Manage and execute Technology Infrastructure and Cybersecurity audits for a leading global financial services bank. Areas audited include IAM, Cybersecurity Framework (FFIEC), 3rd Party Risk Management, Internal/Cloud Network, Databases, Operating Systems, Data Leakage Prevention, and Regulatory Issue/MRA RemediationValidations.● Manage, plan and execute US-Based technology infrastructure and cybersecurity audits to meet regulation requirements.● Validate Regulatory related issues..● Provided continuous audit coverage over new initiatives such as Cloud infrastructure, IAM Control redesign, and Privileged Access Management

Manage the US team in Controls & Governance for Identity Access Management (IAM) in Enterprise Information Security (EIS) of MUFG Union Bank, N.A. Areas of responsibility included: managing all internal/external/regulatory audit responses for IAM, managing and executing SOx 404 IT Control remediation program, defining IAM policy/standards, establishing IAM internal controls, managing and tracking IAM related issues/action plans for timely remediation, and executing RCSA assessments.● Interact and respond to all internal, external (SOx 404 and SSAE 16/18) and regulatory audits and information inquiries● Manage and execute SOx 404 IT Control remediation program● Interact with 1st line (FLoD) and 2nd line (SLoD) of defenses to define IAM policy/standards● Establish IAM controls and processes for access certification, access requests, role/attributed based access (RBAC/ABAC), privileged access, and segregation of duty● Manage, track and resolve IAM internally identified and audit/regulatory related control issues● Establish an IAM policy and standard● Establish an IAM Governance program to continuously monitor and measure IAM policy compliance● Execute and report IAM Risk and Control Self Assessment (RCSA) program● Provide Control Guidance and SME for IAM Project - Cloud Transformation, AWS, Privileged Access, GRC for IAM Control

A member of ISACA New Jersey Chapter Board of Directors - ISACA New Jersey Chapter is dedicated to enriching the lives of our members by providing them programming, content, and events that furthers their career. #isaca #njisaca

Board advisors to the College of Science and Liberal Arts

Managed a global team in Controls & Governance for Identity Access Management (IAM) within Corporate Technology & Risk (CTR) in JPMC. Areas of responsibility included: managing all internal and external audit responses, managing and executing CTR’s SOx program and testing, managing and tracking IAM related issues/action plans for timely remediation, and executing RCSA assessment.● Interacted and responded to all internal, external (SOx and SSAE16) and regulatory audit interaction and information inquiries● Managed and executed SOx Program for CTR applications and infrastructure● Executed and reported SOx management testing● Managed, tracked and resolved IAM related control issues● Managed project scopes, budgets, and documentation to assess overall risk of findings related to audit, and regulatory requirements.● Established an IAM Governance program to ensure appropriate visibility, communication, and governance across key business partners and stakeholders.● Provided continuous assessment and metrics coverage over new initiatives such as access recertification process, IAM engineering redesign of tools and process, and SOX/SSAE 16 testing automation.

Co-leaded a global team in planning and conducting global technology infrastructure audits. Areas audited include: Global Technology Infrastructure (GTI), Information Security, applications, databases, network, remote access, access administration / recertification, firewall administration / configuration, network attached storage, endpoint security, directory services, Email infrastructure, BCP, 3rd party vendor management, virtual server and desktop infrastructure, and other global locations.● Co-leaded a team of staff auditors to perform global audits - providing mentoring, performance review and career development.● Conducted large scale global IT Infrastructure audits (~10 to 15 audits per year) – Operating Systems, Virtualization, Networks, Email / IM platforms, Information Security (FFIEC and ISO 27001/27002), ITGC, Systems Resilience/Business Continuity Plan, SDLC, Change Management and Vendor Management● Interacted with external auditors during examinations (SOx and SAS70 / SSAE16).● Conducted post remediation reviews to verify risk mitigation and control compliance.● Used database and data analytic skill for systematic and large scale data intensive audits.• Infrastructure Skills:•• Systems || Microsoft Active Directory, MS Windows, UNIX (Solaris and AIX) and Linux servers•• Virtualizations || VMware ESX, VI3 and VDI•• Networks and Remote Access || CheckPoint Firewall, Cisco PIX Firewall, Cisco VPN, EMC SAN, NetApp, Citrix, Cisco Call Manager, Microsoft Exchange, Microsoft LCS, Email Retention and Email Surveillance•• Information Security || Penetration Test, Vulnerability Scanning (Qualys), Intrusion Detection, Vendor Management, Data Leakage Prevention and Security Incident ResponseBCP Data Center Design and Resiliency, BCP IT and People Recovery, Data Backup, Systems Resiliency and Crisis Management•• Database || MS SQL and Oracle•• Application/SDLC || SDLC, Software Version Control and Change Management

Solution research, design and implementation:• Design, research and implementation for internal KPMG LLP IT Solution.• Provide technical subject matter expertise to other internal KPMG LLP areas, such as Microsoft, Citrix, Cisco, and Remote Access Technology.• Setting KPMG LLP Internal Infrastructure Standard.• Aligning Business requirement with suitable IT technology.• Experienced with the following technology design and implementation:• Windows 2003, Windows 2000 / Active Directory / DNS / DHCP / AD Security and Group Policy.•••• Citrix MetaFrame XP FR3 and Web Interface.•• Microsoft Network Load Balancing.•••• Storage Area Network (SAN with HP and Apple Xserve).•••• Wireless LAN using Cisco and RADIUS authentications.•••• HP Server Hardware (DL / ML / BL Servers)•••• Blade Server (HP) for server consideration•••• HP RDP for remote server deployment•••• SQL 7.0 and SQL 2000 Databases•••• VMware•••• Linux (Red Hat)•••• Wireless Secure Email (RIM Blackberry and Good Technology)•••• IP-enable KVM•••• Patch Management (PatchLink and HfNetChk)High Level Design Project:•••• Citrix MetaFrame XP FR3 design for outsource environment.•••• Pervasive Digital Right Management Research.•••• Redundant Funk RADIUS implementation.•••• Automatic Patch Management Solution using PatchLink and HfNetChk.•••• Remote and Multi-level Analog and IP-enable KVM solution.•••• Linux integration with Microsoft Active Directory.•••• Blade Server for Server standardization and Remote Deployment.•••• Wireless Secure Email integration (RIM Blackberry and Good Technology)

Corporate Network Security:• Define the Corporate Network Security and E-mail policies, including Network Perimeter Security, LAN/WAN Security, Remote Access, and Encryption policies.Infrastructure Design:• Lead in evaluation, recommendation, budgetary presentation and research for the requirement for IT infrastructure needs within the Enterprise Service group. (Major Projects include: Global Network Design, NT/2000 site design, security architecture and other IT projects.)Definition of Enterprise IT Technical Direction:• Evaluate key technologies and provide recommendations for adoption priorities and plans to the Chief Information Officer.• Establish prioritization and the evaluation of new technologies for incorporation.Enterprise Architecture Planning:• Align Business Goals with IT initiatives using Zachman Framework for Enterprise Architecture Planning.• Develop overall architectural model for future IT/Business development, process improvement and future IT technical direction.Merger and Acquisition Activity:• Participate in evaluation, recommendation and planning for integration of IT for company merger and acquisition activities through business/IT systems, business process analysis and data modeling.