Software Development Information Security
Resume:
Divya H N
Mobile: +1-945-***-**** E-mail: ad359d@r.postjobfree.com
GRC, TPRM, Vendor Management, VRA
Objective:
Over 12+ years of experience in various roles including software development, system administration, and project management. Seeking a senior leadership position in a dynamic organization where I can utilize my expertise in developing and implementing innovative IT solutions that drive business growth and deliver value to customers. Proven record of accomplishment of managing large-scale IT projects, leading cross-functional teams, and delivering projects on time and within budget. Passionate about staying up to date with the latest technologies and trends in the industry and committed to delivering exceptional results that exceed customer expectations.
Summary:
Specialized in implementation, administration and maintenance of IT Security and compliance related projects & Process with deadlines.
Experience in Performing Third Party Vendor Risk Assessments.
Experience with working on Service Now Vendor Risk management.
Have good knowledge of security regulatory standards like ISO27001, NIST, GDPR, PCIDSS, SOC 1 and 2, and SOC2TYPE2, IT-Audit, SOX, Audit Compliance related works within the organization.
Reconnaissance-Gathering information about the target system, networks and applications to understand potential entry points and vulnerabilities.
Regulatory Compliance and Policy development-ensuring that the Organization complies with relevant laws and regulations by monitoring changes in legislation and industry standards.
Conducting Risk assessment and analyzing the impact and likelihood of identified risk, prioritizing them for mitigation and developing strategies to mitigate or manage identified risk, which may involve implementing control measures, insurance, or other risk transfer methods.
SIEM, IDS/IPD Detection and identifying abnormal or suspicious activities within the IT environment that indicate threat and responding promptly to security incident by containing and mitigating and remediating threats to minimize damage and restore normal operations.
Have good knowledge on testing he Organization's susceptibility to social engineering attacks, such as phishing or impersonation to assess human related Vulnerabilities.
Part of internal audit: as an auditee conducted audit to assess the effectiveness of existing control and procedures.
Professional Organizations Details:
•Worked GRC Senior Information Security Analyst in Wells Fargo from December 2019 to Sept 2023.
•Worked as a Senior Information Security analyst from September 2017 to December 2019 at IBM.
•Worked as a Senior IAM Security Engineer from September 2014 to Sep 2017 at NTT DATA.
•Worked as a IDAM Admin from May 2011 to Sep 2014 at TATA Consultancy Services.
Education:
PGDBA (Post Graduation Diploma in Business Administration) from KSOU.
PGDSD (Post Graduation Diploma in Software Development) from CIST, Mysore University.
Master of Science (Information Technology) from KSOU, Mysore University.
Bachelor of Science from AVK College [Electronics (PME)] from Mysore University.
Technical Skills Set:
•IT GRC, IS)27001, SOX Complaisance, IT Audit,
•TPRM -Service Now
•RFPs for Identity Management, Access Management, 2FA, Privileged Identity Management, CIAM on various products (Azure AD, ADFS, Azure MFA).
•Splunk, IBMQradar, McAfee for threat analysis.
•Windows AD, VM’s, Azure Storage, Azure VNET, Azure Security Center, Subscription policies.
•PIM – CyberArk, IGA – SailPoint
Certifications:
Microsoft Azure Security Technologies (AZ-500)
Microsoft - Azure Administrator Associate (AZ-104)
Employer: Wells Fargo Pvt Ltd
Start Date: Dec 2019 – September 2023.
Position: Senior information Security Analyst
Working as a Senior information security analyst in Information security risk management area to perform vendor Technology risk management for risk level L3 vendors of the US Based Banking.
Vendor technology risk management which includes Findings management, Business Requirement analysts, Site visits & Vendor Assessments for Vendors risk levels of L3.
Verify that Vendor’s security practices, controls, and compliance with relevant standards applicable to their services, such as GDPR, HIPPA, NIST, ISO 27001, etc.
Evaluate potential vendors based on criteria such as their reputation, financial stability, technical capabilities, and alignment with business needs.
As a SOC analyst involved daily based activities like, Continuous monitoring Network traffic, systems, and logs in real-time to detect suspicious activities and potential security incidents.
Execute predefined incident response procedures to contain, mitigate, and remediate security incidents in a timely manner, and conduct forensic analysis of security incidents to determine the root cause.
Use data analysis tool and techniques to asses risk factors, trends and patterns, analyze compliance related data to identify areas for improvements.
Have good working experience with Splunk enterprise security for SIEM solutions offering advanced threat detection, investigation and response capabilities.
Classify and prioritize threats through use of cyber threat intelligence, intrusion detection systems, firewalls and other boundary protection devices, and any security incident management products deployed.
Evaluate the security risk associated with engaging Third-party vendors, considering factors such as the sensitivity of data shared, the vendor’s access privileges, and their security controls.
Develop and administer security questionnaires or assessments to gather information about the vendor’s security policies, practices, and controls.
