Post Job Free
Sign in

Information Security Manager

Location:
Hebron, CT
Posted:
August 10, 2020

Contact this candidate

Resume:

Bala Subramaniyam Ramamoorthy

****.*******@*****.***, 860-***-****, Hartford, CT

PROFESSIONAL SUMMARY:

11+ years of experience in Information Security Domain with key focus in Identity and access management implementation and information security consulting engagements.

Currently work as a Senior Security Consultant in one of the top 5 Healthcare customers in United States and leads Identity and Access Governance initiative to achieve regulatory compliance (HIPAA, SOX, SOC, FTC etc.,) and ensure clients adhere to security controls.

Worked as an Identity and Access Management Business Analyst for some of fortune 500 customers across multiple domains including Banking and Financial Services, Healthcare, Retail, Consumer Goods and Insurance.

Possess advanced knowledge and expertise in gathering requirements for Identity and Access Management implementation projects using techniques including workshops, white boarding sessions, stakeholder interviews, questionnaires, and extracting information from existing BRDs, FRDs, Use case document and Design document.

Expertise in interacting and collaborating with stakeholders to capture business requirements and translate them into functional and technical requirements.

Extensive experience in creating Business Requirements Document, Functional specification document, Use Case document, Process Flows, and Requirement Traceability matrix.

Expertise in performing comparative analysis of various Identity and Access Management Products and recommended best fit solution for client’s business needs.

Advanced knowledge in Role Based Access Control processes, Attribute based access control, Segregation of Duties (SOD), Role Mining, Role Life Cycle Certification, Role Maintenance

Expertise in Access Governance and Certification processes, conducted access reviews by initiating the periodic access review process and supported security audit

Extensive experience in creating role engineering processes and framework addressing the client’s role model to meet industry standard in role engineering.

Experience in various software development life cycles such as waterfall, agile, linear etc. through number of client engagements.

Strong knowledge in project management, people management, customer engagement and project delivery management.

Some of key customers served are Capital One, PepsiCo, CVS Health, Moody’s, Horizon BCBC and Bank of New York Mellon (BNYM)

SECURITY AREA OF EXPERTISE:

Identity and Access Management implementation, advisory and consulting

Identity and Access Governance (IGA)

Access Certification

Identity Analytics and Reporting

Business Analysis

Requirements Management

Data Security Standards – NIST, ISACA

Role Based Access Control

Role Engineering and Entitlement Management

Risk and Compliance Management (SOX, HIPAA, SOC, GLBA)

Project Management

Change Management

User Acceptance Testing and Co-ordination

SDLC – Agile, Waterfall

Security Operations – Managed Services

Application Security

Delivery Management

TECHNICAL SKILLS:

Tools

SailPoint IIQ, CA Identity Manager, Sun Identity Manager, Oracle Identity Manager, CyberArk, Active Directory, LDAP, TPAM

Productivity Tools

Microsoft Office, Microsoft Visio, Camtasia, MS Publisher, uPerform

Operating System

Windows, Linux

Database

SQL

Programming Languages

Java, PHP

Location

United States, India

RECENT ENGAGEMENTS:

PROJECT PROFILE:

Project Title

Identity and Access Management Data Transformation

Client

CVS Health (Aetna)

Role

Senior Identity and Access Management Functional Consultant

Duration

Jan 2018 to till date (30 Months)

Location

United States

Tools

In-house automation jobs, Active Directory update utilities, LDAP, CA Identity Manager, MS Office, MS Visio

Methodology

Agile

PROJECT DESCRIPTION:

Project is to perform Identity and access management (IAM) data transformation by identifying identities/accounts/entitlements and updating them with meaningful supplemental data (Owners, Description, Risk, Privileged Indicator) to support Periodic Access Review process and Access Analytics process.

CLIENT DESCRIPTION:

A leading healthcare insurance company based out of North America

ROLES AND RESPONSIBILITIES:

As an Identity and Access Management lead consultant, have conducted sessions with client enterprise application teams, information security subject matter experts (SMEs) to gather information on existing identity data that needs a refresh.

Performed data analysis and developed an approach for cleaning up accounts and entitlements to reduce security and performance risk associated and enhanced the existing Access Analytics, Periodic Access Certification, and Provisioning process.

Developed a roadmap for implementing and executing Identity and Access Management (IAM) data transformation that included: Account/Group Ownership Remediation, De-provisioning accounts/entitlements that are no longer required, update key attributes of accounts/entitlement to provide meaningful description.

Conducted outreach programs with application owners, account and entitlement owners, subject matter experts, security analysts and gathered data clean-up requirements.

