際際滷

際際滷Share a Scribd company logo

I Syed, Sr. Consultant - Enterprise Information Security Governance, Risk, Compliance (GRC) & Audit

I
IftikharUddin Syed CRISC, EHCE, ITIL, M.S. IT Security

This document provides a resume for IftikharUddin Syed, summarizing his contact information, professional experience, skills, and qualifications. Syed has over 15 years of experience in enterprise information security governance, risk assessment, compliance and audit. He currently works as an Information Security Risk & Compliance Officer at eBay, and has previously worked on information security projects at Verizon.

1 of 8
Downloaded 17 times
IFTIKHARUDDIN SYED (SYED) Phone: (786) 473 7861 Email: iu.syed1@gmail.com LinkedIn: http://www.linkedin.com/in/iusyed Work Preference: Corp-to-Corp (C2C) & Corp-to-Hire (C2H) IftikharUddin Syed (Syed) | Confidential Resume 1 CONSULTING EXPERTISE Enterprise Information Security - Governance, Risk Assessment, Compliance and Audit Enterprise Information Security Implementation/Advisory and Project Management and PCI DSS requirements. PROFESSIONAL SUMMARY A senior level InfoSec Governance, Risk & Compliance (GRC) Consultant with 15 years of experience, conducting enterprise level security risk assessments: o Enterprise Information Security Operations o Enterprise Governance Risk and Compliance (eGRC) o Project Management/Assurance o PCI DSS standards readiness/implementations, gap assessment and audit o Risk Assessment based on Data Classification and Regulatory Compliance and Standards o Perimeter Security, End Point Security, Vulnerability Assessments o IT Security Testing through Deployment o IDM and IAM Audits POLICIES, STANDARDS and COMPLIANCE Regulatory & Statuary Compliance: Federal Information Security Management Act (FISMA), Federal Information Processing Standard (FIPS), Payment Card Industry Data Security Standards (PCI DSS), Health Insurance Portability Accountability Act (HIPAA), Sarbanes Oxley (SOX) 404, Statement of Auditing Standards (SAS) 70/SOC-1 & SOC-2, ISO 27001-27002 Information Security Management System Implementation & Audit, BS 25999 Business Continuity Management, ISO 9001-9002 Quality Management, Texas Administrative Code (TAC) 202, COBIT 4.1, NIST [FIPS 140-2, 800-53, 800-63, 800- 30] Guidelines, COBIT, OWASP & SANS Principles, DISA-STIGs, NSA and CIS Standards & Baselines. PROFESSIONAL EDUCATION UNIVERSITY o MS InfoTech Security with Merit (Distinction), University of Westminster, London, UK 6/2007 o BS- Computer Science Engineering, Gulbarga University, Karnataka India 9/2001 CERTIFICATIONS o Certified -Ethical Hacking and Countermeasures Expert (EHCE) US-Council o Certified -Risk and Information Systems Control (CRISC) - ISACA o Certified -HIPAA Security and Privacy Awareness o Certified -PCI DSS Technical Requirements & Technical Overview o Certified -Verizon Corporate Compliance Records Management, o Certified Training-SOX- Information Security Related Tenets o Certified Information Technology Infrastructure Library (ITIL) V3 Foundation (ITV3F.EN) o Certified on HIPAA Privacy and Security- New Hire Covered Persons Integrity Training - CVS | Caremark o Certified on LINUX Administration [City University, London, UK] o Certified Cisco Network Associate (CCNA)
IFTIKHARUDDIN SYED (SYED) Phone: (786) 473 7861 Email: iu.syed1@gmail.com LinkedIn: http://www.linkedin.com/in/iusyed Work Preference: Corp-to-Corp (C2C) & Corp-to-Hire (C2H) IftikharUddin Syed (Syed) | Confidential Resume 2 TRAINING o ISO 27001-27002:2005 Implementation and Lead Audit (LA), Info Security Management System (ISMS) o ISO 9001-9002:2005 Lead Audit (LA), Quality Management System (QMS) o BS 25999 Lead Audit (LA), Business Continuity Management (BCM o EPSON Stylus Engineering [EPSON (UK) Ltd., Hertfordshire, UK] INFORMATION SECURITY EXPERIENCE o Enterprise Governance Risk and Compliance (eGRC) o PCI-DSS, ISO 27001, FISMA, FEDRAMP and necessary regulatory compliance assessments, application and network vulnerability and pen testing, database security, and risk and compliance assessments o Knowledge of Perimeter Security: Cisco PIX & Check Point Firewall, IDS & IPS, Syslog & Radius Server, Load Balancer. o Knowledge of Identity & Access Management: Role Based Access Control (RBAC), CA-Site Minder Single Sign-On TECHNICAL INFRASTRUCTURE AND SOFTWARE o HP WebInspect, Nessus, AppDetective, Foundstone, Imperva, Tripwire, Metasploit, NMAP o Security Information & Event Management (SIEM): Nagios, LogLogic (Log & Monitoring Tool) o Firewall Access Authorization System (FAAS), Retail Implementation & Application Support (RIAS), Firewall Request System (FRS), CMIS (Incident Handling), Verizon Change Online Product [(VCOP) for CA/Release Management], Page Tool (SPOC Contact), Workbench (VITL Portal supporting Frontier), VSAD (Portfolio Name for App Name & Component), CMIS Crisis Portal o System Software: Microsoft Windows, Unix, Sun Solaris 10, Red Hat Linux o VMWare: VSphere, VMware ESX and ESX 3.5 /4.0 , ESXi 4.1/ 5.0 and 5.1,Virtual center server 2.5/4.0/ 4.1 and 5.0/5.1, VMware converter enterprise, VMware Update Manager, Vmware View 4.0/4.5 and 4.6 Thinapp, VMware capacity planner, VMware Orchestrator. o NETWORKING: Oracle Exalogic & Exadata, SUN Sparc, Silicon Graphics, Intel and Macs environment, LAN/WAN and Microsoft, Oracle Linux VMware (Virtual Machine), NetApp o Enterprise Architecture & Software Development: Technical Writing, IT Project Management, Cloud Computing, ITIL V3F, Agile and Scrum o PROGRAMS/OPERATING SYSTEMS Knowledge of Technology: C++/C, JAVA, J2EE, Eclipse, Android Mobile Programming, C# .Net, XML, SQL Server, Oracle 10g/11g, TCP/IP o SERVER APPLICATIONS: Web Sphere, Weblogic 8/10, Jxplorer, JBOSS, Apache Tomcat, IIS, SUN iPlanet, LDAP, Active Directory o Other Tools: MS Project, Word, Excel, Power Point, Visio, Outlook, Lotus Notes, and Putty.
