Management Security
Resume:
JUBIN STEPHEN
GRC Consultant- Information Security
Plano, Texas
Mobile: 469-***-****
E-Mail: *******.******@*****.***
Skype: jubin.stephen Best time to call: Anytime
LinkedIn: in.linkedin.com/in/jubinstephen
Personal Details:
Gender: Male
Nationality: Indian
Marital Status: Married
Date of Birth: 22/11/1983
Visa : H1B
Availability: Within 2 weeks
Aspiring for a suitable position in an esteemed organization to utilize experience and expertise inensuring the security, integrity, accuracy and availability of all the enterprise information
SUMMARY:
A certified Lead Auditor and GRC Consultant with 10 years of experiencein Information Security
Successfully worked for ISAE3402(formerly known as SAS70) Audits, Internal and other Third Party Audits
Profound Understanding of SOX 404 and compliance requirements
ComplianceTesting and monitoring of the Risk BasedIT General controls (ITGC) and Internal Framework and reporting of deficiencies - controls to comply withISAE3402, SOX, ISO 27001, PCI DSS and other internal Risk based controls
Experience working in SAP GRC PC (Process Control)as a solution for Internal Controls Management
Conversant withSAP RM (Risk management) and SAP AM (Audit Management)
Abreast knowledge on
oRegulatory compliance models viz., SSAE16, HIPPA, SOX, GLBA
oGovernance framework including COBIT, COSO and Risk IT
Proven competency in understanding Segregation of Duties and Audit Compliance Standards
Well acquainted with Security controls inMainframe, Wintel, Midrange, AS400 and Tandemplatforms
Innate ability towork on multiple tasks and an enthusiastic to learn new technologies in area of scope
Ability to work effectively in cross-functional team environments and with people from diversified backgrounds
Team Management and responsible for the service delivery of the team and ensure SLA and KPI’s are met as committed to customers
ExcellentTechnical Documentation, Communication, Decision Making, Organizational and Analytical skills
Trained on Six Sigma Green Belt
SKILL SET & TECHNOLOGY
Certifications
ISO 27001 LA, CPISI – PCI DSS, Currently pursuing CISA Certification
Industries
Banking, Insurance, Healthcare, Utilities, Retail, Telecommunication, Information Technology, E-commerce, Accounting, Chemicals, Consumer Goods, Consumer services, Computer Software/Hardware/Networking, Financial Services, Food& Beverages, Human Resources, Legal services, Pharmaceuticals, Staffing and Recruiting, Warehousing
Primary Domain
Information Security
Security Domains
Security management practices
Access control systems and methodology
Telecommunications and networking security
Cryptography
Security architecture and models
Operations security
Application and systems development security
Physical security
Business continuity and disaster recovery planning
Laws, investigation, and ethics
Platform
Governance Risk Management and Compliance (GRC), IS Audits and Compliance
Standards
ISO 27001 LA, PCI DSS, ISO 31000, ISO 31010, ISO 22301
Regulations and Frameworks
Sarbanes-Oxley Act (SOX)
Payment Card Industry Data Security Standard (PCI DSS)
Gramm-Leach-Bliley Act (GLB)
Health Insurance Portability and Accountability Act (HIPAA)
Federal Information Security Management Act (FISMA)
Control Objectives for Information and Related Technology (COBIT)
Risk IT
Val IT
National Institute of Standards and Technology (NIST) SP 800
North American Electric Reliability Corp. (NERC)
Tools
SAP GRC, Mainframe Security – Resource Access Control Facility (RACF), Access Control Facility (ACF2 by CA), IBM Z- Secure
/Other skills
ISAE 3402 audits
IS Compliance
ITGC Testing
Risk Management
Audit Management
Process Control
ISMS
CISA
Mainframe Security – Logical Access Controls
Windows Security - Logical Access Controls
Unix/ Linux security - Logical Access Controls
AS400/ Tandem Security - Logical Access Controls
RACF – Resource Access Control Facility
ACF2 – Access Control Facility
Six Sigma
LANGUAGE SKILLS
Fluent in English and Tamil
Conversant with basic German
EDUCATION
Bachelor of Engineering, KCG College of Tech, Hindustan Group of Institutions, India 2006
PROFESSIONAL EXPERIENCE
Wipro Technologies, Chennai Aug2014 – Till Date
GRC Process Control Consultant
(Client: British American Tobacco)
SupportSAP Governance, Risk and Compliance solutions for British American Tobacco (BAT)
Use SAP GRC PC (Process Control) module as a solution for internal controls management that enables Audit team to gain better visibility into key business processes and ensure high level of reliability in reporting
Follow controls based approach to manage risk in business processes and comply with regulatory act like SOX etc.