Lead data clean-up initiative for updating non-person accounts, active directory groups to meet security standards and regulatory compliance (SOX, HIPAA etc.) needs and de-provisioning of non-person accounts and active directory groups that are identified as no longer needed.

Created templates for collecting data related to entitlements, accounts and active directory groups from owners. Performed analysis of data collected and prioritized data that needs to be cleaned up, drive rules and patterns for identifying the data to be cleaned up.

Worked on building automated jobs to perform data cleansing activities, ran executable batch processes to perform bulk update of accounts/entitlements/groups.

Created processes to perform de-provisioning of accounts/groups/entitlements that are no-longer needed and executed the deletion of accounts/groups/entitlements using executable jobs by following client standards.

Created and managed master trackers for monitoring progress and weekly reporting. He developed a dashboard to report key metrics of the initiative to top management.

PROJECT PROFILE:

Project Title

Application Onboarding and Provisioning Automation

Role

Senior Identity and Access Management Business Analyst

Client

Capital One

Duration

Feb 2017 to Dec 2017 (11 Months)

Location

United States

Tools

SailPoint IIQ, MS Office, MS Visio

Methodology

Agile

PROJECT DESCRIPTION:

Project is to automate user provisioning and access certification by onboarding financial services applications into SailPoint IIQ.

CLIENT DESCRIPTION:

A leading financial services company based out of North America

ROLES AND RESPONSIBILITIES:

As a Senior Business Analyst, Bala Subramaniyam Ramamoorthy was involved in gathering business requirements from client stakeholders: Business SMEs, Application Analysts, Risk Management team by conducting workshops, whiteboard sessions, questionnaires and converting those it into technical requirements.

Acted as the main liaison between Development team and Business team and ensured the technical solution match the business/functional requirements.

Performed requirements analysis and converting them into multiple use cases in form of application onboarding questionnaire/templates.

Created application onboarding templates and questionnaires for SailPoint connectors: AD, Flat File, JDBC, SalesForce, Custom Connectors (Robotic Process Automation (RPA) Based Framework).

Created application integration documents by collecting details of entitlements, roles, risk level, PCI/PII data classification, approval levels, workflows, data custodian, aggregation methods, and stored procedures and tailored it for consumption of integration engineers.

Conducted sessions with the Service integration team and gathered technical requirements using whiteboard sessions, demos and KT sessions.

Created application onboarding roadmaps, application integration trackers periodically and reported to senior management.

Co-ordinated user acceptance testing and conducted demos with business owners and application owners on implemented solutions.

Created and presented metrics and dashboard to management on application onboarding progress, impediments tracker and mitigation strategies.

Engaged in other activities such as preparing and presenting post production issue tracker and daily management dashboards for Business Risk Office.

PROJECT PROFILE:

Project Title

Identity and Access Management Migration from Oracle Waveset to CA Identity Manager

Role

Senior Identity and Access Management Business Analyst

Client

PepsiCo

Duration

Oct 2014 to Nov 2015, Aug 2016 to Jan 2017 (18 Months)

Location

United States

Tools

Oracle Waveset, CA Identity Manager, MS Office, MS Visio, MS Publisher, UML, Camtasia, uPerform

Methodology

Waterfall

PROJECT DESCRIPTION:

Project is a multiple year Security Management Program involving migration of current Identity and Access Management product suites to CA based Suites.

CLIENT DESCRIPTION:

A leading consumer goods company based out of North America

ROLES AND RESPONSIBILITIES:

Conducted multiple requirement gathering workshops with client stakeholders - SMEs, Application owners, Architect and gathered business and technical requirements.

Analyzed gathered requirements and converting them into Use Case Document, Business process document.

Conducted multiple requirements validation sessions with the SMEs and Architects and validate captured requirements.

Created Requirements Specification document and Use Case document for Identity and access management for below scenarios,

oUser Management - Joiners, Movers, Leavers scenario

oUser Provisioning and De-provisioning

oPassword Management, User Registration

oPassword Policies

oUser Self Service

oApplication Access Request Framework

oAccess Request Forms and Custom Work Flows

oService Desk View and Administration of User

oIdentity Data Migration

oThird Party Management - Groups and Custom Workflows

oUser Onboarding Automation

oUser Termination Process Definition

oDelegated Administration and Separation of Duties (SoD)

oPolicy Management.

Created current and future process diagrams for scenarios such as Joiner, Mover and Leaver.

Defined the processes for Third Party Organization Management and Delegated administration.

Created and managed Requirements Traceability Matrix, UAT Test Cases and coordinated User Acceptance Testing Process.

As an Organization Change Management lead, worked with client stakeholders in understanding change management requirements and prepared communication and training plan.

Worked with application owners and subject matter experts to under training needs and created multiple artifacts such as help guides, reference workbooks.