IFTIKHARUDDIN SYED (SYED) Phone: (786) 473 7861 Email: iu.syed1@gmail.com LinkedIn: http://www.linkedin.com/in/iusyed Work Preference: Corp-to-Corp (C2C) & Corp-to-Hire (C2H) IftikharUddin Syed (Syed) | Confidential Resume 3 PROFESSIONAL EXPERIENCE SOFT SKILLS o Dedicated, disciplined and determined to succeed by demonstrating confidence, efficiency, response time and flexibility wherever needed. o Possess excellent presentation and communication skills, a strong work ethic, providing positive energy while working with teams at all levels. o Supporting critical analysis, problem resolution; working closely with teams and providing support and organization during complex project deployments. WORK EXPERIENCE eBay Inc. 5/2015 to Present Information Security Risk & Compliance Officer, Sr. Consultant Information Security Compliance, Risk Assessment & Data Loss Protection San Jose, CA o Lead the innovation and continuous improvement of IT internal control framework, including the integration of multiple compliance requirements. o Worked in collaboration with multiple organization team, vendors, stakeholder for eBay and PayPal Transitional Service Agreement (TSA) and Legal Aspects that refers to Resource/Asset and Data Classification, thereby adhering to PCI DSS v3.1 and SOC-1, SOC-2 regulatory compliance regulation. o Working on GRC Readiness/Implementation, Gap Assessment and Audit Findings. o Readiness process involves a compliance risk assessment, and assistance in helping the organization meet the requirements in preparation for an external audit. o Managed and Assessment of information security and risk management frameworks such as FFIEC, Sarbanes Oxley (SOX) 4, HIPAA, ISO 27001, NIST 800 Series Guidelines. o Working closely with eBay partners: Wells Fargo, PayPal, First Data, Imperva, K3DES (QSA), Symantec, Websense, Splunk and stakeholders to evaluate compliance, internal policies and standards and external regulatory requirements; communicating with all staff levels. o Interpret audit requirements to ensure appropriate definition of controls. o Analyze regulatory developments and recommend integration into the organization policies and standards. o Identify gaps in the design and operating effectiveness of controls, and identify opportunities for more efficient and effective controls. o Monitor and perform compliance testing, issue testing findings, prepare written report of findings, perform follow up testing, and assist in correcting deficiencies. o Convey findings identified through walkthroughs and testing, assess the risk and impact of deficiencies, and make recommendations for remediation in writing. o Skilful in the following key activities: Mitigating controls at the systems, network, and application level.
IFTIKHARUDDIN SYED (SYED) Phone: (786) 473 7861 Email: iu.syed1@gmail.com LinkedIn: http://www.linkedin.com/in/iusyed Work Preference: Corp-to-Corp (C2C) & Corp-to-Hire (C2H) IftikharUddin Syed (Syed) | Confidential Resume 4 Audit/assessment in the eBay as financial and retail services industry, especially as large/global Internet ecommerce enterprise. Expertise includes track and manage numerous parallel activities. Ability to work efficiently and independently with minimal supervision (i.e., self-motivated and willing to stretch to meet important deadlines). Working in a fast-paced, dynamic environment. Build and maintain constructive working relationships with a diverse community (in and outside of technology); ability to effectively communicate in both written and verbal manner to influence both technical and non-technical audiences. Verizon Enterprise Team, working with Client: Zales Corporation (Signet Group of Jewellers) 2/2015 to 5/2015 Project Manager, InfoSec Risk Compliance Advisor Irving, TX o Working closely with the Zales IT Security Group and its partners: BofA, First Data Xerox/ACS, Imperva, Coalfire (QSA), AJB, AT & T/Compucom, Earthlink, GSI/eBay, Iron Mtn, Kore Logic, Symantec o My roles and responsibilities is to facilitate and represent the sole direction of the PCI compliance for Zales Corporation. o Managing security services and the PCI DSS/PA DSS compliance practices, which included managing the consulting team, services and delivery for clients. o My role required close interaction with both technical and management client personnel through all stages of the engagement. o I managed a team of Network, Systems & Application Security Analysts/Specialist that worked with Zales Corporation to ensure security risk was managed appropriately for all group-wide applications. This entailed understanding the functionality provided by applications, reviewing architecture and design, identifying the data that is handled, performing threat modelling, evaluating the risks and recommending mitigating controls/solutions. o I was responsible for the security of several core banking applications that handle billions of dollars in transactions and customer/employee facing Mobile applications. A key task was to explain the security risks to the business, enabling them to make informed decisions on mitigation and risk acceptance. This required finding the right balance between the need for security and functionality. o Managerial responsibilities included supervising other security engineers, ensuring risk assessments are delivered on time and mentoring junior engineers. Verizon 9/2009 to 1/2015 Senior InfoSec Risk Analyst Richardson, Irving, TX Working closely with the partners: Deloitte, Accenture, Veracode, HP, Symantec, DHS (Dept of Homeland Security), JetBlue, Omnicare, CVS, Medco, Merc, Johnson & Johnson, Frontier Airlines, Source Gas, Johnson Controls, MUD (Metro Utility District).
