Resum Richa Kulshreshtha

176 Waterside Dr., Little Ferry, NJ 07643. M - +1 508 439 3509 kricha77@hotmail.com Visa Status: H1B

SUMMARY
Over 9+ yrs of experience as Solutions-oriented IT Security and Risk & Controls Management Specialist with notable success directing a broad range of corporate IT initiatives while participating in planning and implementation of information-security solutions in direct support of business objectives. Track record of increasing responsibility in Risk & Control Assessments, SOX 404 Compliance activities, SAS70 audits, secure network design, security product implementation and full lifecycle project management. Demonstrated capacity to consult and implement innovative security programs that drive awareness, decrease exposure, and strengthen the security of organizations. Hands-on experience on leading security technologies and products. Outstanding leadership abilities; able to coordinate and direct all phases of project-based efforts while managing, motivating, and leading project teams. Adept at developing effective security policies and procedures, project documentation and milestones, and technical/business specifications.

Certifications
Project Management professional (PMP) ITIL v3 Foundation Cobit 4.1 Foundation Certified in Control Self Assessment (CCSA) Certified Information Systems Auditor (CISA) Certified Information Systems Security Professional (CISSP) Checkpoint Certified Security Administrator (CCSA) Cisco Certified Network Associate (CCNA) Microsoft Certified Professional + Internet (MCP+I)

PROFESSIONAL EXPERIENCE
Citigroup Inc., USA IS, COB & Controls Analyst / SAS70 Program Manager i-flex Solutions Inc., USA Assistant Manager / Consultant Ramco Systems Pvt. Ltd., Bangalore, India Technical Consultant Prudent Solution Pvt. Ltd., Bangalore, India Network Security Consultant Bangalore Labs Pvt. Ltd., Bangalore, India Information Security Consultant May 2007 Feb 2011 Jan 2004 - May 2007 Nov 2002 - Dec 2003 Jan 2002 - Nov 2002 Jun 2001 - Oct 2001

Professional Affiliation
Member of ISACA

Resum Richa Kulshreshtha PROJECTS

Citigroup, New Jersey
SOX404 Compliance/SAS70 Audit
Managed the SAS 70 Program, in accordance with the defined standards. The program involved managing the SAS 70 audit in liaison with KPMG auditors and various regional teams, keeping abreast of key organizational updates for SAS70 reporting and SOX 404 assessments, managing the final SAS 70 report distribution application and process, maintaining the updated documentation on the SharePoint site and supporting the clients resolving any issues/concerns. Played a key role in facilitating the SOX 404 review in coordination with KPMG auditors and various regional teams. Provided governance and guidance to all technology divisions for SOX 404 compliance activities and SAS70 activities to ensure organizations compliance to SOX404 Act, via regular SOX Working Group meetings. Conducted the Resource Impact Analysis due to reduction in SOX scope and the AS-5 standards in Liaison with SOX Leads and Regional SOX compliance groups. Reviewed the Key IT Risks and internal controls, identified gaps and redundancies with CobIT and COSO frameworks, SAS70 and SOX 404 related IT General Controls, mapping alongside with Citi Information Security Standards and facilitated the establishment of the IT RCSA baseline. Managed and maintained the SharePoint site current and updated for SAS70 audit logistics and SOX 404 Working group for archiving relevant guidance documents/procedural documents/announcements accessible to internal clients and external auditors. Led the design, creation and launch of the Archer SAS70 report management module in compliance with the global information security policy, liasing with various stakeholders, and circumventing the complexities and inconsistencies, increasing user friendliness and accurate reporting. Streamlined the process to improve access controls to Citi facilities and systems by external auditors/contractors as part of the Corporate initiative. Managed the assigned internal audits ensuring timely progress of audits, resolving any concerns on factual accuracy of observations and escalating to respective stakeholders, as appropriate. Additionally, facilitated the SOX business monitoring review by internal auditors. Initiated the trend analysis of Issue review process to report on process effectiveness and to focus on areas that needed improvement and educated/trained the regions/business divisions accordingly. Re-vamped the SOX/non-SOX issue review process adopting the risk based random sampling methodology and changing the frequency of review (based on observed success rate) for a robust and efficient risk based process leading to saving in man hours for the group. Solidified the SOX issue review process for IT SOX Steering committee review and business impact analysis by respective businesses. Proficiently supported the team with expert opinions/clarifications in review of reliable, relevant and sufficient issue remediation evidences. Generated reports and scorecards for the corporate office and businesses for appropriate classification/determination of SOX issues, business impact analysis of SOX issues & anticipated significant changes to the SOX environment.

