VIVEK SRIVASTAVA

209-***-**** acs5sw@r.postjobfree.com

Governance Risk Compliance & Cyber Information Security, Risk Advisory

PROFESSIONAL SUMMARY

** ***** ** ********** ** Governance Risk Compliance Implementation & Administration.

Expertise GRC Tool Archer,Agiliance,Business Analysis, High Level Design, Source Code

Execution of Project Plan,Budgeting,Cost Management, Scheduling Plan,Metrices Report

Compliance Manager, Policy Manager, Enterprise Risk Management, Vendor Risk Management

Threat & Vulnerability Management, Incident Management, Automated Data Collection, Security Assessment. Audit Management, Business Continuity Management, Workflows

Information Security Risk Management based on BITS Framework,COBIT,NIST 800-30, ISO 2700

RSA Archer eGRC Platform Version 5.5 (Application Builder, Access Controls, and Data Feed Manager, Business Continuity Management, Audit Management, Administration-Reports).

Hands on Exp in LDAP,Simple Network Management Protocol, Authentication, Single Sign-On

Exp in Risk Management, Threat, and Vulnerability Assessments, Authentication & Access Controls and Splunk Integration/Data Import Feed

Hands on in IT-GRC Domain with Regulatory compliance such as PCI/SOX/HIPAA/NIST/Cobit

Exp in Firewalls, Intrusion Detection Systems, Network switches and routers, Network Designs,VPN,,TCP/IP communications, Cloud Computing

Developed Test Scenario for Cluster/n-Tier Setup, Installation, Upgrade, Update, System, Integration

Implemented Performance Scalability Test, Big Data, Estimation, Planning and Execution

Developed Test Scenario in Vulnerability Assessment, Penetration Testing, Security Testing.

MyOneLogin, Multi Factor, Cookies/Certificate based Web Application, SAML, Single Sign On.

iKey/USB/OTP Token based Web Application

Smart Card/Public Key Infrastructure (PKI) based Web Application

Banking Domain –Cryptography, SSL/HTTPS, Encryption-Decryption-Web Based Application.

Developed Test Scenario for Web Based Browser Two Factors, ID Tool, Authentication Ladder.

Developed Test Scenario for Jasper Soft Reporting Tools to Manage the Report and Dashboard

Hands on Exp in Team Management, Task Management, Task Tracking and Report Management.

Hands on Exp in Agile-SCRUM Methodology Development and Release Process.

Developed Set UP for Configuration Management [CVS/SVN].

Hands on Exp in Testing protocol such as HTTP, HTTPS, SMTP, POP3, IMAP4, SSL, FTP,

Hands on Exp in Web Services Deployment, Web Security.API Testing.SQL Injection, Cross Site Scripting and Fiddler,Burp and Fortify Security Tools

Exp in Web Performance Load Test Tools 4.2

Exp in Mobile-e-commerce J2MEE based Web Application

UNIX, flavors (LINUX) and Windows platform and MYSQL5.5.

Mobile/Windows/Desktop Application, Client/Server Application.

Deployment of Web Based JAVA/J2EE /J2ME Application/VC++/MFC/C#/Dot Net Application.

Exp in Installer using Install Shield X for VC++/MFC Application.

EXPERIENCE:

Contracting with BNY Mellon as Vulnerability Manager-RSA Archer GRC from Oct 2015-Till Date

Contract with Deloitte as Governance Risk Compliance RSA Archer SME-July 2015-Sep 2015

Contract with Infosys, as Archer GRC Senior Engineer from April 2015 –June 2015

Worked with HCL Technologies as GRC Archer Associate Consultant-Dec 2014-March 2015

Worked with Agiliance, as Governance Risk Compliance Lead from March 2008-Nov 2014.

Worked with OutworX as Senior Software Engineer April 2004-Feb 2008

TECHNICAL EXPERIENCE SUMMARY:

Security Scanner Tool

Programming-Language

Web Technologies

C++ Technologies

RDBMS

Web Server

Operating Systems

Project Management Tool

Web Inspect7.5,Nessus 3.0,Qualys,Arcsight,Appscan,SkyBox,n-Circle,Eye-Retina,NetIQ

C++/Java and .Net, Ajax, Java Script, Groovy Script

Web 2.0, AJAX, Servlets, JSP, Applet, HTML, DHTML, XML, Asp. Net,.NetFramework

Windows Programming (Win 32), STL, MFC, Microsoft VC++ Studio.