IFTIKHARUDDIN SYED (SYED) Phone: (786) 473 7861 Email: iu.syed1@gmail.com LinkedIn: http://www.linkedin.com/in/iusyed Work Preference: Corp-to-Corp (C2C) & Corp-to-Hire (C2H) IftikharUddin Syed (Syed) | Confidential Resume 5 Verizon Business Units: Enterprise Solutions (VES) Managed Security Services (MSS), Universal Identity Services (UIS) & Electronic Prescription Controlled Substance (EPCS) o Managed Security Services (MSS)-Management and maintenance of security technologies (firewalls, DLP, SEIM, AV etc.) with emphasis on managed services. o Worked with team to build and finalize project development, implementation and execution plans with adherence to compliance with the code of conduct and Verizon CPI 810 policies and standards requirements. o Led several efforts having to do with the security of environments where security product software is restricted for use. o Led Systems Security and Application Scanning, risk remediation and performance of the frontend and backend provisioning and monitoring builds for Verizon customer devices. o Engaged in Security benchmarking processing and reporting of security devices incident using State Event Analysis machine analytics. o Ensuring compliance with policies & procedures, safety, state and federal laws, regulations and standards o Provided a 5 star benchmark for every security release in Performance, Endurance, Functional testing, regression testing and Application scan for any security holes. o Individually contributed as a lead, working with the project team to build and finalize project development, implementation and execution plans with adherence to PCI DSS, HIPAA, FISMA Compliance and Verizon CPI 810 Policies, Code of Conduct and Standards requirements. Accomplishments o SSL Certificate Validity: Successfully completed SSL Certificate Risk Assessment/Audit Operation (Certificate Validity/Expiry Audit) for All the MSS Environments Servers o Application Security Web Assessment & Penetration Testing Tools: Successfully completing requested Managed IT Security Services (MSS) Web Applications Vulnerability Assessment. o End-to-End Integration Data Center Environment Setup: Worked effectively on in two Data Centers located in Omaha, Nebraska; remotely connecting to servers and working with various IT Groups to stand-up the servers and deployed applications. These environments are key integration test for BRD. Involved in redesign, implementation, troubleshooting during IT Security and Functional Test Cycle. Installed Configure Application & Web Services and Testing in Data Center (DC)-1 and Data Center (DC)-2 to ensure improve process for E2Ei Product Line. o VMWare: Designed and implemented ESX server infrastructure environment and integration with NetApp PROJECT: IT Security Cloud Service - Universal Identity Service (UIS) o Responsible for IT security management, implementation and review, regulatory and statuary compliance, audit finding, risk remediation plans; IT security and risk assessment, security testing, gap analysis, application risk score reduction strategy and request for security exception (RFSE). o Revised and customized the Universal Identity Services (UIS) Platform Security Architecture artifacts targeted for Information Security and Compliance Regulation o Ensured robust and effective IT governance processes and security controls are in place and the systems are in full compliance with Federal Information Security Management Act (FISMA), Federal Information Processing Standards (FIPS), Department of Homeland Security (DHS), Health Insurance Portability and Accountability Act (HIPAA),Payment Card Industry Data
IFTIKHARUDDIN SYED (SYED) Phone: (786) 473 7861 Email: iu.syed1@gmail.com LinkedIn: http://www.linkedin.com/in/iusyed Work Preference: Corp-to-Corp (C2C) & Corp-to-Hire (C2H) IftikharUddin Syed (Syed) | Confidential Resume 6 Security Standards (PCI DSS), Sarbanes-Oxley (SOX), Statement of Auditing Standards (SAS 70), Drug Enforcement Administration (DEA), European Union Directive and National Institute of Standards and Technology (NIST) Guidelines. o Conducted several PCI-DSS Level 1 and 2 assessments and designed an on-going PCI program resulting in decreased cost and assured compliance for Verizon fortune 100 Customers. o Provided education and mentoring to team members; evaluate and design cloud computing security solutions; perform black/grey box penetration security testing for various Application Program Interfaces. o Coordinated with internal and external auditors and provide audit findings based on compliances; define and maintain security boundaries, identify all flow and interface attributes and touch points within system infrastructure and external system. o Provided recommendation to Non-Security and Security Operational Team and maintain documentation to ensure adherence to the corporate and federal regulations and international standards and directives. o Developed End-to-End UIS & EPCS Enterprise Security Baseline built on DISA-STIGs, NSA and CIS Standards & Benchmarks. o Involved with implementation of SDLC and SDLC Trace Matrix comprising functional requirements, process flows, Hardware and Software Design specification, Test Plans and Test Cases based on statuary & regulatory compliance built on NIST Guidelines SP 800 and FIPS Guidelines and DISA-STIGs, NSA and CIS benchmarks for UIS and EPCS Application. o UIS FISMA Compliance Control Areas: Worked on DISA STIGs and CIS Security Benchmarks comparison, provided evidence/artifacts for FISMA Baseline Controls, allowing executives better decision making. Group: Verizon Service Operation (VSO), Business (VZB) & Telecommunication Project: Performed IT security Risk Assessments utilizing system security plans, provided recommendations for risk remediation for mission-critical new and existing business systems. o Responsible for IT Security Implementation and Assessment for preparing Enterprise Information Governance Policy, Guidelines, Process and Procedures to monitor and control overall IT Security, IT Change Management and Computer Operations / Backup & Recovery across multiple platforms. o Developed comprehensive approach and led effort to identify the location of credit card numbers and other sensitive data in more than 5 Terabytes of storage in workstations, servers and databases. This information was used by a local government agency and a catalog / retail client to verify / assure compliance to multiple standards. o Involved in Design and development of IT Security Architecture, including process flow, hardware and software design specification, security testing and remediation techniques. Firewall Request System & Firewall Access Authorization System. o Engaged in vulnerability assessment and penetration testing for multiple portfolios systems and applications using the WebInspect, MetaSploit, NMAP and Nessus tools and provided recommendations for remediation actions. o Created the Risk Management and Incident Management Process in concurrence with NIST SP 800-30 Guidelines and ITIL V3 Framework respectively. o Created remediation plans for applications and processes to ensure that they met PCI DSS standards o Coordinated and reviewed audit compliance findings with IT systems owners and tracked the compliance finding status.
