Suresh Paturi

Mobile: +1-469-***-****

Email: ads7rp@r.postjobfree.com

Linked In: linkedin.com/in/suresh-paturi-47585113

Work Summary

●Diverse experience in various domains of Information Security including Security Operations, Identity and Access Management, Security/System Administration, Security Incident Management & Data Governance

●Managed multiple Security programs, including planning, coordinating with cross functional teams, tracking status and reporting, communicating to the project team and key stakeholders, and creating the appropriate program documents, using Agile best practices

●Critically evaluated governance practices, among others to include authorizations, management reviews, policies, and procedures, segregation of duties, system access rights, and compliance with accounting standards

●Managed program risks through identification, mitigation, tracking, and reporting of identified risks

●Sound exposure to Information Security Audits (SOX & PCI)

●Coordinate with BU & IT teams and provide supporting information for audit reports, including action plans to achieve visible improvements to internal controls, risk management, and processes

●Expert in User Access Certification & validation process and Thorough knowledge of Identity and Access Management (RBAC) reports

●Sound knowledge of Risk Management & Control Gap Assessment for Information Security

●Evaluates compliance with the System’s information security frameworks such as NIST and ISO 27001. Monitors and verifies IT compliance with applicable new and existing policies, procedures, and standards.

●Expert in collaborating with the business area customers in the design process to translate security and business requirements into technical designs, and configure and validate the security of information systems. Develops and provides recommendations for information security solutions

Technical Qualification

●CISM(Certified Information Security Manager) – Jan’19

●ISO/IEC 27001 Lead Auditor from BSI – 2012

●Certified Ethical Hacker v5

●Microsoft Certified Systems Administrator

●Excellent MS Office skills

●Good knowledge in Networking & Windows server 2008

●Good knowledge on Access management concepts

Key Professional Strengths

●Mainframe Technologies - CICS, TSO-ACF, RACF

●Identity & Access Management tools Sail point IIQ, SUN IDM

●Security Event Management Systems: Symantec SIM, ForeScout Counteract

●LockPath (GRC Tool), Internal Audit

●Splunk, Akamai CDN

Macys Inc:

Security Support Specialist (September 2020 – till Date) Johns Creek, GA

●Responsible for operating & improve the site by implementing monitoring, automation, redundancy, and business continuity planning

●Responsible for overall KPI reporting/dashboard for the management team to view the performance of the security tools deployed and maintained by the organization.

●Create and maintain playbooks used in response for investigation/incident triggers in support of 24/7 Digital Security and Cyber Threat Management program

●Provided and validated the controls on logging like Authentication logging, profile modification logging, logging details, log retention duration, log location, synchronizing time source, HTTP logging.

●Aid team members for enhancement and enrichment of security monitoring tools with contextual information

AIG:

Security Analyst (September 2018 – Aug’2020) Fort Worth, TX

●Implementing industry-proven and accepted security best practices framework (NIST Cyber security Framework) for application infrastructure logging and monitoring

●Review the application architecture and logging with application ownership team to identify & external threats

●Ensure required regulatory controls are in place to mitigate appropriate threats related Endpoint security, Vulnerability Management, Authentication mechanisms and access reviews

●Work with Application Security teams to enhance the Software Development Life Cycle (SDLC) by adding security to remove vulnerabilities and protect business logic.

●Knowledge of system and application security threats and vulnerabilities

●Evaluate the application's compliance against laws, regulations, policies, standards, or procedures

●Lead server remediation activities that are identified during application on-boarding & application architecture review process

●Responsible for overall KPI reporting/dashboard for Management team to view the performance of the security tools deployed and maintained by ISO

Synchrony:

Senior Analyst Audit & Reporting (November 2013- June’18) Hyderabad-IND

●Responsible for planning, organizing, and perform technology audits that include general IT controls, information security, application development, technical infrastructure, network operations, and support financial and operational audits.

●Ensures compliance to the Information Security policy & standard operating procedures/methodology through training, reviews, and audits

●Follow-up on evidence that is coming due, overdue, and past due

●Responsible for Documenting deficiencies, develop a remediation plan and provide management responses

●Conduct industry research on trends in risk and controls

●Be abreast with knowledge on Industry Standards (IS027001, NIST, PCI DSS, SOX etc.)