Oracle 11g,MySQL5.5

Apache 2.0,Tomcat 5.0, IIS5.0,IIS6.0

Windows 2000 Professional, XP Professional,Linux,MAC (Macintosh),FreeBSD (UNIX),Windows Vista/Windows 2003/Windows 2008 Server

Web Load Test Tools, Smart Sheet Project Management Tracking Tool, QA Traq, Traqroot,JIRA,Sharepoint,Qualys Tool

EDUCATIONAL QUALIFICATIONS:

Master in Computer Application from School of Management Sciences, Varanasi-India

Bachelors of Science in Applied Mathematics, Physics from DDU University, Gorakhpur-India.

PROFESSIONAL EXPERIENCE DETAILS

BNY Mellon@ Pittsburgh,PA

RSA Archer-Cyber Security & Threat,Vulnerability Manager, Oct 2015-Till Date

Enterprise Governance Risk Compliance & Information Security

Working as a Vulnerability Manager with RSA Archer Developer to Designing/Configuring/resolving and fixing the Vulnerability Alerts,Qualys Scan Reporting, External Scan, Internal Scan,Remedy,BladLogic which has been reported into the Production for Security Incident Management Operations,Threat, Vulnerability Management Solutions, Finding Application, Remediation Application, validating Workflow,Notifications,Data Driven Events, Business Calculations, customizing the solutions using Application Builder, Designing fields, creating and evaluating Sub Forms,Designing i-views,Reports,Dashboards,Roles Access Permissions up to the Archer administration level, creating Reports/Validating Report, Datafeed,Manage workspaces, Manage Packaging, validating all the issues on Development and QA Environment and then moving smoothly on Production Environment for various On Demand Application Management, Facilities and Application, Policies, Control Procedures/Risk Framework

Deloitte, LLP @ Commonwealth Of PA,State Government,Harrisburg, PA

RSA Archer SME, July 2015-Sep 2015,Enterprise Governance Risk Compliance & Risk Advisory

Working as a RSA Archer Developer to Designing/Configuring/resolving and fixing the issue which has been reported into the Production for Security Incident Management Operations,Threat, Vulnerability Management Solutions, Finding Application, Remediation Application, validating Workflow,Notifications,Data Driven Events, Business Calculations, customizing the solutions using Application Builder, Designing fields, creating and evaluating Sub Forms,Designing i-views,Reports,Dashboards,Roles Access Permissions up to the Archer administration level, creating Reports/Validating Report, Datafeed,Manage workspaces, Manage Packaging, validating all the issues on Development and QA Environment and then moving smoothly on Production Environment for various On Demand Application and Technical Business Analysis for Threat and Vulnerability Management, Risk Management, Facilities and Application, Policies, Control Procedures/Risk Framework

Infosys@Aetna, Hartford, CT

RSA Archer Developer, April 2015-June 2015, Governance Risk Compliance,Information Security.

Worked as a RSA Archer Developer to resolving and fixing the issue which has been reported into the Production for Business Continuity Management, Incident Management,Vendor Risk Management Solutions, validating BCM Plan,Workflow,Notifications,Data Driven Events, Business Calculations, customizing the solutions using Application Builder, Designing fields, creating and evaluating Sub Forms,Designing i-views,Reports,Dashboards,Roles Access Permissions up to the Archer administration level, creating Reports/Validating Report, Datafeed,Manage workspaces, Manage Packaging, validating all the issues on Development and QA Environment and then moving smoothly on Production Environment for various On Demand Application and Audit Project Management using a risk-based scoping methodology along with Disaster Recovery Risk Management and Technical Business Analysis for Threat and Vulnerability Management, Risk Management, Compliance Management, Policy Management, Audit Management, Facilities and Application.

HCL Technologies, Noida India

RSA Archer Consultant Dec 2014-March 2015, Governance Risk Compliance, Information Security.