IFTIKHARUDDIN SYED (SYED) Phone: (786) 473 7861 Email: iu.syed1@gmail.com LinkedIn: http://www.linkedin.com/in/iusyed Work Preference: Corp-to-Corp (C2C) & Corp-to-Hire (C2H) IftikharUddin Syed (Syed) | Confidential Resume 7 o Worked on Rationalization of Rule Set for Networks, Systems and Cloud based Data Applications migration from Verizon to Frontier. o Performed gap analysis and prepared reports to identify applications and business processes that fell short of PCI standards. o Reviewed, documented and evaluated controls designed around IT Security, IT Change and Release Management, and Computer Operations / Backup & Recovery for the systems and applications, pertaining to the Software License Agreement (SLA) and Compliance Regulations. o Created and managed Incident Response (IR) performance metrics. o Managed and documented procedure for process flow for SSL Certificate migration from VeriSign to CyberTrust and RSA Secure ID for Retail Implementation Infrastructure for the Organization. CVS Caremark Senior InfoSec Consultant Enterprise Architecture InfoSec Management (EAISM) 10/2008 to 9/2009 Irving, TX o Designed Internet facing Perimeter Network and Cardholder Application Data Flow Network architecture, configuration review for CVS | Caremark entities, for Routers, Firewall and VPN, Application Servers, Systems (High-Range, Mid-Range and Client Server), Syslog and Radius Servers and other respective systems as necessary. o Performed gap analysis, PCI (Payment Card Industry) compliance requirements, requirements gathering and documentation, managing cross-team communication, managing external partner integration, change management, conducting interviews Works as project lead, accountable for achieving individual project development, implementation and execution objectives. o Conducted Annual IT Security and Risk Assessments for CVS | Caremark entities, High, Medium and Low Risk systems and to analyze business functions gaps and verify ownership and control of information system elements as necessary in accordance to the Statuary and Regulatory Compliance requirements. o Ensured Change Control and Incident Response Process Handling using ITILv3 and NIST Guidelines. o Documented data mapping, evidence gathering, reports, and organize meetings based on Role Based Access Control for Segregating Duties based on Audit Compliance Regulations. o Developed Information System Minimum Security Configuration Baselines (MSB), Rationalize Perimeter Firewall Rule Set Review (RSR), and Periodic Access Review (PAR) for Systems and Applications in accordance with SOX 404, HIPAA, SAS 70 and PCI DSS compliance and Standards for surveillance audit adherence. o Conducted Information Security Awareness Programs and seminars for employees, contingent workers, business staff and vendors. o Part of a group to conduct black and gray security testing for application vulnerability and port scans on the network using Nessus, Symantec, WebInspect, MetaSploit, NMAP, QualysGuard, and Foundstone as part of the internal audit process. Worked on the critical port analysis, remediation strategies for Incidents related to network infections.
IFTIKHARUDDIN SYED (SYED) Phone: (786) 473 7861 Email: iu.syed1@gmail.com LinkedIn: http://www.linkedin.com/in/iusyed Work Preference: Corp-to-Corp (C2C) & Corp-to-Hire (C2H) IftikharUddin Syed (Syed) | Confidential Resume 8 SIP Micro Systems InfoSec Analyst IT Services & Security Management Group 1/2008 to 9/2008 Oak Creek, WI o Implemented the information security processes for Firewall Rule Set, Risk Assessment, and IT Security Testing for Application Vulnerability Assessment & Penetration Testing, and Antivirus Management. o Developed compliance inventory to assess high risk laws, regulations, policies, procedures, guidelines and standards of conduct to mitigate corporate financial, legal and public exposure. o Identified potential areas of compliance vulnerability and risk, developed and implemented remediation plans, and provided guidance for process improvement. o Participated in internal monitoring and auditing; cooperating with external auditors for successful audit completion. o Chaired the Change Management Advisory Board-Approved/Denied Firewall Change requests for port opening from multiples team as per the Information security policy. Reviewing all changes to devices for risk impact and approving the requests for changes. o Performed security gap analysis on SAP GRC and SAP Netweaver Environment using IT best practices methodology. Epson Express Senior Engineer, InfoSec 8/2003 to 1/2008 London, UK IT Management & Enterprise Security Project Support o Provided Infrastructure IT Services support as a Senior Engineer within the Information Security Group. o Managed security compliance and audit processes with respect to Firewall Management, Application Security Vulnerability/Penetration Testing, Patch Management, Risk Management, Business Continuity BS 25999, Disaster Recovery Plan, Project Management and Quality Management for ISO 9001, and Security Implementations that adhere to ISO 27001/27002 and PCI DSS. o Multiple offices across London were in scope to ensure a Disaster Recovery plan was in place for all sites. o Implemented an Enterprise Security Awareness Program.