Provide authorization for process control and advice suitable changes for different business requirements around different geographies
Involved in ComplianceTesting and monitoring of the Risk BasedIT General controls (ITGC) and Internal Framework and reporting of deficiencies- controls related toISAE3402, SOX and other internal Risk based control using the HP Internal tool ESIS (Enterprise Security Information System) based on the GRC Archer Framework
Propose custom enhancements in Process Controls which are appropriate at Client engagements to optimize GRC PC utilization and maximize value addition for the client
Conduct issue management and remediation
Provide consulting services on Information security controls
Perform:
oContinuous Control Monitoring, including,Automate compliance, control monitoring and internal control management across the enterprise
oPolicy Compliance Management including, Creation, approval and distribution for sign-off (e.g. SOBC)
oWorkflow driven controls assessment
Wipro Technologies, Chennai Aug2014 – Till Date
GRC Consultant
Been an effective part in preparing demo and POC for various clients to provide an enterprise Risk Management solution using SAP’s RM module
Involved in creating POC for various clients for SAP Audit Management
Governance of Risk and Audit through periodic scorecards to senior management via KRIs/KPIs on Information Security and IT risk management parameters
Manage Risk & Control self-assessments – Review & Approve testing.
Wipro Technologies, Chennai Aug2014 – Till Date
Technical Lead
(Client: British American Tobacco)
Responsible for end to end management of the team in terms of service delivery
Responsible to ensure that SLA and KPI’s are met as committed to the customer
Preparation and sharing of the weekly/monthly/yearly SLA and KPI reports to the clients
Responsible for process improvement by implementing industry best practices to ensure delivery
Ensure Adherence to process compliance based on organization/client standards, frameworks and tools
Ensure that all teams comply with processes as part of service delivery
Ensure adequate protocol related and process training of all study team members.
Evaluate current processes for efficiencies and quality as well as make recommendations to management for improvements
Proactively escalate performance related concerns with appropriate line management
Develop and manage team member’s transition plan when required
Participate in recruitment programs (Campus and lateral)
Mphasis, an HP company, India Jul 2009 Aug 2014
IT General Controls Testing
(Clients: Australian and New Zealand Banking and Telecomm Clients)
Conduct of Testing of design and testing of effectiveness of controls to comply with SOX, ISO27001, ISAE3402 and other Internal Risk Based Controls for Australian and Nez Zealand banking and Telecomm Clients
Report findings and make recommendations for the correction of noted control deficiencies, improvements in operations, and reductions in cost.
Logical Access Control – Review and maintain compliance on Mainframe, Wintel and Unix platforms for severalBanking and Telecom clients of Australia / New Zealand and also on AS400 and TANDEM platforms
Change Management – Work on Information Security changes to ensure compliance on all Wintel and Midrange servers in the Data Centre before entering the production stage
Physical Security – Verify compliance on the physical control security for various clients on aon-going basis
Disaster Recovery/ Backup Recovery – A annual review of the BCP and DRP procedures for various clients
Mphasis, an HP company, India Jul 2009 Aug 2014
SAS70/ ISAE3402 Audit Co-ordination and Facilitation:
(Client: Commonwealth Bank of Australia)
Perform Internal Pre-audit to test compliance on the Mainframe, Wintel and Unix platforms
Involved in full audit facilitation with the auditors and stakeholders
Implemented and changed Hardware and System software
Responsible for Physical Access, Logical Access (Mainframe, Windows and Unix), Computer operations, Network operations Physical Environment and Data Backup
Collected and Verified all evidences prior to submitting to the auditors
Scheduled and conducted Kick off and AIF meetings with the Auditors and Stakeholders
Review the Final Audit Report papers ensuring that all required tasks are completed effectively, including Documentation, feedback implementation, issues resolution and Audit findings
Ensured the non-conformance items found during the course of audit are remediated and closed
Mphasis, an HP company, India Jul 2009 Aug 2014
CMM/ QMS Implementation:
Co-ordinate benchmarking against QMS V3 for the project
Reviewed and maintained the process specific &technology specific documents for the projects
Performedperiodic review and weekly quality review in line with the QMS requirements
Helped in creating process and technology specific documents in line with the QMS requirements
IBM India Pvt Ltd.,India Nov 2006 – May 2008
Subject Matter Expert
(Client: Royal and Sun Alliance, UK)
SME of the team with 45 agents with responsibilities that includes SPOC for various process related client queries and escalations
Worked on compliance Projects on RACF and ACF2 system; Performed compliance checks on security standards
Acted as a Quality Analyst and conducted quality review on a monthly basis
Acted as facilitator and coordinator and audited Quarterly SOX
SPOC for project documents: Development and maintenance of the Work Group Handbook and other documents and forms registered in the work group’s quality system
Hiredand trained both process and technologies
Conducted 1 on 1 meeting on a monthly basis for employee development and Process management
IBM India Pvt Ltd., India Nov 2006 –July 2009
User Administration on RACF OS 390 Security server:
(Client: Royal and Sun Alliance, UK)
Complete user ID management including Creation, Amendments, datasets and DB2 table access on 9 different LPARS.