Worked as RSA Archer GRC Consultant/Administrator to Manage Users and Group, Manage Roles and Access Permissions, Manage Application, Manage i-Views,Manage Dashboards, Creating Application layout for various Solutions like Vendor Risk Manager, Compliance Manager, Enterprise Risk Manager, Policy Manager Solutions, Business Continuity Management, Incident Management Plan,Audit Management and Creating multiple email Notifications, Manage Workspaces, Data Driven Events, Business Calculations, customizing the solutions using Application Builder, Designing fields, creating and evaluating Sub Forms,Building i-Views,Building Reports, Dashboards, Managing Roles Access Permissions for various On Demand Application. Debug the Production issues on QA/Development Environment and Resolving/QA/Fixing/All reported issues on the Production/Development/QA Servers with Complete Business Analysis and Documentation

Business Analysis for Incident Management Plan

Business Analysis for Disaster Recovery Process.

Questionnaires/Assessment/Workflow/Program/Solution Process

Agiliance, Sunnyvale,CA

Governance Risk Compliance Lead & Information Security March 2008-Nov 2014

Agiliance System runs an enterprise-class server application to monitor and enforce policies, send and receive information from client “agents” and connectors, process, display all compliance and security risk data, and perform all other operations requested by users. Agiliance uses a relational database to store all policy compliance and security risk information and results, evidence, survey and questionnaire responses, and provides a web-based console application. Users can perform all operations to monitor and control Agiliance operations based on the roles and associated permissions that users have been granted by the Agiliance system administrator and need to connect the Agiliance Appliance to a network that has TCP/IP connectivity with the systems and computers you wish to monitor and manage.

Installed multiple configurations of Windows, Linux and Microsoft server software including Microsoft Active Directory, Configuring Servers with Apache, Tomcat, MySQL, Oracle on Windows for 32 and 64 bit platforms

Managed Vulnerability Assessment using IBM Security AppScan /Veracode Source Code Tool

Conducting Compliance Manager, Policy Manager, Enterprise Risk Management, Vendor Risk Management

Conducting Threat & Vulnerability Management, Incident Management, Automated Data Collection, Security Assessment

Common Control Framework

Correlates controls across multiple regulations, frameworks and programs enabling an organization to test once, and comply multiple times.

Automated Control Framework

Tests and reports control failures automatically without human intervention and without the use of surveys.

Policy Mapping Framework

Maps controls to policies and vice versa, enabling an organization to institute governance and track the automation and execution of policies against specific controls.

Risk Mapping Framework

Maps controls to standard or custom risk catalogs that further map to a risk management engine, enabling an organization to analyze the true business impact of control failures.

Technology- Java/AJAX, JSP, XML, HTML, Java Script/Xcode Server/hybrid web iOS/iPad

Agiliance, Hyderabad,India

Governance Risk and Compliance Lead March 2008-Nov 2014

Responsibility

Agiliance Big Data Risk Vision-Performance Requirements –

SOA based Web Service like import the Assets, Vulnerabilities and Controls data into Agiliance database. This component enables Third-party people to write the connectors to Agiliance product. ITGRCXML Web Service is developed as an Open source table component.

Compliance Management Server, a multiple-tiered auditing/risk management/compliance application comprised of an AJAX-based application running on Tomcat, Linux and Microsoft Active Directory network connectors, and Windows-based clients.

Browser sending request using https protocol to Apache Web Server, User Capacity Analysis calculates how many logged in concurrent users application can support based on the configured Performance Test, performance of the system as measured during the Test. Performance Test of many web pages, urls, page load times, data loading on landing pages, individual transactions of entire Web Application, User Authentication, Login, Logout.

Test Environment-System Details-RAM-4GB, Processor 2.67 GH, OS-Windows Server 2008 R2 Standard Type- 64 Bit.

Load Generation Machines Configuration Details-RAM-4GB, Processor 2.67 GH, OS-Windows Server 2008 R2 Standard System Type- 64 Bit.

Test Data Details-Create Data using MS Excel, XML for Server and CSV use in Web Performance Load Tester Tools.