More Related Content

I Syed, Sr. Consultant - Enterprise Information Security Governance, Risk, Compliance (GRC) & Audit

  • 1. IFTIKHARUDDIN SYED (SYED) Phone: (786) 473 7861 Email: iu.syed1@gmail.com LinkedIn: http://www.linkedin.com/in/iusyed Work Preference: Corp-to-Corp (C2C) & Corp-to-Hire (C2H) IftikharUddin Syed (Syed) | Confidential Resume 1 CONSULTING EXPERTISE Enterprise Information Security - Governance, Risk Assessment, Compliance and Audit Enterprise Information Security Implementation/Advisory and Project Management and PCI DSS requirements. PROFESSIONAL SUMMARY A senior level InfoSec Governance, Risk & Compliance (GRC) Consultant with 15 years of experience, conducting enterprise level security risk assessments: o Enterprise Information Security Operations o Enterprise Governance Risk and Compliance (eGRC) o Project Management/Assurance o PCI DSS standards readiness/implementations, gap assessment and audit o Risk Assessment based on Data Classification and Regulatory Compliance and Standards o Perimeter Security, End Point Security, Vulnerability Assessments o IT Security Testing through Deployment o IDM and IAM Audits POLICIES, STANDARDS and COMPLIANCE Regulatory & Statuary Compliance: Federal Information Security Management Act (FISMA), Federal Information Processing Standard (FIPS), Payment Card Industry Data Security Standards (PCI DSS), Health Insurance Portability Accountability Act (HIPAA), Sarbanes Oxley (SOX) 404, Statement of Auditing Standards (SAS) 70/SOC-1 & SOC-2, ISO 27001-27002 Information Security Management System Implementation & Audit, BS 25999 Business Continuity Management, ISO 9001-9002 Quality Management, Texas Administrative Code (TAC) 202, COBIT 4.1, NIST [FIPS 140-2, 800-53, 800-63, 800- 30] Guidelines, COBIT, OWASP & SANS Principles, DISA-STIGs, NSA and CIS Standards & Baselines. PROFESSIONAL EDUCATION UNIVERSITY o MS InfoTech Security with Merit (Distinction), University of Westminster, London, UK 6/2007 o BS- Computer Science Engineering, Gulbarga University, Karnataka India 9/2001 CERTIFICATIONS o Certified -Ethical Hacking and Countermeasures Expert (EHCE) US-Council o Certified -Risk and Information Systems Control (CRISC) - ISACA o Certified -HIPAA Security and Privacy Awareness o Certified -PCI DSS Technical Requirements & Technical Overview o Certified -Verizon Corporate Compliance Records Management, o Certified Training-SOX- Information Security Related Tenets o Certified Information Technology Infrastructure Library (ITIL) V3 Foundation (ITV3F.EN) o Certified on HIPAA Privacy and Security- New Hire Covered Persons Integrity Training - CVS | Caremark o Certified on LINUX Administration [City University, London, UK] o Certified Cisco Network Associate (CCNA)
  • 2. IFTIKHARUDDIN SYED (SYED) Phone: (786) 473 7861 Email: iu.syed1@gmail.com LinkedIn: http://www.linkedin.com/in/iusyed Work Preference: Corp-to-Corp (C2C) & Corp-to-Hire (C2H) IftikharUddin Syed (Syed) | Confidential Resume 2 TRAINING o ISO 27001-27002:2005 Implementation and Lead Audit (LA), Info Security Management System (ISMS) o ISO 9001-9002:2005 Lead Audit (LA), Quality Management System (QMS) o BS 25999 Lead Audit (LA), Business Continuity Management (BCM o EPSON Stylus Engineering [EPSON (UK) Ltd., Hertfordshire, UK] INFORMATION SECURITY EXPERIENCE o Enterprise Governance Risk and Compliance (eGRC) o PCI-DSS, ISO 27001, FISMA, FEDRAMP and necessary regulatory compliance assessments, application and network vulnerability and pen testing, database security, and risk and compliance assessments o Knowledge of Perimeter Security: Cisco PIX & Check Point Firewall, IDS & IPS, Syslog & Radius Server, Load Balancer. o Knowledge of Identity & Access Management: Role Based Access Control (RBAC), CA-Site Minder Single Sign-On TECHNICAL INFRASTRUCTURE AND SOFTWARE o HP WebInspect, Nessus, AppDetective, Foundstone, Imperva, Tripwire, Metasploit, NMAP o Security Information & Event Management (SIEM): Nagios, LogLogic (Log & Monitoring Tool) o Firewall Access Authorization System (FAAS), Retail Implementation & Application Support (RIAS), Firewall Request System (FRS), CMIS (Incident Handling), Verizon Change Online Product [(VCOP) for CA/Release Management], Page Tool (SPOC Contact), Workbench (VITL Portal supporting Frontier), VSAD (Portfolio Name for App Name & Component), CMIS Crisis Portal o System Software: Microsoft Windows, Unix, Sun Solaris 10, Red Hat Linux o VMWare: VSphere, VMware ESX and ESX 3.5 /4.0 , ESXi 4.1/ 5.0 and 5.1,Virtual center server 2.5/4.0/ 4.1 and 5.0/5.1, VMware converter enterprise, VMware Update Manager, Vmware View 4.0/4.5 and 4.6 Thinapp, VMware capacity planner, VMware Orchestrator. o NETWORKING: Oracle Exalogic & Exadata, SUN Sparc, Silicon Graphics, Intel and Macs environment, LAN/WAN and Microsoft, Oracle Linux VMware (Virtual Machine), NetApp o Enterprise Architecture & Software Development: Technical Writing, IT Project Management, Cloud Computing, ITIL V3F, Agile and Scrum o PROGRAMS/OPERATING SYSTEMS Knowledge of Technology: C++/C, JAVA, J2EE, Eclipse, Android Mobile Programming, C# .Net, XML, SQL Server, Oracle 10g/11g, TCP/IP o SERVER APPLICATIONS: Web Sphere, Weblogic 8/10, Jxplorer, JBOSS, Apache Tomcat, IIS, SUN iPlanet, LDAP, Active Directory o Other Tools: MS Project, Word, Excel, Power Point, Visio, Outlook, Lotus Notes, and Putty.
