Richa_Kulshreshtha[1]

March 16, 2018 | Author: pras_iaf | Category: Secure Communication, Audit, Computer Security, Online Safety & Privacy, Cyberwarfare


Comments



Description

Resumé Richa Kulshreshtha176 Waterside Dr., Little Ferry, NJ – 07643. M - +1 508 439 3509 [email protected] Visa Status: H1B SUMMARY Over 9+ yrs of experience as Solutions-oriented IT Security and Risk & Controls Management Specialist with notable success directing a broad range of corporate IT initiatives while participating in planning and implementation of information-security solutions in direct support of business objectives. • Track record of increasing responsibility in Risk & Control Assessments, SOX 404 Compliance activities, SAS70 audits, secure network design, security product implementation and full lifecycle project management. • Demonstrated capacity to consult and implement innovative security programs that drive awareness, decrease exposure, and strengthen the security of organizations. • Hands-on experience on leading security technologies and products. • Outstanding leadership abilities; able to coordinate and direct all phases of project-based efforts while managing, motivating, and leading project teams. • Adept at developing effective security policies and procedures, project documentation and milestones, and technical/business specifications. Certifications • Project Management professional (PMP) • ITIL v3 Foundation • Cobit 4.1 Foundation • Certified in Control Self Assessment (CCSA) • Certified Information Systems Auditor (CISA) • Certified Information Systems Security Professional (CISSP) • Checkpoint Certified Security Administrator (CCSA) • Cisco Certified Network Associate (CCNA) • Microsoft Certified Professional + Internet (MCP+I) PROFESSIONAL EXPERIENCE Citigroup Inc., USA IS, COB & Controls Analyst / SAS70 Program Manager i-flex Solutions Inc., USA Assistant Manager / Consultant Ramco Systems Pvt. Ltd., Bangalore, India Technical Consultant Prudenté Solution Pvt. Ltd., Bangalore, India Network Security Consultant Bangalore Labs Pvt. Ltd., Bangalore, India Information Security Consultant May 2007 – Feb 2011 Jan 2004 - May 2007 Nov 2002 - Dec 2003 Jan 2002 - Nov 2002 Jun 2001 - Oct 2001 Professional Affiliation Member of ISACA  business  impact  analysis  of  SOX   issues  &  anticipated  significant  changes  to  the  SOX  environment.Resumé Richa Kulshreshtha PROJECTS Citigroup.   Generated   reports   and   scorecards   for   the   corporate   office   and   businesses   for   appropriate  classification/determination  of  SOX  issues.  in  accordance  with  the  defined  standards.     Managed   and   maintained   the   SharePoint   site   current   and   updated   for   SAS70   audit   logistics   and   SOX   404   Working   group   for   archiving   relevant   guidance   documents/procedural   documents/announcements   accessible   to   internal   clients   and   external  auditors. Infoman • Scanners: Nessus.   resolving   any   concerns  on  factual  accuracy  of  observations  and  escalating  to  respective  stakeholders.  creation  and  launch  of  the  Archer  SAS70  report  management  module  in   compliance   with   the   global   information   security   policy.   relevant  and  sufficient  issue  remediation  evidences. content filtering software etc. MARS+ • Configuration / Change Management Tools: PVCS Dimension. Cerebrus internet scanner.  SAS70  and  SOX  404  related  IT  General  Controls. IIS Lock down.) • Change Control Process • • • • • • Tools • Risk Management Applications: ARMOR-IRM.   Streamlined   the   process   to   improve   access   controls   to   Citi   facilities   and   systems   by   external  auditors/contractors  as  part  of  the  Corporate  initiative.       Provided   governance   and   guidance   to   all   technology   divisions   for   SOX   404   compliance   activities   and   SAS70   activities   to   ensure   organizations’   compliance   to   SOX404   Act.   and   circumventing   the   complexities   and   inconsistencies. anti-virus software.     Proficiently  supported  the  team  with  expert  opinions/clarifications  in  review  of  reliable.   Conducted   the   Resource   Impact   Analysis   due   to   reduction   in   SOX   scope   and   the   AS-­‐5   standards  in  Liaison  with  SOX  Leads  and  Regional  SOX  compliance  groups.   