Management Security

Chandra Nath, CISSP, CISM, SM IEEE

***** **** *** #*

Los Angeles

CA 90025 USA

General

IT professional with success in Information security, Security Achitecture, Risk anal-

ysis, process re-engineering, software development, systems architecture and telecom

Operations.

In USA: Yes

Work

ELigibility

Education/

Certification

Training/

Course Work

Cell: 310-***-****

E-mail: ****@********.***

•

•

•

•

•

•

Certified Information System Security Professional CISSP-(ISC)2 2004

Certified Infomation System Mananger(CISM)- ISACA 2010

Passed CISA examination conducted in Dec 2010.

Currently working towards CIPP( Certified Information Privacy Professional)

MS Computer Science 1984 University of California, Riverside, California, USA

BE Telecom Engg. Military College of Telecom Engg Mhow (MP), India.

• IBM Course on Planning for Tivoli Identity Management Aug 2006

• IBM Course on Tivoli Access Manager 6.0 for e-business Deployment & Adminis-

tration Dec 2006

• IBM Practical training on Implementation of Tivoli IM 4.6, Directory Server, DB2

and Websphere for provisioning on Linux environment Aug 2006

Work

Experience

Senior Information Security Analyst & Software Security Architect, FIS-

ERV, Moorpark, California,USA Nov 2007- Aug 2010

Fiserv Inc. NASDAQ:FISV a Fortune 500 company, world’s largest provider of in-

formation management systems and services to the financial and insurance industries.

• Analyzed risk and risk mitigation strategies for Security for financial industry in-

cluding Credit Card industry based standards

• Identified vulnerabilities & implemented security controls as per FISERV policy &

standards

• Participated in Security Reviews involving .Net , DB2 and AIX

• Secured active Directory and identity enabled applications for finance industry deal-

ing with credit union software.

• Surveyed standards for Identity, Access and federated Id management including

OASIS, Liberty Alliance, W3C and Application Security including PABP, PCI DSS,

OWASP

• Prepared Security Architecture for SOA based Identity Management strategic ini-

tiative for FISERV group of companies Implemented program for FISERV Security

Framework and policy infrastructure & PCI/PA DSS & OWASP for SDLC.

• Contributed to IT Governance and Security Governance Board in setting agenda

and Risk governance process.

• Prepared RFP, researched, evaluated and proposed Encryption and Obfuscation

technologies and POC/POT carried out.

1 of 4

• Identified information security architecture gaps & recommended architecture changes,

enhancements using a risk-based approach.

• Contributed for Corporate IT and Security Governance Board, FISERV Security

working Group, FISERV SOA Security Architecture Task Force..

Security Architect, Intersoft Data Lab, Marylannd, USA

Jul- Oct 2007

•

•

•

•

Consulted for MGM-Mirage, Las Vegas, USA

Initiated Discovery project for Identity requirements gathering for the enterprise.

Identified Gaps in existing identity infrastructure of the enterprise.

Created Business case for Identity and Access Management and Federated Id Man-

agement

• Created a road map consisting of all enterprise wide activities for the enterprise

for Identity Management journey including creation of a enterprise wide identity

infrastructure.

• Surveyed Identity and Access management offerings and analyzed the solution offer-

ings of top 10 vendors and compared their offerings for suitability for the hospitality

enterprise and made vendor selection.

• Recommended activities and organizational infrastructure for Identity Management

Architecture.

Security Architect, 01edge Technologies 2002-2007

• Conceptualized, designed & developing an Identity Management software with cryp-

tography, digital signature, Message Authentication, Access control, Certifying Au-

thority based on X-509 Certification, logging and log management.

• Architected and Product managed the Java based Identity Management product.

• Information Security Consulting Practice established.

• Consulted for an Intelligence Organization for Info Security and Identity Manage-

ment and initiated security risk assessment.

• Helped this organization draw up security policy, establish security controls and

carried out an IS audit and initiated an Identity Management & Directory server

project.