Application access to IMS, TPX and CICS.
Creation and Password management for special user IDs like FTP and Server Ids.
Amending user accounts with various Security Admin Reports (SAR).
Run JCL Batch Jobs and check the job output.
Checking System Log to assess the problems.
Scrutinize the Ids for Special and Audit attribute for Users.
Checking the TPX (Session Manager) profiles.
Resetting the passwords and also giving no expiry passwords for multiple user ids by running JCL's.
Creation of Datasets and Members.
Monitor and analyze user requirements.
Troubleshooting user problems using remote administering/viewing tools like Tivoli.
Administrating and creating XP users and groups, giving permissions for network resources.
Process the user requirements to an agreed scope and time scale.
Providing floor technical support to team members for resolving the user’s issue.
IBM India Pvt Ltd., India Nov 2006 –July 2009
User Administration on ACF2:
(Client: Royal and Sun Alliance, UK)
Complete user ID management including Creation, Amendments
Application access to IMS, SICS, TSO / ISPF, RIS, MIS, Access to Teradata NC-Tokens (key fob) SICS and Datasets.
Creation and Password management for special user IDs like Server Ids.
Amending user accounts with various Security Admin Reports (SAR).
Handling quarterly access review (SOX AUDIT) in ACF2.
Resetting the passwords and also giving no expiry passwords for multiple user ids by running JCL's.
Creation of Datasets and Members.
Monitor and analyze user requirements.
Troubleshooting user problems using remote administering/viewing tools like Tivoli.
Providing floor technical support to team members for resolving the user’s issue.
Maples ESM Technologies Ltd., India Aug 2006 – Nov 2006
Software Engineer Trainee
Customization and Maintenance of system data sets (like PARMLIB, PROCLIB)
System Start Up and Shut Down
Coding JCL procedures for various system activities like Backup and Restoration Etc.
Volume initialization, VTOC resizing, DASD administration
Automation of house keeping jobs
Backup and restore
RACF ADMINISTRATION:
Creating and maintaining profiles
Auditing unauthorized resource access
Providing Access and managing Users and groups
TRAINING & CERTIFICATIONS
From BSI, India:
oISO 27001:2005IRCA Certified Lead Auditor - Training and Certification – Apr 2013
From SISA, Chennai
oPCI DSS - CPISICertification (Certified Payment Card Industry Security Implementer) – Jan 2013
From Mphasis (Internal Training and Certificaitons):
oITIL V3 Foundation Certification - 2012
oCISA – Internal Training for all modules - 2012
Currently preparing for CISA (Certified Information Systems Auditor) Certification and planning to take the certification exam in June 2015 (Mentor: Jayanandan Subramanian – Chennai Chapter 2nd Rank holder in CISA)
From Wipro (Internal Training and Certification)
oSIX SIGMA – Green Belt : Training and internally certified
COURSE
Completed a 5 months Mainframe – Z/OS System Administration course, Maples ESM Technologies, India –2006
Underwent CISA Review Course in ISACA Chennai chapter
AWARDS
Received at Mphasis:
oTop Rater during fiscal year 2013-2014 and 2011-2012
oChampion Award during fiscal year 2010-2011, 2011-2012 and 2012-2013
Received at IBM:
oIndividual Champion in the month of Nov 2007, Mar 2008 and Apr2008
oAchiever Award in the month of May 2008 June 2008
GLOBAL EXPOSURE
Interacted with clients and employeesfrom different parts of the world including UK, US, Australia, New Zealand, Scotland and Malaysia
References would furnish on request
Contact this candidate