Conduct on-site or remote security audits of Third-party vendors to assess their adherence to security standards, policies, and contractual obligations.
Work with vendors to address Identifies security gaps, vulnerabilities, and non-compliance issues through remediation plans and corrective actions.
Investigating and analyzing security events to determine their nature, severity, and potential impact on the organization, and involved in conducting forensic analysis of security incidents.
Develop use cases and create threat detection logic, and manage and maintain security technologies such as SIEM, IDS/IPD, end point protection, and threat intelligence platforms.
Experience with scripting or programming languages such as Python, Bash or PowerShell.
Have experience with cyber security tools like TrendMicro Antivirus, McAfee Web Gateway, Checkpoint Firewalls, Active Directory, and CyberArk, SailPoint.
Experience with Agile development methodologies, and strong analytical and problem-solving skills, also strong analytical and problem-solving skills with excellent communication and teamwork skills.
Conduct risk assessments to identify potential risk within the organization, including operational and compliance strategy, maintain accurate records of risk assessments compliance audits, and actions taken to address risk and compliance issues.
Performing 3rd Party Vendor Risk Assessments.
Performing & Monitoring Due Diligence Questioner (DDQ), Vendor Monitoring Questioner (VMQ) & VMQ Vulnerabilities also reviewing Vendor information security policy, Penetrations Testing results & Vulnerability assessments results for different vendor of the client.
Providing technical support for computer networks, including firewalls, operating systems and applications, patch management, and data security best practices.
Training staff on information security best practices to ensure compliance with company policies.
Conducting audits to ensure security protocols are being followed by staff.
Responsible for leading vulnerability audits, forensic investigations, and mitigation procedures.
Monitor and report in compliance with ISO27001 requirements, conduct internal audit to assess the effectiveness of the ISMS.
Developed and maintained security policies, procedures, and documentation to align with SOC2 requirements.
Asset Identification: identify and classify information assets, ensure appropriate protection measures are in place for assigned assets.
Performs and investigates internal and external information security risk and exceptions assessments. Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks.
Implementing processes, such as GRC (governance, risk and compliance), to automate and continuously monitor information security controls, exceptions, risks, testing. Develops reporting metrics, dashboards, and evidence artifacts.
Evaluated risks and develops security standards, procedures, and controls to manage risks. Improves PCC's security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
Oversee operational execution of vendor due diligence & Vendor Monitoring assigned to the VRM team including establishing control mechanisms to track timeliness and accuracy and consistency.
Updating the entire process of VTRM in Service Now based on the vendor requirement.
Provide support to the Cyber Security Operations Center and Threat Detection Teams with recommendations and handling of their requests for changes, updates and improvements of endpoint polices.
As part of Internal audit Evaluating the effectiveness on internal controls put in place to mitigate identified risks, such as access controls, change management processes, and data protection measures
Verifying compliance with external regulations, industry standards, and contractual obligations related to IT operations and DATA management.
Perform manual vulnerability assessment and escalate critical vulnerabilities to management and work with Threat management closely on new vulnerabilities/threats and perform ad-hoc scans.
Maintains an effective approach to problem solving, multi-tasking, coordinating, and scheduling in accordance with stated goals to ensure visibility and predictability.
Risk assessment in Service NOW- Identifying and evaluating potential risk that could affect the organization operational and compliance risk, and to ensure the organizations complies with relevant laws and regulations by monitoring changes in legislation and industry standards.
Collaborated with internal and external auditors to facilitate SOC 2 type 2 audits and overseeing the implementation of access controls and identity management measures the safeguard sensitive data same is implemented in SOC 2 type 2 report.
Policy development: developing and maintaining policies, procedures and guidelines to mitigate risk and achieve compliance.
Conducting risk assessment and analyze the impact and likelihood of identified risk, prioritizing them for mitigation, and developing strategies to mitigate or manage identified risk, which may involve implementing control measures, insurance, or other risk transfer methods.
Documenting: maintaining detailed records of risk assessments, compliance efforts, and audit results, and regularly reporting to senior management and stakeholders on the organization's risk exposure and compliance status, and provide training and raising awareness among employees.
Monitoring and testing; continuously monitor and testing the control sand compliance measures to incidents and breaches, including reporting to authorities when required.
Employer: IBM Pvt Ltd
Position: Senior IAM Security Engineer
Duration: Sept’17 to Dec’19
Recommends and participates in the design and implementation of standards security tools, and methodologies to meet the organization governance and compliance goals.
Effectiveness stakeholder engagement with good demonstrating and strong stakeholder management skills with effective communicating with internal and external stakeholders.
Providing the solution dec, efforts, and estimations, cost optimization high-level project role out strategy.
Provided oversight and reporting of third party by utilizing data and facts during evaluation process to satisfy regulatory Utilize vendor management system to document risk ratings on all vendors
Assessed inherent risk on vendors during Relationship review to ensure proper tier of Vendors
Collaborated with vendor's relationship owner to ensure information are corrected and valid in GRC Archer.