  • 3. IFTIKHARUDDIN SYED (SYED) Phone: (786) 473 7861 Email: iu.syed1@gmail.com LinkedIn: http://www.linkedin.com/in/iusyed Work Preference: Corp-to-Corp (C2C) & Corp-to-Hire (C2H) IftikharUddin Syed (Syed) | Confidential Resume 3 PROFESSIONAL EXPERIENCE SOFT SKILLS o Dedicated, disciplined and determined to succeed by demonstrating confidence, efficiency, response time and flexibility wherever needed. o Possess excellent presentation and communication skills, a strong work ethic, providing positive energy while working with teams at all levels. o Supporting critical analysis, problem resolution; working closely with teams and providing support and organization during complex project deployments. WORK EXPERIENCE eBay Inc. 5/2015 to Present Information Security Risk & Compliance Officer, Sr. Consultant Information Security Compliance, Risk Assessment & Data Loss Protection San Jose, CA o Lead the innovation and continuous improvement of IT internal control framework, including the integration of multiple compliance requirements. o Worked in collaboration with multiple organization team, vendors, stakeholder for eBay and PayPal Transitional Service Agreement (TSA) and Legal Aspects that refers to Resource/Asset and Data Classification, thereby adhering to PCI DSS v3.1 and SOC-1, SOC-2 regulatory compliance regulation. o Working on GRC Readiness/Implementation, Gap Assessment and Audit Findings. o Readiness process involves a compliance risk assessment, and assistance in helping the organization meet the requirements in preparation for an external audit. o Managed and Assessment of information security and risk management frameworks such as FFIEC, Sarbanes Oxley (SOX) 4, HIPAA, ISO 27001, NIST 800 Series Guidelines. o Working closely with eBay partners: Wells Fargo, PayPal, First Data, Imperva, K3DES (QSA), Symantec, Websense, Splunk and stakeholders to evaluate compliance, internal policies and standards and external regulatory requirements; communicating with all staff levels. o Interpret audit requirements to ensure appropriate definition of controls. o Analyze regulatory developments and recommend integration into the organization policies and standards. o Identify gaps in the design and operating effectiveness of controls, and identify opportunities for more efficient and effective controls. o Monitor and perform compliance testing, issue testing findings, prepare written report of findings, perform follow up testing, and assist in correcting deficiencies. o Convey findings identified through walkthroughs and testing, assess the risk and impact of deficiencies, and make recommendations for remediation in writing. o Skilful in the following key activities: Mitigating controls at the systems, network, and application level.
  • 4. IFTIKHARUDDIN SYED (SYED) Phone: (786) 473 7861 Email: iu.syed1@gmail.com LinkedIn: http://www.linkedin.com/in/iusyed Work Preference: Corp-to-Corp (C2C) & Corp-to-Hire (C2H) IftikharUddin Syed (Syed) | Confidential Resume 4 Audit/assessment in the eBay as financial and retail services industry, especially as large/global Internet ecommerce enterprise. Expertise includes track and manage numerous parallel activities. Ability to work efficiently and independently with minimal supervision (i.e., self-motivated and willing to stretch to meet important deadlines). Working in a fast-paced, dynamic environment. Build and maintain constructive working relationships with a diverse community (in and outside of technology); ability to effectively communicate in both written and verbal manner to influence both technical and non-technical audiences. Verizon Enterprise Team, working with Client: Zales Corporation (Signet Group of Jewellers) 2/2015 to 5/2015 Project Manager, InfoSec Risk Compliance Advisor Irving, TX o Working closely with the Zales IT Security Group and its partners: BofA, First Data Xerox/ACS, Imperva, Coalfire (QSA), AJB, AT & T/Compucom, Earthlink, GSI/eBay, Iron Mtn, Kore Logic, Symantec o My roles and responsibilities is to facilitate and represent the sole direction of the PCI compliance for Zales Corporation. o Managing security services and the PCI DSS/PA DSS compliance practices, which included managing the consulting team, services and delivery for clients. o My role required close interaction with both technical and management client personnel through all stages of the engagement. o I managed a team of Network, Systems & Application Security Analysts/Specialist that worked with Zales Corporation to ensure security risk was managed appropriately for all group-wide applications. This entailed understanding the functionality provided by applications, reviewing architecture and design, identifying the data that is handled, performing threat modelling, evaluating the risks and recommending mitigating controls/solutions. o I was responsible for the security of several core banking applications that handle billions of dollars in transactions and customer/employee facing Mobile applications. A key task was to explain the security risks to the business, enabling them to make informed decisions on mitigation and risk acceptance. This required finding the right balance between the need for security and functionality. o Managerial responsibilities included supervising other security engineers, ensuring risk assessments are delivered on time and mentoring junior engineers. Verizon 9/2009 to 1/2015 Senior InfoSec Risk Analyst Richardson, Irving, TX Working closely with the partners: Deloitte, Accenture, Veracode, HP, Symantec, DHS (Dept of Homeland Security), JetBlue, Omnicare, CVS, Medco, Merc, Johnson & Johnson, Frontier Airlines, Source Gas, Johnson Controls, MUD (Metro Utility District).
