Profile

• * years of experience in Identity & Access Management, Privilege Account Management and GRC tools.

• Proven record on IAM/PAM engineering and support operations.

• Experience on Active Directory, Windows Administration and Web Servers.

• Exposure of cybersecurity areas such as End Point Security, Vulnerability Management, Compliance.

• Capable of independently learning new technology by utilizing available documentation and vendor support resources.

• Self-starter, organised, pro-active and motivated Technical Certifications and Educational Qualifications

• Certified CyberArk Engineer

• Master’s in computer applications

Experience / Specialism’s

Employer: Enmarq Technologies (May 2017 – Current) Current Project: Security Analyst for Carestream (April 2020-Current) In my current role as a Security Analyst, I’m primarily responsible for

• Supporting IAM/PAM technical operations in PROD environments after post GO-LIVE

• Installation and Configuration of Master and DR vaults. Ensuring Vault DR Failover and DR Fallback mechanisms are followed.

• Onboarding Privilege accounts for various remote target end points (Linux/Windows Servers/Applications)

• Safe Creations, Safe RBAC and LDAP directory mappings in CyberArk.

• Installation, configuration, and administration of CPM, PVWA and PSM components.

• Troubleshooting P1/P2/P3 incidents on CyberArk and providing the required resolutions.

• VMWare Administration: Building VMWare OS (Linux, Windows) based up on client hardware specifications

• Installation, configuration, and administration of CPM, PVWA and PSM components.

• Backup and Restore procedures using PAReplicate.

• IT Risk Management; Disaster Recovery Planning, Business Continuity Planning and Management

• Working with Change and Release Management as part of operational support.

• Attends daily catch up and service delivery review meeting.

• Able to communicate security-related concepts to technical and non-technical audiences

• Reviewing CyberArk Security Bulletins and applying the relevant hot fixes.

• Working on BMC Remedy ticketing system.

Previous Project: Security GRC Analyst for TMF-Group (Nov 2017 - Mar 2020) (Contractor) In my role as a Security GRC Analyst, I was primarily responsible for,

• Implementing, Testing and Analysing the pervade software Compliance management solutions includes the following modules of Pervade Software a GRC Solution (TMF-Group).

• Supporting and performing the on-going configuration and support for the pervade GRC platform.

• Supporting implementation of controls through creation of manuals, reports, and/or presentations, using a variety of desktop applications.

• To identify operational, compliance or regulatory requirements and designing the relevant automated solutions to help manage/mitigate these risks.

Sireesha Alluri

Security Analyst

Phone: 004***********

E-mail: adqt4e@r.postjobfree.com British Citizen

British Citizen

Sireesha Alluri 2 P a g e

• Gain knowledge of relevant financial service regulation, risk management frameworks and risk reporting.

• Developing, auditing, and creating IT policies, processes.

• Creating documentation and reporting function on IT Risk (dashboards).

• Understanding system requirement specification doc.

• Participating in daily status calls.

• Demonstrate a strong understanding of various compliance and regulatory areas (e.g. ISO2700, PCI)

• Enhance internal audit functions to further align to company strategy and risk.

• providing coaching to users on filling questionnaire, feedback and guidance on work performance.

• Build and maintain formal process documentation including procedures and process flow diagrams.

• Provide training during onboarding

• Quarterly reporting of IT Risk monitoring.

• Establish metrics and reporting to identify compliance gaps.

• Collaborate with IT, InfoSec, and within the GRC team and assist with maturing our compliance process and program Previous Project: Security Analyst HSBC (May 2017-October 2017) Contractor In my role as a Security Analyst, I was primarily responsible for delivering the outcome of the below project. Background & Objectives

HSBC have requested support from the Supplier to manage the Global Third-Party Connection Review. The GTPCR’s focus is to develop, test and implement a process to drive, control and monitor global remediation activities of third-party connections for the 1575 non-compliant issues

The aim of the programme is to reduce the information security risks inherently associated with external connectivity and establish a global governance process for the management and oversight of third-party connections. Deliverables

To assist with delivering the following activities: Manage the GTPCR remediation activity working with the HSBC country remediation leads for each region. This involved:

• Validating connection inventory data with connection owners

• Agreeing that proposed remediation improvements will address the identified connection compliance issues

• Ensuring that any proposed risk acceptance of non-compliant connections follows the HSBC acceptance process

• Obtaining and approving remediation evidence with the country leads

• Monitoring remediation progress and risks

• Reporting on progress/issues to GTPCR Project Steering Committee

• Maintaining the connection Remediation Tracker reports based on the above

• Maintaining the Connection Inventory based on the above 1. Drive and optimise above activity to accelerate remediation where possible 2. Run the weekly GTPCR working groups

3. Run the monthly GTPCR Project Steering Committee 4. Run any required HSBC Executive stakeholder sessions 5. Develop and embed a suitable set of processes to establish global governance for the management and oversight of third party connections

Contact this candidate