Conducted performance management with Business Unit to prevent services disruption or interruption
Conducted Security Assessment of all engaged Vendors by sending SIGs questionnaires to third Parties with security documentation request.
Stratified third parties based on risk to organization and performed SaaS assessments for all software vendors.
Actively managed all assessment deadlines by coordinating execution with both external third party and internal business partners.
Coordinated with external vendors to enhance and operate third party risk management program.
Responded to assessment and audit requests from clients.
Coordinated and managed internal and external assessment requests.
Reviewed information security requirements for both new and existing contractual agreements with outside parties
Reviewed contractual agreements with new, current, and prospective clients.
Updated and reviewed Information Security policies and procedures Review and enhance Technology and Security systems, processes, and tools to identify, track, and reduce risk within firm.
Prepared Reports and documentation process.
Reviewed controls population in SOC 2 type 2 and ensure Securities are implemented.
Uncovered risks and document controls in line with our risk appetite.
Documented findings and recommend risk mitigation plans for risks and controls.
Managed timely completion of information requests for third party products/services.
Led or contribute to strategic projects to enhance overall effectiveness of program.
Review, manage and update company Policies, Procedures and Controls implementation to ensure Laws and Regulation are respected.
Work in collaboration with Stakeholders to create new Policies that meet Company requirements.
Create monitor and submit policies exceptions for closure for activities that occurred and are against Company’s procedures.
Assist in internal and external Audits activities, by acting as a Liaison, preparing meetings, gathering documentation and evidences and assisting during controls review.
Work on findings identified by Auditors in Audits reports such as SOC2, 2.
Partake in Company Business continuity and running Tabletop exercises for IRP, CP and DR plan.
Conduct Cyber-training programs for new and existing employees, and conducting campaigns such as Phishing on a quarterly basis.
Provide monthly reporting to Upper Management in regards to environment cyber posture.
IGA –Identity governance and administration worked on automated JLM and workflow-based access request and Prepare Company for yearly ISO 27001 Compliance Certification
Experience with scripting or programming languages such as Python, Bash or PowerShell
Access control and governance and access certifications, SSO and MFA and self-service portal.
Great understanding in Active Directory and Azure Active Directory.
Deployed with Azure Application Gateway web application firewall (WAF), protection is easy to enable on any new or existing virtual network and requires no user configuration or application or resource changes.
Employer: NTT DATA Global Delivery Services Private Limited
Position: IAM Security Engineer
Duration: Sept’14 to Sept’17
Involved Requirement gathering & system design and architecture document for upgrading IDM environments (Dev/QA/Stage/PROD).
Assist new application with SSO integration, including configuring secure proxy server configuration.
Involved in Privileged Authentication Administration activities, Authentication Policy Administrator, User Administration.
Azure AD identity Management, Configure Azure AD SSO using Modern OAuth protocols-SAML, OAUTH, OIDC, Manage Azure AD permissions, Manage Forest/Domain/OU/User Object management 2.
Hands on experience in Conditional Access policies, Identity protection 3 Configuring B2B policies and B2C tenant, Configuring Hybrid Domain Join policies
Migration of Active Directory to Cloud, SAML integration using Azure Active Directory.
Experience includes design and implementation of Single Sign-On with SAML 2.0 and configuring identity provider and Service Provider.
Involved in Deployment/Administration of Azure AD Connect Tool, Configuring Synchronization Rules, Troubleshoot Synchronization Issues, Configuring Identity Governance policies, Configuring MFA.
Develop and implement process for responding to access-related security incidents, and investigate and remediation to any unauthorized or suspicious access activities.
Design overall IAM architecture and solutions, evaluate and select appropriate IAM technologies, including sailpoint Modules.
Design and building Sailpoint IIQ integration: this involves creating connectors to connect sailpoint IIQ with various applications, systems, and directories to exchange user and access data.
Customize and extend sailpoint functionality by writing scripts for task such as data import, business logic, and workflow customization by Java Beanshell.
Facilitating integration with external systems and applications by writing scripts to interact with API’s databases, or other platforms using java Beanshell.
AIM-designing, Implementing, and managing identity and access solution using Azure AD, including user provisioning, role-based access control (RBACK), and conditional access policies.
Employer: Tata Consultancy Services India Pvt Ltd.
Duration: May’11 to Sept ‘14
Tableau Developer (software Engineer)
Tools: Tableau
Creating dashboard for higher management and created hyperlink dashboards
Dashboard to calculate the server availability and to count the CR raised on weekly basis in Service now.
Data visualizations: proficiently create visually engaging and insightful data visualizations using tableau.
Design and building interactive dashboard those provide actionable insights for stakeholders.
Integrating data from various sources into tableau for comprehensive analysis.
Develop complex calculated fields and custom formulas to support data analysis.
Create data models and establish relationships in tableau for accurate reporting and analysis.
Contact this candidate