies-Java/Mysql5.5/Oracle11g,Browser-Firefox8.0,IE6,IE7,IE8,2-tier,3-tier set up
Endurance Testing, Spike Testing-Memory Leaks, Disk I/O
Volume Test User should able to Import millions of User into Server
Volume Test User should able to Import millions of Assets into Server
Volume Test User should able to Import millions of Controls-Sub-Controls into Server
Volume Test User should able to create Multiple Program with assigning of Controls-Sub-Controls
Volume Test User should able to Complete the Assessments following different Stages of Workflows
Summarizes the Performance Test compliance at each user level. Each test will either pass, fail or be 'not evaluated' based on the selected analysis of business scenario at each user level.
Server Metrics-Estimated User Capacity,Maximum Users Analysed,Summary, Start Time,Duration,Completed Pages, Total hits,Peak hits/sec,Peak transfer speed,Peak cases/min,Total Pages Failed,Analysing Server logs/Results
Technology- Java/AJAX, JSP, XML, HTML, Java Script
Outworx- Guardian Edge, Pune,India
Sr.SQA Engineer April 2007-Feb-2008
1) GEHD: (Guardian Edge Hard Disk) is the most effective way to protect data on corporate laptop and desktop computers. This software offers: Full disk encryption, meaning that the software encrypts every sector on a computer hard drive, including temp files, system files and unused disk space.
Centralized management control over hard drive encryption settings, password settings, auditing and enforcement of information security policies Seamless integration with Windows Server 2003, Active Directory and all other Encryption Anywhere solutions access control for local and network resources using pre-Windows authentication. Robust recovery options, including Authentic-Check® self-service password recovery and reset tool that eliminates the need for Help Desk support due to forgotten passwords.
2) SEE-FD: (Symantec End Point – Full Disk Protection) is a product same as GEHD of Guardian Edge. This product has been collaborated with Symantec and has been designed as per requirement of Symantec.
Responsibilities-
Involvement in Preparation of Testing Strategy Document
Bug reporting and maintaining bug database
System Testing, Regression Testing and Build verification
Resolving Bug issues with developers
Installation and Configuration of the Product/Application
Technology- Java/J2MEE, JSP, XML, HTML, Java Script
OutworX, TriCipher, Noida,India
SQA Engineer Oct-2005-March-2007
TACS is a high assurance authentication system, which can issue easy to use credentials ranging from zero footprint solutions to strong, token-based solutions. The entire user sees is a login screen that requires a user name and password like they use today. TACS makes strong authentication easy to deploy. TACS stores credential data in a highly secure FIPS-rated appliance, ensuring both regulatory compliance and high assurance. TACS is designed for high availability and scalability.
Responsibilities:
Bug reporting and maintaining bug database
System Testing, Regression Testing and Build verification
Resolving Bug issues with Program Managers [USA]
Netscape/Mozilla with Linux, Safari/Firefox with MAC
Resolving Issues with Technical Support Team
Technology- VC++, Dot Net, Java/J2EE, JSP, XML, HTML, Java Script, Free BSD Database
OutworX, Lattice 3D, Noida,India
Software Engineer April-2004-Sep-2005
Plug in-Based Application (Desktop Application) through which user can get the Engineering Analysis and Measurement/Viewing of any 3D/2D/Images/CAD/GIF. Engineers and manufacturers can perform design review, simulate assembly processes, automate creation of 3D parts lists / BOM’s and create animations with even the largest 3D assemblies. Lattice's standards based XVL (extensible Virtual world description Language) technology provides secure, highly accurate and compressed 3D files that can be used, shared and easily supported by partners, suppliers, and internal departments in a lightweight browser-based solution.
Responsibilities-
Identify the Test Requirement of the Application.
Reporting Bug Defects and Resolving Customer Issues.
System Testing and Integration Testing and Regression Testing,
Reviewing the Functional and Technical Specifications.
Managed all Phases of Build and Release Activities.
Configuration Management Methodology.
Technology- VC++/MFC/Dot Net/Microsoft Visual Studio, Active-X-Controls, CORBA