  • 5. IFTIKHARUDDIN SYED (SYED) Phone: (786) 473 7861 Email: iu.syed1@gmail.com LinkedIn: http://www.linkedin.com/in/iusyed Work Preference: Corp-to-Corp (C2C) & Corp-to-Hire (C2H) IftikharUddin Syed (Syed) | Confidential Resume 5 Verizon Business Units: Enterprise Solutions (VES) Managed Security Services (MSS), Universal Identity Services (UIS) & Electronic Prescription Controlled Substance (EPCS) o Managed Security Services (MSS)-Management and maintenance of security technologies (firewalls, DLP, SEIM, AV etc.) with emphasis on managed services. o Worked with team to build and finalize project development, implementation and execution plans with adherence to compliance with the code of conduct and Verizon CPI 810 policies and standards requirements. o Led several efforts having to do with the security of environments where security product software is restricted for use. o Led Systems Security and Application Scanning, risk remediation and performance of the frontend and backend provisioning and monitoring builds for Verizon customer devices. o Engaged in Security benchmarking processing and reporting of security devices incident using State Event Analysis machine analytics. o Ensuring compliance with policies & procedures, safety, state and federal laws, regulations and standards o Provided a 5 star benchmark for every security release in Performance, Endurance, Functional testing, regression testing and Application scan for any security holes. o Individually contributed as a lead, working with the project team to build and finalize project development, implementation and execution plans with adherence to PCI DSS, HIPAA, FISMA Compliance and Verizon CPI 810 Policies, Code of Conduct and Standards requirements. Accomplishments o SSL Certificate Validity: Successfully completed SSL Certificate Risk Assessment/Audit Operation (Certificate Validity/Expiry Audit) for All the MSS Environments Servers o Application Security Web Assessment & Penetration Testing Tools: Successfully completing requested Managed IT Security Services (MSS) Web Applications Vulnerability Assessment. o End-to-End Integration Data Center Environment Setup: Worked effectively on in two Data Centers located in Omaha, Nebraska; remotely connecting to servers and working with various IT Groups to stand-up the servers and deployed applications. These environments are key integration test for BRD. Involved in redesign, implementation, troubleshooting during IT Security and Functional Test Cycle. Installed Configure Application & Web Services and Testing in Data Center (DC)-1 and Data Center (DC)-2 to ensure improve process for E2Ei Product Line. o VMWare: Designed and implemented ESX server infrastructure environment and integration with NetApp PROJECT: IT Security Cloud Service - Universal Identity Service (UIS) o Responsible for IT security management, implementation and review, regulatory and statuary compliance, audit finding, risk remediation plans; IT security and risk assessment, security testing, gap analysis, application risk score reduction strategy and request for security exception (RFSE). o Revised and customized the Universal Identity Services (UIS) Platform Security Architecture artifacts targeted for Information Security and Compliance Regulation o Ensured robust and effective IT governance processes and security controls are in place and the systems are in full compliance with Federal Information Security Management Act (FISMA), Federal Information Processing Standards (FIPS), Department of Homeland Security (DHS), Health Insurance Portability and Accountability Act (HIPAA),Payment Card Industry Data
  • 6. IFTIKHARUDDIN SYED (SYED) Phone: (786) 473 7861 Email: iu.syed1@gmail.com LinkedIn: http://www.linkedin.com/in/iusyed Work Preference: Corp-to-Corp (C2C) & Corp-to-Hire (C2H) IftikharUddin Syed (Syed) | Confidential Resume 6 Security Standards (PCI DSS), Sarbanes-Oxley (SOX), Statement of Auditing Standards (SAS 70), Drug Enforcement Administration (DEA), European Union Directive and National Institute of Standards and Technology (NIST) Guidelines. o Conducted several PCI-DSS Level 1 and 2 assessments and designed an on-going PCI program resulting in decreased cost and assured compliance for Verizon fortune 100 Customers. o Provided education and mentoring to team members; evaluate and design cloud computing security solutions; perform black/grey box penetration security testing for various Application Program Interfaces. o Coordinated with internal and external auditors and provide audit findings based on compliances; define and maintain security boundaries, identify all flow and interface attributes and touch points within system infrastructure and external system. o Provided recommendation to Non-Security and Security Operational Team and maintain documentation to ensure adherence to the corporate and federal regulations and international standards and directives. o Developed End-to-End UIS & EPCS Enterprise Security Baseline built on DISA-STIGs, NSA and CIS Standards & Benchmarks. o Involved with implementation of SDLC and SDLC Trace Matrix comprising functional requirements, process flows, Hardware and Software Design specification, Test Plans and Test Cases based on statuary & regulatory compliance built on NIST Guidelines SP 800 and FIPS Guidelines and DISA-STIGs, NSA and CIS benchmarks for UIS and EPCS Application. o UIS FISMA Compliance Control Areas: Worked on DISA STIGs and CIS Security Benchmarks comparison, provided evidence/artifacts for FISMA Baseline Controls, allowing executives better decision making. Group: Verizon Service Operation (VSO), Business (VZB) & Telecommunication Project: Performed IT security Risk Assessments utilizing system security plans, provided recommendations for risk remediation for mission-critical new and existing business systems. o Responsible for IT Security Implementation and Assessment for preparing Enterprise Information Governance Policy, Guidelines, Process and Procedures to monitor and control overall IT Security, IT Change Management and Computer Operations / Backup & Recovery across multiple platforms. o Developed comprehensive approach and led effort to identify the location of credit card numbers and other sensitive data in more than 5 Terabytes of storage in workstations, servers and databases. This information was used by a local government agency and a catalog / retail client to verify / assure compliance to multiple standards. o Involved in Design and development of IT Security Architecture, including process flow, hardware and software design specification, security testing and remediation techniques. Firewall Request System & Firewall Access Authorization System. o Engaged in vulnerability assessment and penetration testing for multiple portfolios systems and applications using the WebInspect, MetaSploit, NMAP and Nessus tools and provided recommendations for remediation actions. o Created the Risk Management and Incident Management Process in concurrence with NIST SP 800-30 Guidelines and ITIL V3 Framework respectively. o Created remediation plans for applications and processes to ensure that they met PCI DSS standards o Coordinated and reviewed audit compliance findings with IT systems owners and tracked the compliance finding status.