Solidified   the   SOX   issue   review   process   for   IT   SOX   Steering   committee   review   and   business  impact  analysis  by  respective  businesses. Internet Security Systems scanner.  The  program   involved  managing  the  SAS  70  audit  in  liaison  with  KPMG  auditors  and  various  regional   teams.  keeping  abreast  of  key  organizational  updates  for  SAS70  reporting  and  SOX  404   assessments.   Led  the  design.  mapping   alongside   with   Citi   Information   Security   Standards   and   facilitated   the   establishment   of   the  IT  RCSA  baseline.  facilitated  the  SOX  business  monitoring  review  by  internal   auditors.     Played  a  key  role  in  facilitating  the  SOX  404  review  in  coordination  with  KPMG  auditors   and  various  regional  teams.   Re-­‐vamped   the   SOX/non-­‐SOX   issue   review   process   adopting   the   risk   based   random   sampling   methodology   and   changing   the   frequency   of   review   (based   on   observed   success   rate)   for   a   robust   and   efficient   risk   based   process   leading   to   saving   in   man   hours   for  the  group. ARCHER. nMap.   via   regular  SOX  Working  Group  meetings.  identified  gaps  and  redundancies  with   CobIT  and  COSO  frameworks.   Managed   the   assigned   internal   audits   ensuring   timely   progress   of   audits.   increasing   user   friendliness  and  accurate  reporting. CSI. Vulnerability Scanners.  Additionally. HardenNT.   Reviewed  the  Key  IT  Risks  and  internal  controls.   liasing   with   various   stakeholders. Superscan.   as  appropriate.   May  2007    –  Till  Date Skills • Risk Management & controls mapping • Process Mapping for on-going security management • Process and security consulting • Security Products Implementation (Firewall. IDS. New Jersey SOX404 Compliance/SAS70 Audit • Managed  the  SAS  70  Program.   maintaining   the   updated   documentation   on   the   SharePoint   site   and   supporting   the   clients  resolving  any  issues/concerns.   managing   the   final   SAS   70   report   distribution   application   and   process.   Initiated   the   trend   analysis   of   Issue   review   process   to   report   on   process   effectiveness   and   to   focus   on   areas   that   needed   improvement   and   educated/trained   the   regions/business  divisions  accordingly. Appdetective • OS Hardening tools: Server Lock. Retina. • Network sniffer: • • • • • • • .   • Reviewed  the  issues/Corrective  action  plans  after  the  BISO  review  for  accuracy  and   correctness. nPatrol • Antivirus software: Sophos.  performed  detailed  analysis   in   coordination   with   various   stakeholders.. Symantec Norton anti-virus.  enhancements  and  bug  fixes.   UAT   and   production   promotions   leading   to   timely   releases   and   bug   fixes   meeting   the   strict   time   deadlines  satisfying   the   business   user’s  requirements.   • Collaborated  to  compose  key  documents  detailing  operational  processes. New Jersey Information  Security  Consultant  -­‐  CRA  Fast  Track  Project     IS   Fast   Track   CRA   (Common   Risk   Assessment)   initiative   was   started   to   enable   and   facilitate  all  business  divisions  under  CTI  to  complete  the  risk  assessments  for  year  2006. WebTrends Analysis Series • Integrated Products: Symantec Client Security .Resumé Richa Kulshreshtha • Iris.  RCSA  framework.  USA)     Configuration  Manager   Configuration  Management.   • Conducted  gap  analysis  on  the  CITMP  L2  and  L3  documents.   Release   Manager.   • Initiated  the  ARCHER  &  CSI  data  integrity  review.     Citigroup  (New  Jersey.  is  established  in  the  complex   application   development  environment   at   State   Street   to   streamline   and   optimize   the   process  of  tracking  the  application  development.  SOX   and  FFIEC  controls  and  provided  recommendations  for  closing  those  gaps.   Change   Manager   and   Deployment   Manager. escan.   Role:   • Interacted   with   various   teams   and   assisted   in   managing   the   project   by   interacting   with   all   the   regions/business   divisions   for   completing   the   application/business   compliance   questionnaires.     Role:   Configuration   Manager. Anti-sniff Led  the  effort  for  the  Risk  Acceptance  forms  reconciliation.  