●Evaluate policies, standards, and procedures against regulatory requirements/industry best practices to identify control gaps

●Maintain & publish Control Gap Assessment document to Senior Management on a periodic basis

●Ensure user access certification process complies with the SYF standards by performing periodic checks

●Work with the user access certification teams & the application IT/ Business Owners to ensure that deviations are remediated promptly

●Verified the existing controls for least privilege, separation of duties, and job rotation.

●Publish periodic user access certification governance dashboard to senior management

●Participate in IS-related internal/external audits & respond to audit requests with accurate documentation on time

●Interact with various IS team leads to identify documentation to respond to internal audits

●Review existing IS processes to identify potential risks & evaluate existing controls

●Update the Risk Assessment and Control Evaluation template for IS-sub processes

GE India Exports Pvt Ltd

Security Analyst (May 2010- May 2013), Hyderabad-IND

●Implemented Secure Password Distribution (SPD) tool across all business units to ensure policy compliance

●Assisted Security Administrator’s with creation & maintenance of security policies and procedures in compliance with federal requirements

●Provided system access validation, user provisioning & de-provisioning based on appropriate approval(s)

●Performed periodic and random quality checks on tickets worked by the team to ensure no misses

●Trained new hires on various Security programs

●Was responsible for driving SLA’s for the team and allocation of tickets daily

●Actively participated in Account Infrastructure Projects

Crystal Solutions Pvt Ltd

IT Security Analyst (January 2009 – May 2010), Mumbai- IND

●Responsible for monitoring & reporting, security incidents via Symantec Security Information Manager (SSIM) & ForeScout tool

●Performed detailed Root Cause Analysis (RCA) for all identified incidents

●Receive and analyze alerts from various enterprise-level sensors and determine possible causes of such alerts

●lead processes that support the analysis of log files from a variety of enterprise level systems and sensors to include individual host logs, network traffic logs, firewall logs, and intrusion detection/prevention system logs

●Worked with various stakeholder for appropriate remediation & closure of the incidents

●Prepared and published knowledge base of all incidents for future reference

●Responsible for publishing weekly and monthly dashboards to appropriate parties giving a snapshot of security incidents

Genpact India Pvt Ltd

Senior Engineer (December 2005 – January 2009), Hyderabad-IND

●Responsible for monitoring & reporting for spyware, virus outbreaks, malicious sources, invalid logins and firewall policy violators using SSIM, ForeScout tool & Symantec Antivirus Console

●Ensured OS patches are updated on a daily and weekly basis to ensure policy compliance

●Performed Security Administration on mainframes (CICS, TSO-ACF, IDMS) based on Role-Based Access Control

●Performed complete administration on SSO, Exchange, Active Directory, and VPN.

●Designing SOPs as per required change in the process

●Audited internal workflow as per SOX IT 404 compliance targeted on provisioning and de-provisioning, job change, job transfer for all SOX L1 application

●BCP/DRP point of contact for quarterly routine checks.

Techpool Solutions Pvt Ltd:

System Administrator (July 2004 -November 2005), Hyderabad-IND

●Provided technical support for Installation, Configuration, Troubleshooting, and Administration of different information systems

●Provided 1st, 2nd, and 3rd level support to all the users with PCs, Applications and peripherals including Hardware and Network (LAN, WAN) equipment.

●Was responsible for server administration such as server backup and indexing as per required and scheduled maintenance by the client.

●Coordinated with various vendors to support Desktop & Network Management

Achievements and Credentials

●Played a key role in the VPN migration project

●Awarded for Strong Governance in 2016 & 2017 for a contribution towards User Access Review process

●Awarded for Strong Governance in 2016 for Control Gap Assessment efforts

●Always built trust and confidence with stakeholders by providing them the required information with complete accuracy promptly

●Recognized for contribution to the Asian Professional Engagement Network India

Strengths: Time Management, Delegation, Good Listener and Possess good planning, and organizing Capabilities

Educational Qualification:

●Masters in Information Systems - Andhra University

●Bachelor degree in Computer Applications - Acharya Nagarjuna University

Contact this candidate