  • 7. IFTIKHARUDDIN SYED (SYED) Phone: (786) 473 7861 Email: iu.syed1@gmail.com LinkedIn: http://www.linkedin.com/in/iusyed Work Preference: Corp-to-Corp (C2C) & Corp-to-Hire (C2H) IftikharUddin Syed (Syed) | Confidential Resume 7 o Worked on Rationalization of Rule Set for Networks, Systems and Cloud based Data Applications migration from Verizon to Frontier. o Performed gap analysis and prepared reports to identify applications and business processes that fell short of PCI standards. o Reviewed, documented and evaluated controls designed around IT Security, IT Change and Release Management, and Computer Operations / Backup & Recovery for the systems and applications, pertaining to the Software License Agreement (SLA) and Compliance Regulations. o Created and managed Incident Response (IR) performance metrics. o Managed and documented procedure for process flow for SSL Certificate migration from VeriSign to CyberTrust and RSA Secure ID for Retail Implementation Infrastructure for the Organization. CVS Caremark Senior InfoSec Consultant Enterprise Architecture InfoSec Management (EAISM) 10/2008 to 9/2009 Irving, TX o Designed Internet facing Perimeter Network and Cardholder Application Data Flow Network architecture, configuration review for CVS | Caremark entities, for Routers, Firewall and VPN, Application Servers, Systems (High-Range, Mid-Range and Client Server), Syslog and Radius Servers and other respective systems as necessary. o Performed gap analysis, PCI (Payment Card Industry) compliance requirements, requirements gathering and documentation, managing cross-team communication, managing external partner integration, change management, conducting interviews Works as project lead, accountable for achieving individual project development, implementation and execution objectives. o Conducted Annual IT Security and Risk Assessments for CVS | Caremark entities, High, Medium and Low Risk systems and to analyze business functions gaps and verify ownership and control of information system elements as necessary in accordance to the Statuary and Regulatory Compliance requirements. o Ensured Change Control and Incident Response Process Handling using ITILv3 and NIST Guidelines. o Documented data mapping, evidence gathering, reports, and organize meetings based on Role Based Access Control for Segregating Duties based on Audit Compliance Regulations. o Developed Information System Minimum Security Configuration Baselines (MSB), Rationalize Perimeter Firewall Rule Set Review (RSR), and Periodic Access Review (PAR) for Systems and Applications in accordance with SOX 404, HIPAA, SAS 70 and PCI DSS compliance and Standards for surveillance audit adherence. o Conducted Information Security Awareness Programs and seminars for employees, contingent workers, business staff and vendors. o Part of a group to conduct black and gray security testing for application vulnerability and port scans on the network using Nessus, Symantec, WebInspect, MetaSploit, NMAP, QualysGuard, and Foundstone as part of the internal audit process. Worked on the critical port analysis, remediation strategies for Incidents related to network infections.
  • 8. IFTIKHARUDDIN SYED (SYED) Phone: (786) 473 7861 Email: iu.syed1@gmail.com LinkedIn: http://www.linkedin.com/in/iusyed Work Preference: Corp-to-Corp (C2C) & Corp-to-Hire (C2H) IftikharUddin Syed (Syed) | Confidential Resume 8 SIP Micro Systems InfoSec Analyst IT Services & Security Management Group 1/2008 to 9/2008 Oak Creek, WI o Implemented the information security processes for Firewall Rule Set, Risk Assessment, and IT Security Testing for Application Vulnerability Assessment & Penetration Testing, and Antivirus Management. o Developed compliance inventory to assess high risk laws, regulations, policies, procedures, guidelines and standards of conduct to mitigate corporate financial, legal and public exposure. o Identified potential areas of compliance vulnerability and risk, developed and implemented remediation plans, and provided guidance for process improvement. o Participated in internal monitoring and auditing; cooperating with external auditors for successful audit completion. o Chaired the Change Management Advisory Board-Approved/Denied Firewall Change requests for port opening from multiples team as per the Information security policy. Reviewing all changes to devices for risk impact and approving the requests for changes. o Performed security gap analysis on SAP GRC and SAP Netweaver Environment using IT best practices methodology. Epson Express Senior Engineer, InfoSec 8/2003 to 1/2008 London, UK IT Management & Enterprise Security Project Support o Provided Infrastructure IT Services support as a Senior Engineer within the Information Security Group. o Managed security compliance and audit processes with respect to Firewall Management, Application Security Vulnerability/Penetration Testing, Patch Management, Risk Management, Business Continuity BS 25999, Disaster Recovery Plan, Project Management and Quality Management for ISO 9001, and Security Implementations that adhere to ISO 27001/27002 and PCI DSS. o Multiple offices across London were in scope to ensure a Disaster Recovery plan was in place for all sites. o Implemented an Enterprise Security Awareness Program.