Recording the Application Scenarios using Web Load Tester Tool

Technologies-Java/Mysql5.5/Oracle11g,Browser-Firefox8.0,IE6,IE7,IE8,2-tier,3-tier set up

Endurance Testing, Spike Testing-Memory Leaks, Disk I/O

Volume Test User should able to Import millions of User into Server

Volume Test User should able to Import millions of Assets into Server

Volume Test User should able to Import millions of Controls-Sub-Controls into Server

Volume Test User should able to create Multiple Program with assigning of Controls-Sub-Controls

Volume Test User should able to Complete the Assessments following different Stages of Workflows

Summarizes the Performance Test compliance at each user level. Each test will either pass, fail or be 'not evaluated' based on the selected analysis of business scenario at each user level.

Server Metrics-Estimated User Capacity,Maximum Users Analysed,Summary, Start Time,Duration,Completed Pages, Total hits,Peak hits/sec,Peak transfer speed,Peak cases/min,Total Pages Failed,Analysing Server logs/Results

Technology- Java/AJAX, JSP, XML, HTML, Java Script

Outworx- Guardian Edge, Pune,India

Sr.SQA Engineer April 2007-Feb-2008

1) GEHD: (Guardian Edge Hard Disk) is the most effective way to protect data on corporate laptop and desktop computers. This software offers: Full disk encryption, meaning that the software encrypts every sector on a computer hard drive, including temp files, system files and unused disk space.

Centralized management control over hard drive encryption settings, password settings, auditing and enforcement of information security policies Seamless integration with Windows Server 2003, Active Directory and all other Encryption Anywhere solutions access control for local and network resources using pre-Windows authentication. Robust recovery options, including Authentic-Check® self-service password recovery and reset tool that eliminates the need for Help Desk support due to forgotten passwords.

2) SEE-FD: (Symantec End Point – Full Disk Protection) is a product same as GEHD of Guardian Edge. This product has been collaborated with Symantec and has been designed as per requirement of Symantec.

Responsibilities-

Involvement in Preparation of Testing Strategy Document

Bug reporting and maintaining bug database

System Testing, Regression Testing and Build verification

Resolving Bug issues with developers

Installation and Configuration of the Product/Application

Technology- Java/J2MEE, JSP, XML, HTML, Java Script

OutworX, TriCipher, Noida,India

SQA Engineer Oct-2005-March-2007

TACS is a high assurance authentication system, which can issue easy to use credentials ranging from zero footprint solutions to strong, token-based solutions. The entire user sees is a login screen that requires a user name and password like they use today. TACS makes strong authentication easy to deploy. TACS stores credential data in a highly secure FIPS-rated appliance, ensuring both regulatory compliance and high assurance. TACS is designed for high availability and scalability.

Responsibilities:

Bug reporting and maintaining bug database

System Testing, Regression Testing and Build verification

Resolving Bug issues with Program Managers [USA]

Netscape/Mozilla with Linux, Safari/Firefox with MAC

Resolving Issues with Technical Support Team

Technology- VC++, Dot Net, Java/J2EE, JSP, XML, HTML, Java Script, Free BSD Database

OutworX, Lattice 3D, Noida,India

Software Engineer April-2004-Sep-2005

Plug in-Based Application (Desktop Application) through which user can get the Engineering Analysis and Measurement/Viewing of any 3D/2D/Images/CAD/GIF. Engineers and manufacturers can perform design review, simulate assembly processes, automate creation of 3D parts lists / BOM’s and create animations with even the largest 3D assemblies. Lattice's standards based XVL (extensible Virtual world description Language) technology provides secure, highly accurate and compressed 3D files that can be used, shared and easily supported by partners, suppliers, and internal departments in a lightweight browser-based solution.

Responsibilities-

Identify the Test Requirement of the Application.

Reporting Bug Defects and Resolving Customer Issues.

System Testing and Integration Testing and Regression Testing,

Reviewing the Functional and Technical Specifications.

Managed all Phases of Build and Release Activities.

Configuration Management Methodology.

Technology- VC++/MFC/Dot Net/Microsoft Visual Studio, Active-X-Controls, CORBA

Contact this candidate