May 2007 Till Date

Skills
Risk Management & controls mapping Process Mapping for on-going security management Process and security consulting Security Products Implementation (Firewall, IDS, Vulnerability Scanners, anti-virus software, content filtering software etc.) Change Control Process

Tools
Risk Management Applications: ARMOR-IRM, CSI, ARCHER, MARS+ Configuration / Change Management Tools: PVCS Dimension, Infoman Scanners: Nessus, Internet Security Systems scanner, Retina, nMap, Cerebrus internet scanner, Superscan, Appdetective OS Hardening tools: Server Lock, IIS Lock down, HardenNT, Network sniffer:

Resum Richa Kulshreshtha

Iris, Anti-sniff Led the effort for the Risk Acceptance forms reconciliation, performed detailed analysis in coordination with various stakeholders, resolved discrepancies and presented the analysis results to senior management leading to accurate and consistent information in Password cracker: LC3 the system. Facilitated the audits based on BS7799 and ISO27001 frameworks. Firewalls:

i-flex Solutions Ltd.

Jan 2004 May 2007

Citibank Inc., New Jersey Information Security Consultant - CRA Fast Track Project IS Fast Track CRA (Common Risk Assessment) initiative was started to enable and facilitate all business divisions under CTI to complete the risk assessments for year 2006. This was a success milestone for the department. Role: Interacted with various teams and assisted in managing the project by interacting with all the regions/business divisions for completing the application/business compliance questionnaires, Residual Risk forms and Issues/Corrective Action Plans within the targeted time frame. Reviewed the issues/Corrective action plans after the BISO review for accuracy and correctness. Independently led the Infrastructure risk assessments as part of the infrastructure risk assessments exercise. Initiated the ARCHER & CSI data integrity review. Collaborated to compose key documents detailing operational processes. State Street Financial Center (Boston, USA) Configuration Manager Configuration Management, as an important part of SDLC, is established in the complex application development environment at State Street to streamline and optimize the process of tracking the application development, enhancements and bug fixes. Role: Configuration Manager, Release Manager, Change Manager and Deployment Manager. Administered CVS, code deployment activities and Change control via Lotus work flow application leading to improvements in the CM process for the organization. Also coordinated with various departments along with the development team for version control of sources and the QA, UAT and production promotions leading to timely releases and bug fixes meeting the strict time deadlines satisfying the business users requirements. Citigroup (New Jersey, USA) GCC CITMP Operational Risk, FFIEC and SOX 404 The project scope included writing L3 procedures for the technology platforms implemented by Citigroup and aligning them with the internal (RCSA and CITMP) and external (SOX 404 and FFIEC) control frameworks. Role: Mapped the existing processes to best international practices (FFIEC, SOX404). Conducted gap analysis on the CITMP L2 and L3 documents, RCSA framework, SOX and FFIEC controls and provided recommendations for closing those gaps. Reviewed existing process documents and communicated needed enhancements. All these activities strengthened the security policy and processes in the

Checkpoint, Sonicwall, SecureIIS(applicatio n level firewall for IIS), Tiny Personal firewall IDS: Real Secure, nPatrol Antivirus software: Sophos, Symantec Norton anti-virus, Trendmicro Officescan, Trendmicro Interscan Viruswall Content filtering
software: Websense, escan, SuperScout surfcontrol, Igear/Symantec Web

Security Log Analyser/ Reporting software: WebTrends Firewall Suite, WebTrends Analysis Series Integrated Products: Symantec Client Security

Resum Richa Kulshreshtha

organization in terms of compliance with the best practices and standards. Citigroup NA (Singapore) Release Manager At Citibank, flexcube latest version rollout was carried out for 13 countries in the ASPAC region. Role: As a Flexcube application Configuration , Change and Release Manager: Liaised with Citibank QA, Datacenter team, Server Management team and Change management for UAT and Production promotion which led to timely releases meeting the strict time deadlines. Documented the Standard operating procedures and Configuration Management Plan which led to the compliance with the audit requirement. Maintained the version control repository in PVCS in co-ordination with the development team which led to the base lining of source code deployed in the organization, in an organized fashion. Streamlined the Change Control Process by documenting the change, raising the change in Infoman and following up the change till closure, meeting the strict time deadlines for any UAT and Production release. Initiated the source code retro process resulting in consolidation of source code across various development locations.

