Professional Documents
Culture Documents
Richa Kulshreshtha
Richa Kulshreshtha
176 Waterside Dr., Little Ferry, NJ 07643. M - +1 508 439 3509 kricha77@hotmail.com Visa Status: H1B
SUMMARY
Over 9+ yrs of experience as Solutions-oriented IT Security and Risk & Controls Management Specialist with notable success directing a broad range of corporate IT initiatives while participating in planning and implementation of information-security solutions in direct support of business objectives. Track record of increasing responsibility in Risk & Control Assessments, SOX 404 Compliance activities, SAS70 audits, secure network design, security product implementation and full lifecycle project management. Demonstrated capacity to consult and implement innovative security programs that drive awareness, decrease exposure, and strengthen the security of organizations. Hands-on experience on leading security technologies and products. Outstanding leadership abilities; able to coordinate and direct all phases of project-based efforts while managing, motivating, and leading project teams. Adept at developing effective security policies and procedures, project documentation and milestones, and technical/business specifications.
Certifications
Project Management professional (PMP) ITIL v3 Foundation Cobit 4.1 Foundation Certified in Control Self Assessment (CCSA) Certified Information Systems Auditor (CISA) Certified Information Systems Security Professional (CISSP) Checkpoint Certified Security Administrator (CCSA) Cisco Certified Network Associate (CCNA) Microsoft Certified Professional + Internet (MCP+I)
PROFESSIONAL EXPERIENCE
Citigroup Inc., USA IS, COB & Controls Analyst / SAS70 Program Manager i-flex Solutions Inc., USA Assistant Manager / Consultant Ramco Systems Pvt. Ltd., Bangalore, India Technical Consultant Prudent Solution Pvt. Ltd., Bangalore, India Network Security Consultant Bangalore Labs Pvt. Ltd., Bangalore, India Information Security Consultant May 2007 Feb 2011 Jan 2004 - May 2007 Nov 2002 - Dec 2003 Jan 2002 - Nov 2002 Jun 2001 - Oct 2001
Professional Affiliation
Member of ISACA
Skills
Risk Management & controls mapping Process Mapping for on-going security management Process and security consulting Security Products Implementation (Firewall, IDS, Vulnerability Scanners, anti-virus software, content filtering software etc.) Change Control Process
Tools
Risk Management Applications: ARMOR-IRM, CSI, ARCHER, MARS+ Configuration / Change Management Tools: PVCS Dimension, Infoman Scanners: Nessus, Internet Security Systems scanner, Retina, nMap, Cerebrus internet scanner, Superscan, Appdetective OS Hardening tools: Server Lock, IIS Lock down, HardenNT, Network sniffer:
Iris, Anti-sniff Led the effort for the Risk Acceptance forms reconciliation, performed detailed analysis in coordination with various stakeholders, resolved discrepancies and presented the analysis results to senior management leading to accurate and consistent information in Password cracker: LC3 the system. Facilitated the audits based on BS7799 and ISO27001 frameworks. Firewalls:
Citibank Inc., New Jersey Information Security Consultant - CRA Fast Track Project IS Fast Track CRA (Common Risk Assessment) initiative was started to enable and facilitate all business divisions under CTI to complete the risk assessments for year 2006. This was a success milestone for the department. Role: Interacted with various teams and assisted in managing the project by interacting with all the regions/business divisions for completing the application/business compliance questionnaires, Residual Risk forms and Issues/Corrective Action Plans within the targeted time frame. Reviewed the issues/Corrective action plans after the BISO review for accuracy and correctness. Independently led the Infrastructure risk assessments as part of the infrastructure risk assessments exercise. Initiated the ARCHER & CSI data integrity review. Collaborated to compose key documents detailing operational processes. State Street Financial Center (Boston, USA) Configuration Manager Configuration Management, as an important part of SDLC, is established in the complex application development environment at State Street to streamline and optimize the process of tracking the application development, enhancements and bug fixes. Role: Configuration Manager, Release Manager, Change Manager and Deployment Manager. Administered CVS, code deployment activities and Change control via Lotus work flow application leading to improvements in the CM process for the organization. Also