• Developed consulting resources for Security & Software Architecture, Project Man-

agement, Process & Quality for delivery to clients in Industry.

• Trained in Planning, installation, configuration and fine tuning in IBM Tivoli Iden-

tity Manager, Access Manager, Directory Server and Directory Integrator as member

of IBM Partnerworld Researched on Identity Managers and how IM software meet

the ”Laws of Identity”.

Chief Technology Officer & Head of Business (Telecom & Convergence Soft-

ware) Escosoft Technologies 2000- 2001

• Formulated strategy and implementation plan for the Strategic Business Unit (Tele-

com/Convergence Software)

• Identified technology core competence to be built based on the strategic vision

• Hired & Built a team of Head of Program Management, PMs, TLs and Software

Engineers for Telecom and Convergence software

• Negotiated with major telecom equipment providers for setting up a dedicated de-

velopment center for them.

• Identified and initiated product prototypes for Component Based Development using

TMF (Tele Management Forum) recommendations for Network Management and

2 of 4

XML, RUP, Rational Rose and UML.

• Formulated a vision document for a future CC & Billing software product

• Set up engineering processes for superior level project execution at ISO 9000 & CMM

compliance.

• Multiple project/program management

• Planned, managed and executed infrastructure development including System Ad-

ministration, network, security and software engineering infrastructure.

• Established Information security practices including Security policy, risk assessment,

risk management, Controls, firewalls, Intrusion Detection System, Incident reporting

systems.

Vice President (Engineering) Eurolink Systems 1999

•

•

•

•

Provided engineering leadership for software development and delivery.

Formulated technology strategy for transformation to Internet solution provider.

Initiated component based development competence building project.

Set up the engineering processes for project execution and delivery

Corporate Director, Software Engineering, NETWORK programs Inc.

New Jersey, USA & India 1997- 1999

,

• Lead a Capability Based assessment for quality and security within the company

and reported findings and recommendations to top management.

• Defined engineering processes based on compliance models of SEI & ISO Defined

People CMM Processes based on SEI P-CMM.

• Managed, motivated, and mentored all management and technical staff corporate

wide improvement.

• Planned & made recommendations for secure network LAN/WAN architecture &

Developed Internet facilities for Multi-site Software Development for secured product

and service delivery.

Head, Software Engineering Process & Quality;Senior Project Manager HCL

Technologies, New Delhi, India . 1995 1996

• Developed systems for improving software engineering processes.

• Trained Management & Software Engineers in Process Improvement.

• Consulted in business analysis, project management, strategic planning, process

improvement, and/or process re-engineering.

• Implemented first Indian WWW server for HCL Consulting. Put company processes

and other info on Intarnet.

• Prepared Position paper for Enterprise Networking, Infrastructure and network se-

curity based on MIT Athena Kerberos for distributed system

Asst Professor Computer Science & Consultant in Networking, School of

Computers, Jawaharlal Nehru University, New Delhi 1989-1995

• Planned & implemented computer network architecture & Internet facilities and

WWW.

• Taught courses Computer Network, Distributed System & Network Security for M

Tech and MCA.

3 of 4

Senior Consultant, Tata Consultancy Services, New Delhi 1988

• Consulted for project teams on secure network implementation.

• Conducted Software Engineering training of Computer Science, Communication En-

gineering and Management Graduates.

Application

Areas

Professional

Activities

References

Financial Industries, Credit Union,Telecommunication, Software industry,Defense &

Academia

•

•

•

•

•

Senior Member, IEEE of 20+ years standing.

Member, International Information Systems Security Certification Consortium: CISSP

Member, Institute of System Audit & Control Association (ISACA), USA.

Member International Association of Privacy Professional(IAPP), USA

Founder Chairman, IEEE Computer Society, Delhi Chapter 1989-92

Available upon request

****************************

4 of 4

Contact this candidate