Ramco Systems Pvt. Ltd. (Bangalore, India) Nov 2002 Dec 2003
Atos Origin (Bombay)/Hutch (Hyderabad)/TVS Motors (Bangalore) Resident Security Consultant Role: Consulted based on BS7799 Security Standard on the security of existing network infrastructure Implemented and supported the Infrastructure security (including servers/desktops security and their patch level, firewall/IDS/ URL Filtering software/ Log Analyser for firewall and webserver implementation and establishing SecuRemote VPN for various branch offices and area offices to the servers in the central location) Initiated the process for appropriate access rights for the authorized users and blocking unwanted services to or from the network. The consulting and security products implementation led to a secure infrastructure for the organizations. Philips (Bombay, India) Security Consultant This project involved two-factor authentication mechanism implementation with RSA SecurID tokens and SafeStone DetectIT Agent on AS/400 server. Role: Spearheaded the implementation of RSA/ACE server in Mumbai and co-ordinated the implementation of SafeStones DetectIT agent on AS/400 servers in Delhi. Implemented SecurID authentication for users logging onto Windows NT server and assigning SecurID tokens to users for 2-factor authentication while logging onto servers. The project was completed by handing over the implementation and administration documentation to the customer. The project was a complete success with kudos from the customer.

Prudent Solution Pvt. Ltd. (Bangalore, India) Jan 2002 Nov 2002

Resum Richa Kulshreshtha

Security Consultant Security Consulting and Infrastructure Support for various clients. Role: Provided virus cleaning services and antivirus implementation for quite a few Bangalore based companies ultimately leading to clean, virus free and secure networks. Content filtering software implementation which facilitated the client to easily control access to sites for its users and monitor what URLs the users are accessing and when, so that the organizations security policy can be complied with. This project was a Technical Security Audit project. Role: Conducted vulnerability Assessment for the network using tools like scanners, network traffic analyzers, password crackers etc. which resulted in finding crucial security loopholes in the organizations network. Created awareness for the security related issues among the users and management. Initiated and led the process for making the network infrastructure secure based on the findings ultimately leading to a secure network.

Bangalore Labs Pvt. Ltd. (Bangalore, India) Jun 2001 Oct 2001
Information Security Consultant This project involved doing a complete remote penetration testing on the live infrastructure of the Singapore based company. Commercial Tools like ISS Scanner, Retina and Freeware tools like Nessus, Nmap, X-Probe and custom scripts written in Perl were used for penetration testing. Role: Carried out Foot-printing, Remote Scanning, OS Enumeration and Escalation of Access. The results were analyzed and reported back to the customer with steps for fixing the vulnerabilities. This resulted in creating awareness in the client for securing their network infrastructure and also strengthened the penetration testing services vertical of the organization after the first success story. As a part of the Security Advisory Services, Bangalore Labs used to provide on-going support to the customer through email based alerts on patch upgrades, virus alarms and cures, operating system vulnerabilities. Role: Responsible for checking the new vulnerabilities reported from vendor web-sites (Microsoft, Cisco, ISS, Red Hat, etc.), Common Vulnerabilities and Exposures (CVE) website, CERT, Symantec, Trend Micro and McAfee, test the solutions in a lab setup at Bangalore Labs and advise customers on the procedures for implementing in their environment. This led to the first hand updated information available to customers before getting hit by any preventable security incident.

EDUCATION
PG Diploma in Telecom Management Symbiosis Institute of Telecom Management BE (Electronics & Communication) Bhilai Institute of Technology, Durg 2001 1998

Resum Richa Kulshreshtha REFERENCES

Available upon Request.