coordinated with various departments along with the development team for version control of sources and the QA, UAT and production promotions leading to timely releases and bug fixes meeting the strict time deadlines satisfying the business users requirements. Citigroup (New Jersey, USA) GCC CITMP Operational Risk, FFIEC and SOX 404 The project scope included writing L3 procedures for the technology platforms implemented by Citigroup and aligning them with the internal (RCSA and CITMP) and external (SOX 404 and FFIEC) control frameworks. Role: Mapped the existing processes to best international practices (FFIEC, SOX404). Conducted gap analysis on the CITMP L2 and L3 documents, RCSA framework, SOX and FFIEC controls and provided recommendations for closing those gaps. Reviewed existing process documents and communicated needed enhancements. All these activities strengthened the security policy and processes in the
Checkpoint, Sonicwall, SecureIIS(applicatio n level firewall for IIS), Tiny Personal firewall IDS: Real Secure, nPatrol Antivirus software: Sophos, Symantec Norton anti-virus, Trendmicro Officescan, Trendmicro Interscan Viruswall Content filtering
software: Websense, escan, SuperScout surfcontrol, Igear/Symantec Web
Security Log Analyser/ Reporting software: WebTrends Firewall Suite, WebTrends Analysis Series Integrated Products: Symantec Client Security
Ramco Systems Pvt. Ltd. (Bangalore, India)
Nov
2002
Dec
2003
Atos
Origin
(Bombay)/Hutch
(Hyderabad)/TVS
Motors
(Bangalore)
Resident
Security
Consultant
Role:
Consulted
based
on
BS7799
Security
Standard
on
the
security
of
existing
network
infrastructure
Implemented
and
supported
the
Infrastructure
security
(including
servers/desktops
security
and
their
patch
level,
firewall/IDS/
URL
Filtering
software/
Log
Analyser
for
firewall
and
webserver
implementation
and
establishing
SecuRemote
VPN
for
various
branch
offices
and
area
offices
to
the
servers
in
the
central
location)
Initiated
the
process
for
appropriate
access
rights
for
the
authorized
users
and
blocking
unwanted
services
to
or
from
the
network.
The
consulting
and
security
products
implementation
led
to
a
secure
infrastructure
for
the
organizations.
Philips
(Bombay,
India)
Security
Consultant
This
project
involved
two-factor
authentication
mechanism
implementation
with
RSA
SecurID
tokens
and
SafeStone
DetectIT
Agent
on
AS/400
server.
Role:
Spearheaded
the
implementation
of
RSA/ACE
server
in
Mumbai
and
co-ordinated
the
implementation
of
SafeStones
DetectIT
agent
on
AS/400
servers
in
Delhi.
Implemented
SecurID
authentication
for
users
logging
onto
Windows
NT
server
and
assigning
SecurID
tokens
to
users
for
2-factor
authentication
while
logging
onto
servers.
The
project
was
completed
by
handing
over
the
implementation
and
administration
documentation
to
the
customer.
The
project
was
a
complete
success
with
kudos
from
the
customer.
Prudent Solution Pvt. Ltd. (Bangalore, India) Jan 2002 Nov 2002
Bangalore Labs Pvt. Ltd. (Bangalore, India)
Jun
2001
Oct
2001
Information
Security
Consultant
This
project
involved
doing
a
complete
remote
penetration
testing
on
the
live
infrastructure
of
the
Singapore
based
company.
Commercial
Tools
like
ISS
Scanner,
Retina
and
Freeware
tools
like
Nessus,
Nmap,
X-Probe
and
custom
scripts
written
in
Perl
were
used
for
penetration
testing.
Role:
Carried
out
Foot-printing,
Remote
Scanning,
OS
Enumeration
and
Escalation
of
Access.
The
results
were
analyzed
and
reported
back
to
the
customer
with
steps
for
fixing
the
vulnerabilities.
This
resulted
in
creating
awareness
in
the
client
for
securing
their
network
infrastructure
and
also
strengthened
the
penetration
testing
services
vertical
of
the
organization
after
the
first
success
story.
As
a
part
of
the
Security
Advisory
Services,
Bangalore
Labs
used
to
provide
on-going
support
to
the
customer
through
email
based
alerts
on
patch
upgrades,
virus
alarms
and
cures,
operating
system
vulnerabilities.
Role:
Responsible
for
checking
the
new
vulnerabilities
reported
from
vendor
web-sites
(Microsoft,
Cisco,
ISS,
Red
Hat,
etc.),
Common
Vulnerabilities
and
Exposures
(CVE)
website,
CERT,
Symantec,
Trend
Micro
and
McAfee,
test
the
solutions
in
a
lab
setup
at
Bangalore
Labs
and
advise
customers
on
the
procedures
for
implementing
in
their
environment.
This
led
to
the
first
hand
updated
information
available
to
customers
before
getting
hit
by
any
preventable
security
incident.
EDUCATION
PG Diploma in Telecom Management Symbiosis Institute of Telecom Management BE (Electronics & Communication) Bhilai Institute of Technology, Durg 2001 1998