USA)     GCC  CITMP  Operational  Risk.  as  an  important  part  of  SDLC.   • Firewalls: • i-flex Solutions Ltd. Trendmicro Interscan Viruswall • Content filtering software: Websense. Igear/Symantec Web Security • Log Analyser/ Reporting software: WebTrends Firewall Suite.   • Independently   led   the   Infrastructure   risk   assessments   as   part   of   the   infrastructure   risk  assessments  exercise.  FFIEC  and  SOX  404   The   project   scope   included   writing   L3   procedures   for   the   technology   platforms   implemented   by   Citigroup   and  aligning   them   with   the   internal   (RCSA   and   CITMP)   and   external  (SOX  404  and  FFIEC)  control  frameworks.   Facilitated  the  audits  based  on  BS7799  and  ISO27001  frameworks.   Also   coordinated   with   various   departments   along   with   the   development   team   for   version   control   of   sources   and   the  QA.   • Reviewed  existing  process  documents  and  communicated  needed  enhancements.   code   deployment   activities   and   Change   control   via   Lotus  work   flow   application   leading   to   improvements   in   the   CM   process   for   the   organization. Sonicwall.   resolved   discrepancies   and   presented   the   analysis   results   to   senior   management   leading   to   accurate   and   consistent   information   in   • Password cracker: LC3 the  system.     State  Street  Financial  Center  (Boston.     Role:   • Mapped  the  existing  processes  to  best  international  practices  (FFIEC. Jan  2004  –    May  2007 Citibank  Inc. SecureIIS(applicatio n level firewall for IIS). SuperScout surfcontrol. Trendmicro Officescan.  SOX404).   This  was  a  success  milestone  for  the  department. Tiny Personal firewall • IDS: Real Secure.  Administered   CVS.   All   these   activities   strengthened   the   security   policy   and   processes   in   the   Checkpoint.   Residual   Risk   forms   and   Issues/Corrective   Action   Plans   within  the  targeted  time  frame.   Role:  As  a  Flexcube  application  Configuration  .  flexcube  latest  version  rollout  was  carried  out  for  13  countries  in  the  ASPAC   region.   Datacenter   team.  in  an  organized  fashion.  meeting  the  strict  time   deadlines  for  any  UAT  and  Production  release.   The   project   was   completed   by   handing   over   the   implementation   and   administration   documentation   to   the   customer.     Citigroup  NA  (Singapore)         Release  Manager   At  Citibank.  Change  and  Release  Manager:   • Liaised   with   Citibank   QA.   • Documented   the   Standard   operating   procedures   and   Configuration   Management   Plan  which  led  to  the  compliance  with  the  audit  requirement. (Bangalore.   Prudenté Solution Pvt.   Server   Management   team   and   Change   management   for   UAT   and  Production   promotion   which   led   to   timely   releases   meeting  the  strict  time  deadlines.  Implemented   SecurID   authentication   for   users   logging   onto   Windows   NT   server   and   assigning   SecurID  tokens  to  users  for  2-­‐factor  authentication  while  logging  onto  servers.  firewall/IDS/  URL  Filtering  software/  Log  Analyser  for   firewall   and   webserver   implementation   and     establishing   SecuRemote   VPN   for   various  branch  offices  and  area  offices  to  the  servers  in  the  central    location)   • Initiated   the   process   for   appropriate   access   rights   for   the   authorized   users   and   blocking   unwanted   services   to  or  from   the   network. India)                                                              Nov  2002  –    Dec  2003 Atos  Origin  (Bombay)/Hutch  (Hyderabad)/TVS  Motors  (Bangalore)   Resident  Security  Consultant   Role:   • Consulted   based   on   BS7799   Security   Standard   on   the   security   of   existing   network   infrastructure   • Implemented  and  supported  the  Infrastructure  security  (including  servers/desktops   security  and  their  patch     level.   • Initiated   the   source   code   retro   process   resulting   in   consolidation   of   source   code   across  various  development  locations.   The   project   was   a   complete   success   with   kudos   from   the  customer.Resumé Richa Kulshreshtha organization  in  terms  of  compliance  with  the  best  practices  and  standards.   • Streamlined   the   Change   Control   Process   by   documenting   the   change.     Philips  (Bombay.   Ramco Systems Pvt. Ltd.   The   consulting   and   security   products  implementation  led  to  a  secure  infrastructure  for  the  organizations. (Bangalore.  India)       Security  Consultant   This   project   involved  two-­‐factor  authentication   mechanism   implementation   with   RSA   SecurID  tokens  and  SafeStone  DetectIT  Agent  on  AS/400  server.   raising   the   change  in  Infoman  and  following  up  the  change  till  closure.   • Maintained   the   version   control   repository   in   PVCS   in   co-­‐ordination   with   the   development   team   which   led   to   the  base   lining   of   source   code   deployed   in   the   organization.     Role:     Spearheaded   the   implementation   of   RSA/ACE   server   in   Mumbai   and   co-­‐ordinated   the   implementation  of  SafeStone’s  DetectIT  agent  on  AS/400  servers  in  Delhi. Ltd. India)                                                          Jan  2002  –    Nov  2002 .     Role:     Carried   out   Foot-­‐printing.   OS   Enumeration   and   Escalation   of   Access.   Commercial   Tools   like   ISS   Scanner.   which   resulted   in   finding   crucial   security   loopholes   in   the   organization’s   network. Ltd.   The   results   were   analyzed   and   reported   back   to   the   customer   with   steps   for   fixing   the   vulnerabilities.Resumé Richa Kulshreshtha Security  Consultant   • Security  Consulting  and  Infrastructure  Support  for  various  clients. Durg 2001 1998 .   Cisco.     Role:     Responsible   for   checking   the   new   vulnerabilities   reported   from   vendor   web-­‐sites   (Microsoft.   password   crackers   etc.   This   led   to   the   first   hand   updated   information   available   to   customers   before  getting  hit  by  any  preventable  security  incident.   • As   a   part   of   the   Security   Advisory   Services.   This   resulted   in   creating   awareness   in   the   client   for   securing   their   network   infrastructure   and  also  strengthened  the  penetration  testing  services  vertical  of   the  organization  after  the  first  success  story.     Role:     Conducted  vulnerability  Assessment  for  the  network  using  tools  like  scanners.   Bangalore   Labs   used   to   provide   on-­‐going   support  to  the  customer  through  email  based  alerts  on  patch  upgrades.  Trend  Micro  and  McAfee.  virus  alarms  and   cures.  Initiated  and  led  the  process  for  making  the   network   infrastructure   secure   based   on   the   findings   ultimately   leading   to   a   secure   network.).   etc.  test  the  solutions  in  a  lab  setup  at   Bangalore   Labs   and   advise   customers   on   the   procedures   for   implementing   in   their   environment. (Bangalore.   Red   Hat.   Content   filtering  software  implementation  which  facilitated  the  client  to  easily  control  access  to   sites  for  its  users  and  monitor  what  URLs  the  users  are  accessing  and  when.   virus   free   and   secure   networks.  so  that  the   organizations  security  policy  can  be  complied  with.  CERT.   ISS.   Common   Vulnerabilities   and   Exposures   (CVE)   website.     Role:     Provided  virus  cleaning  services  and  antivirus  implementation  for  quite  a  few  Bangalore   based   companies   ultimately   leading   to   clean.  Nmap.     Bangalore Labs Pvt.  operating  system  vulnerabilities.   Created   awareness   for   the   security   related   issues  among  the  users  and  management. India)                                                                Jun  2001  –    Oct  2001 Information  Security  Consultant   • This   project   involved   doing   a   complete   remote   penetration   testing   on   the   live   infrastructure   of   the   Singapore   based   company.   EDUCATION PG Diploma in Telecom Management Symbiosis Institute of Telecom Management BE (Electronics & Communication) Bhilai Institute of Technology.  network   traffic   analyzers.  Symantec.   Remote   Scanning.   Retina  and  Freeware  tools  like  Nessus.   • This  project  was  a  Technical  Security  Audit  project.  X-­‐Probe  and  custom  scripts  written  in  Perl   were  used  for  penetration  testing. .Resumé Richa Kulshreshtha REFERENCES Available upon Request.
Copyright © 2024 DOKUMEN.SITE Inc.