AUDIT AND COMPLIANCE FOCAL AND SYSTEM ADMINISTRATOR
Over all 4.6 years of experience with SCSA certification with the knowledge of security administration as well as compliance. Results driven IT security professional with proven success in coordinating with multiple teams to consistently achieve successful business controls. Expertise in automation, documentation and process improvement. Key strength in leadership, scheduling and coordination. Self managed with a background in UNIX administration and management. Proven ability to multitask , complete work accurately and on time and increase customer satisfaction.
04/2009 to 10/2013
Audit and Compliance focal and System AdministratorIBM – Bangalore, Karnataka
UNIX administration Worked on the Remedy (Ticket tracking system) tickets related to Disk Utilization, CPU utilization , Identity and access controls, File space utilization etc.
Worked as a shared resource within three IBM accounts-Carphone Warehouse,O2 Ireland and Friends Provident( now known as Friends Life) with 3000+ servers of multiple platforms(Solaris/AIX/LINUX/HPUX) in each account.
Configuration and administration of Solaris/AIX/HPUX/LINUX.
Maintaining the file systems integrity and security.
System Security, System performance monitoring and user access management.
Backup management and recovery policies using Veritas Netbackup.
Day to Day trouble shoot for end users on Solaris/AIX/HPUX/LINUX servers.
Implemented Security Hardening as per IBM policies for Solaris/AIX/HPUX/LINUX servers.
Daily administration on Sun Solaris which includes Installation ,upgrade and loading Patches and packages Experience in writing shell scripts in Korn and Bourn shell for automating the security related tasks.
Handled performance monitoring in file system CPU, Memory and Process in all UNIX servers.
Provide 24 * 7 support to various application level and server level monitoring and troubleshooting during any datacenter changes.
Working on Backups checklist generated by Tivoli storage manager for Backup failures.
Working with Paging spaces creation, increase, decrease paging spaces as per the requirement Coordinated with vendors for resolving any issues related to hardware or software Platforms administered: Solaris/HPUX/LINUX/AIX.
System Security tightening & TCP port monitoring.
UNIX compliance and audit focal Along with the daily UNIX administration tasks my primarily responsibilities included identifying potential IT control failures, risks and threats such data integrity and vulnerabilities.
Worked as the compliance security focal for the three IBM clients Carphone Warehouse(CPW),O2 Ireland and Friends Provident CPW and O2 ireland being the critical accounts for IBM.
Communicated IBM's Security and Risk Management global processes to IT accounts teams to ensure audit compliance.
Reviewed monthly compliance reports; identified vulnerabilities;risks;exposure and threats within the IT environment.
Managed IBM business accounts and provided technical expertise during IT key control audits.
Prepared the team to be in compliance with IBM's global security process and to minimize audit findings/ failing audits.
Assisted teams in identifying control gaps and associated remediation plans KCO and SOX audit focal for the accounts.
Project management and Implementation of system hardening.
Minimized audit findings by providing teams with mitigating artifacts (eg IT security policies, change requests) and ensured highest compliance rating during audits.
Provided and distributed accurate audit responses and evidences within strict deadlines to IT audit teams.
Facilitated audit meetings, supported IT teams, identified and provided recommendations for audit findings.
Participated in post review meetings with IT Delivery Executives and IT teams, prepared milestone reports for upper management and documented resolutions.
Sound knowledge of CIRATS (Compliance,Issue,Risk and APAR Tracking System to maintain IBM SLA commitments within accounts Performed manual Health Checks on the servers as per ISeC policies.
Worked /Represented team in various audits (KCO,DCR,PCI,SOX etc).
Develop KPI metrics and score cards to track performance.
Well versed with the process of server activation and deactivation Worked with SDM and/or DPE's to ensure remediation of all potential audit findings for UNIX servers for assigned accounts.
Assist in the development and implementation of practices to ensure the delivery of IBM security and audit compliance commitments to customers per the GSD331, ITCS104 and ISeC Security Documents.
As account focal it was my responsibility to work with Web team (IIS Servers), Middleware team (SQL and Oracle DB servers) and Exchange team to ensure application's security patches were vetted and installed in a timely manner to ensure security audit readiness.
Assist in the development and implementation of practices to ensure the delivery of IBM security and audit compliance commitments to customers per the GSD331and ITCS104 Security Documents.
Worked with account teams to obtain customer agreement for security policy exceptions, extensions, CIRATS extensions and record in appropriate data bases (SecInfo).
Held weekly CIRATS review meetings with supported accounts Responsible for day to day security compliance of accounts supported SCA Focal for ITCS104, GSD331 and ISeC Security Compliance.
Sound knowledge of IAM(Identity and access Management) processes.
Thorough knowledge of the process for Server activation and deactivation.
Project : Go to Green Performed health check on the newly built servers(3500+) using SCM(Security compliance Manager) Remediated 10K + violations on the servers to achieve the 99% adherence to the compliance policies Got the exceptions documented, raised and approved for the deviations which could not be fixed after consulting the application teams to avert the major outages.
Upgraded the OS to the latest available Patch levels.
Raised CIRATS Issues and completed them as per the respective target dates.
Updated the Compliance Tracking Database(CIRATS) with the tasks completed on daily basis as a part of audit readiness.
This was a critical project for the IBM accounts and was completed successfully with 99% servers declared as compliant by the the respective clients.
Project: UNLICENSED SOFTWARES/ SOFTWARE SCAN The project was run to remove the unlicensed soft wares from the servers.
Created the script to run the Master script(Scanning script) on 6000+ servers to generated the outputs.
Studied the script outputs and worked with ISA(Information security Advisor) to get the required licenses for the software present on the servers.
Reran the scans on the servers until green report was achieved for all the servers.
This was a critical project for the IBM as the client was directly involved this project.
Got the BRAVO award from the Customer and appreciation from Account DPE.
Project: WWF (World wide Writable files) Created the script to run the server scanning script on the servers.
Studied the output for the files which were having world wide access (wrong ACLs permitting anyone to edit the file) Compiled the 20,000+ violations on all the servers.
Fixed the violations related to OS(Unix) and got the other violations fixed( related to applications ids) with the help and confirmation of the application teams.
This project was driven for all the accounts of IBM.
Completed this project successfully before the target date.
Got appreciations from ISAs, DPEs of the respective accounts for completed this project successfully.
Project: Log Retention /Logkeeper This project was kick started to check if the changes made on the servers are getting logged properly.
Ran script on the servers to study the outputs.
Analyzed the outputs and raised the changes in change management tool for Solaris/AIX/LINUX servers to change the settings on the servers.
This project was again internally driven by competency to adhere to the compliance policies.
Accomplishments Improved the compliance posture of the three IBM clients (Carphone Warehouse,O2 Ireland and Friends Life) Made to the compliance reports green and got the BRAVO award from customer(Friends Life and O2 Ireland) Got appreciations from IBM client O2 Ireland on meeting the critical project deadlines and for the least audit findings.
BE: Information Technology Nagpur University - india Information Technology