Experience

Axenic Ltd

• New Zealand
• Computer and Network Security
• 1 - 100 Employee

• Senior Security Consultant

  • Aug 2023 - Present

  Auckland, New Zealand



EY

• Entertainment Providers
• 1 - 100 Employee

• Senior Technology Consultant

  • Jul 2019 - Jun 2023

  San Antonio, Texas Area



Tanvi IT Solutions Inc

• United States
• Information Technology & Services
• 1 - 100 Employee

• Senior Information Security Specialist

  • Oct 2014 - Jul 2019

  San Antonio, Texas Area Client USAA - San Antonio TX I headed a group of Developers/Contractors for the USAA Information Security. I design automated workflows for NIST and FFIEC Risk Assessments and develop feasible solutions Supplier Location Risk Assessments. I have architected Vulnerability Management and Standards and Principle Management Solution while collaborating with the USAA Enterprise Security Group to build and maintain Archer eGRC solutions and use cases. ⇨ I have built an application… Show more Client USAA - San Antonio TX I headed a group of Developers/Contractors for the USAA Information Security. I design automated workflows for NIST and FFIEC Risk Assessments and develop feasible solutions Supplier Location Risk Assessments. I have architected Vulnerability Management and Standards and Principle Management Solution while collaborating with the USAA Enterprise Security Group to build and maintain Archer eGRC solutions and use cases. ⇨ I have built an application processing 500K records daily through the integration of the data feed with the QualysGuard Vulnerability Management Module. ⇨ I also effectively integrated other external modules such as BitSight, Security Scorecard and Salesforce Apps for Supplier Location Risk Assessment Solution. ⇨ I was able to reduce calculations by redesigning the application without losing any functionality. This further enhanced the existing solution by 60% ⇨ I created a common landing page for user specific workspace. All business users utilize this landing page across the enterprise. ⇨ And I automated the FFIEC and NIST Risk Assessments leading to a more systematic Security Process. Client - California ISO - Sacramento, CA I defined their requirements and effected valuable changes to new and existing solutions, documenting requirements and designs. I also prepared estimates to complete implementation work and validated implementations. I deployed the Archer solution to automate NERC Compliance and Audit process and conducted end-to-end configurations. I managed every SDLC aspect, developing thorough solution documentation to facilitate personnel changes and the ongoing maintenance of the solution. I managed to resolve all production issues and maintained content through regular vendor releases. Show less



Infosys

• India
• IT System Custom Software Development
• 1 - 100 Employee

• Technology Lead - Information Security

  • Aug 2013 - Sep 2014

  Washington D.C. Metro Area Following the BCM Project for Bank of America, I participated in Information Security Effort for the Department of Human Services in Washington, DC.partnered with CMS auditors to ensure the system compliance with FISMA, NIST SP 800-53 controls for network infrastructure, Linux servers and databases. I enforced strict compliance with Industry regulations HIPAA, FISMA. I maintained the Risk Register for identified Technology and Operational risk and patched all critical servers and… Show more Following the BCM Project for Bank of America, I participated in Information Security Effort for the Department of Human Services in Washington, DC.partnered with CMS auditors to ensure the system compliance with FISMA, NIST SP 800-53 controls for network infrastructure, Linux servers and databases. I enforced strict compliance with Industry regulations HIPAA, FISMA. I maintained the Risk Register for identified Technology and Operational risk and patched all critical servers and addressed vulnerability challenges. I also monitored all the Plan of Action and Milestones (POA&M) until closure. Some of my significant contributions are: ⇨ The design of the security architecture for DC Health Benefit Exchange. ⇨ The strengthened security controls, also for the Health Benefit Exchange, as per NIST SP 800 – 53 Control guidelines. ⇨ The improved file integrity monitoring solution by through the utilization of Tripwire Enterprise. ⇨ Lastly, I was a core member in passing CMS Audit on Security Processes and Critical Systems.

• Senior Analyst - BCM/DRM

  • Jan 2011 - Jul 2013

  Chennai Area, India I coordinated with business units to gather and document functional requirements for Business Continuity and the Disaster Recovery Test Plan. I reported weekly/monthly on the risk rating and issue remediation captured in dashboards. I ran end-to-end GBCR test tests and evaluated results. I presided debrief meetings and end-user training sessions in Archer with 50+ participants across regions. Among my key achievements were: ⇨ Earning the Star Award for significant contributions to the… Show more I coordinated with business units to gather and document functional requirements for Business Continuity and the Disaster Recovery Test Plan. I reported weekly/monthly on the risk rating and issue remediation captured in dashboards. I ran end-to-end GBCR test tests and evaluated results. I presided debrief meetings and end-user training sessions in Archer with 50+ participants across regions. Among my key achievements were: ⇨ Earning the Star Award for significant contributions to the Global Business Continuity and Recovery Project and Disaster Relief Effort for the APAC Region. ⇨ The effective development and implementation of workflows for BCP/DR Plan still being used across the APAC Region. ⇨ The Configuration Management Manual for Archer Platform. It secured the timeliness of all data. ⇨ The core applications from the risk management module for resolving recurring issues. This out-of-the-box project is something I planned and executed that turned out really useful.



Accenture

• Ireland
• Business Consulting and Services
• 700 & Above Employee

• IT Security Analyst

  • Jan 2008 - Dec 2010

  Mumbai Area, India The opportunity to work for Accenture, a leading global business management consultancy company, started my interest in system security. I gave me the opportunity to correspond with multiple stakeholders regarding ISO27001 and PCI DSS compliance for banking and insurance. I performed a lot of vulnerability assessments through a periodic infrastructure scan on servers, network, DMZ, and workstation segments. I identified and evaluated quantitative and qualitative risks while monitoring log… Show more The opportunity to work for Accenture, a leading global business management consultancy company, started my interest in system security. I gave me the opportunity to correspond with multiple stakeholders regarding ISO27001 and PCI DSS compliance for banking and insurance. I performed a lot of vulnerability assessments through a periodic infrastructure scan on servers, network, DMZ, and workstation segments. I identified and evaluated quantitative and qualitative risks while monitoring log servers, including Syslog, TACACS, SCOM and Symantec, Log Correlation – Splunk. Some of my significant achievements were: ⇨ The successful implementation of Splunk - a SIEM initiative recognized by Security Director/CISO ⇨ The attainment of 100% ISO27001 and PCI DSS compliance with Third party and external auditors. Show less