Gained experience in tools such as Camtasia, uPeform and created Instructor led training presentations, eLearning courses, learning videos for the key use cases that were implemented as a part of Identity Management Solution.

Co-ordinated training activities and ensured availability of training environment round the clock.

PROJECT PROFILE:

Project Title

Role Management Framework

Role

RBAC Consultant

Client

Moody’s

Duration

Nov 2015 to July 2016 (8 Months)

Location

United States

Tools

SailPoint IIQ, MS Office, MS Visio

Methodology

Agile

PROJECT DESCRIPTION:

Project is to create Role management framework by establishing industry best Role Engineering process and governance around it.

CLIENT DESCRIPTION:

A leading financial rating firm based out of North America

ROLES AND RESPONSIBILITIES:

Conducted multiple workshops with business owners and application owners to gather current role management processes, organization units, business functions, job functions, application entitlements, AD groups.

Validated requirements with the key stakeholders from the Business and Information security team.

Established a role mining process by creating a hybrid role modeling approach which is a combination of both top down and bottom up approach.

Evaluated various organization units and created Business roles and mapped it with the IT Roles/Application Roles.

Worked with the application owners and established mapping between IT Roles to Entitlements.

Established a standard model for role engineering processes for Business Roles and Application Roles.

Created Business Roles for various lines of businesses based on the company’s organization structure, job description, and hierarchy.

Defined Standards, Guidelines, Processes and Procedures for Role Management, Created Role Governance Council charter

Created processes, workflows for Role Lifecycle Management, Role Recertification, Role Maintenance and Access Request workflow.

Worked with SMEs from information security team, application team and defined entitlement matrix template with procedure for creating entitlement matrix.

Entitlement matrix was created and delivered by adapting the CRUD framework.

Defined business to application role mapping and delivered industry compliant Role Management Framework for managing user access requests based on roles.

PROJECT PROFILE:

Project Title

Role Based Access Control – Access Governance and Re-certification

Role

Identity and Access Management Business Analyst

Client

BNYM

Duration

May 2012 to June 2013 (13 Months)

Location

Chennai

Tools

SailPoint IIQ, MS Office, MS Visio, MS Publisher

Methodology

Agile

PROJECT DESCRIPTION:

The project focused on onboarding client’s application pool into SailPoint Identity Management tool and creation of access re-certification as a part of Access Governance mandates.

CLIENT DESCRIPTION:

A leading investment management and investment services company based out of North America

ROLES AND RESPONSIBILITIES:

Conducted requirements workshops with stakeholders on Application Criticality and gather details required for Application onboarding.

Gathered business and functional requirements and Prioritized Application Onboarding Requests based on their criticality and complexity.

Created entitlements Specifications for various applications and got sign off from the Application owners.

Created use cases for the identity and access governance processes such as Workflow for Access Request Approvals, Separation of duties, Role management, Access certification and Privileged access management. Identified, prioritized and responded to toxic combination of system entitlements.

Created business processes for auditing of privileged accounts and session.

Managed an in-house tracking system called CAIR (Task, Defect Logging Tool) to track and update applications on boarded, defects raised during onboarding and its current status, enhancements to existing applications on-boarded and change requests.

Acted as the main liaison between development team and Client Business/Application team in multiple phases of Development Life Cycle and coordinated application onboarding activities and ensured that onboarding was completed as planned and updated the status of same on a daily basis.

Co-ordinated with client stakeholders in communicating queries raised by offshore development team via CAIR and facilitate response to continue the onboarding process.

Conducted bi-weekly meeting with the client to discuss application onboarding progress and open items that needed clarification, any risks involved and its mitigation strategy.

EMPLOYMENT HISTORY:

Name of the Company

Designation

From

To

Duration (Years)

Cognizant Technology Solutions US Corporation

Senior Associate - Projects

08/01/2016

Till Date

4 Years

Capgemini

Senior Consultant

11/16/2015

07/29/2016

8 Months

Cognizant Technology Solutions US Corporation

Business Analyst

02/20/2012

11/13/2015

3 years 10 Months

Kaar Technologies

Executive – Presales

05/04/2011

02/14/2012

9 Months

Kliotech Private Limited

Executive – Business Development

04/16/2009

04/29/2011

2 Years

EDUCATION:

Title of the Degree with Branch

College/University

Year of Passing

Master of Business Administration - Finance and Marketing

Anna University, Chennai

2009

Bachelor of Engineering - Electrical and Electronics

Anna University, Chennai

2006

12th Standard

Sri Vijay Vidhyalaya Matric. Hr. Sec. School, Dharmapuri

2002

10th Standard

Sri Vijay Vidhyalaya Matric. Hr. Sec. School, Dharmapuri

2000



Contact this candidate