Profiles search
Rom Sarpand
Information Security, Senior Technical Lead at Freddie Mac
Herndon, VA, United States
Details
Education:
Master of Business Administration (MBA)
Graduate School of Management and Technology
University of Maryland Global Campus
2009 : 2011
B.S., Information Technology
Information Security and Network Administration
George Mason University
2001 : 2006
Graduate School of Management and Technology
University of Maryland Global Campus
2009 : 2011
B.S., Information Technology
Information Security and Network Administration
George Mason University
2001 : 2006
Experience:
• Business Information Security Leader (BISL), serving as the central Information Security advocate, partner, and consultant for Single Family Division’s Business Technology Office, Divisional Risk Officers and other business division stakeholders. Providing Single Family business with advisory services on security policies, customer security requirements, and regulatory security controls with the objective of minimizing the businesses’ information risk exposure.
• Responsibilities include :
- Providing business stakeholders with insight into all Information Security program components, including : Identity & Access Management, Cyber Security, Governance, Vulnerability Management and technical security solutions.
- Promoting corporate security awareness activities, implementing security awareness concepts and building and presenting security status reports for assigned business stakeholders and executives.
- Supervising risk indicators and compliance with all Information Security program policies, standards and directives.
- Integrating CISO priorities and key program activities into day-to-day business practices and objectives.
- Educate and provide advisory services to business partners to help promote safe Information Security practices and compliance.
- Leverage internal pool of Information Security resources to seek out best practices and build efficiencies.
- Proactively lead risk and control through identification, escalation, and solution development for compliance and audit issue remediations.
2021 : Present
Freddie Mac
Information Security, Senior Technical Lead
• Management of all day-to-day team operations pertaining to Access Certification, responsible for execution of corporate-wide periodic access reviews for Privileged infrastructure access as well high-risk applications using SailPoint IdentityIQ.
• Management of all day-to-day team operations pertaining to Access Management, responsible for the operational support and user access provisioning of approximately 150+ high-risk business applications and 12 core infrastructure platforms.
• Managed all daily operations and access governance activities for identities and accounts, privileged account access, and role and entitlement management.
- Partner with IT Risk Management team and liaise with 2nd/3rd LOD, maintaining relationships and providing visibility of program.
- Work with our risk partners to support issue management using risk assessments to resolve severity of issues, partnering with process owners for the timely development and execution of remediation action plans.
• Review, assessment, benchmark and development of issue remediation action plans for IT programs and technologies within IAM.
- Implement policies, standards, and processes for IAM in support of alignment with overall Enterprise strategy and compliance.
- Provided advisory services to business and technology teams concerning IAM security controls and responded to internal, external and SOX audits and regulator requests.
• Identified gaps/risks in user Joiner-Mover-Leaver processes and created and enhanced IAM processes, automating them where possible to remove manual work that lead to errors of omission and commission.
• Major stakeholder and active participation with IAM Solutioning for successful implementation of newly deployed SailPoint IIQ.
- Strategic management planning for future state Project Releases in support of capability deployments for IAM Transformation.
• Development, communication and execution of new Enterprise-wide strategy for Privileged Access Management (PAM).
2013 : 2021
Freddie Mac
Information Security Manager
• Administration Lead of Information Security Team responsible for facilitation of corporate-mandated, periodic security reviews conducted based on associated risks to corporation’s financial reporting, as regulated by Sarbanes-Oxley (SOX); ensuring compliance with company’s established Information Technology General Controls (ITGC).
• Oversee the timely execution/completion of the corporation’s periodic security recertification efforts surrounding privileged, financially-significant and other “high-risk” user permissions and resources.
• Facilitation of security recertifications encompassing 25,000+ internally owned accounts/resources across 180+ financially significant internally hosted applications/platforms, impacting approx. 75% of the user base.
• Constant communication with internal/external auditors and corporate Risk Management to document and update all required process control objectives, narratives and protocols, ensuring continued alignment with COBIT standards
• Worked with MAC Dev. Team for successful migration of procured IdentityIQ SailPoint Recertification system.
• Worked with Project Management Team to fully document initial project requirements as well as future-state enhancements for implementation of SailPoint Recertification.
• Worked with Risk Liaisons to update control matrices in conjunction with recertification process changes.
• Performed UAT Testing for SailPoint implementation as well as four sub-sequent releases surrounding application enhancements and identified defect corrections.
• Successful implementation of Enhanced Transfer Recertification process and automation of segments of user revocations workflow.
2012 : 2013
Freddie Mac
Information Security Senior
Please refer to Information Security Senior position referenced above for related job obligations and responsibilities.
2010 : 2012
Freddie Mac
Information Security Professional
• Responsible for day-to-day facilitation and timely execution of organization’s Privileged Security Recertifications.
• Primary coordinator between Information Security, Infrastructure Operations and Business Areas to facilitate timely compliance of periodic reviews surrounding privileged and “high-risk” user access certifications.
• Facilitated monthly review and certification of 500+ privileged resources across 12 Infrastructure Components, containing 6,000+ privileged user permissions across the corporation.
• Monitoring, tracking and performance of compliance checks on recertification data and timely coordination of change remediations and access revocations identified during the monthly recertification cycle.
• Provide ad hoc training and articulate security guidelines, policies and standards in regard to team’s three corporate-wide security reviews to internal customers and developers to ensure consistent understanding throughout the corporation.
• Responsible for the creation and constant updating of all procedure documentations for platform data pulling, process review and access requisition for internal auditing controls.
• Congregate with internal and external auditors to document all required process controls and protocols within team narratives, ensuring their alignment with COBIT standards.
• Coordinate/implement department-wide website updates/revisions for Information Security business unit.
• Extensive audit-engagement with internal (IA & Risk Mgmt.) and external (KPMG, E&Y, Deloitte and PwC) audit for the re-engineering of existing ITG Controls as well as remediation of two Significant Deficiencies.
2006 : 2010
Freddie Mac
Information Security Associate
• Responsibilities include :
- Providing business stakeholders with insight into all Information Security program components, including : Identity & Access Management, Cyber Security, Governance, Vulnerability Management and technical security solutions.
- Promoting corporate security awareness activities, implementing security awareness concepts and building and presenting security status reports for assigned business stakeholders and executives.
- Supervising risk indicators and compliance with all Information Security program policies, standards and directives.
- Integrating CISO priorities and key program activities into day-to-day business practices and objectives.
- Educate and provide advisory services to business partners to help promote safe Information Security practices and compliance.
- Leverage internal pool of Information Security resources to seek out best practices and build efficiencies.
- Proactively lead risk and control through identification, escalation, and solution development for compliance and audit issue remediations.
2021 : Present
Freddie Mac
Information Security, Senior Technical Lead
• Management of all day-to-day team operations pertaining to Access Certification, responsible for execution of corporate-wide periodic access reviews for Privileged infrastructure access as well high-risk applications using SailPoint IdentityIQ.
• Management of all day-to-day team operations pertaining to Access Management, responsible for the operational support and user access provisioning of approximately 150+ high-risk business applications and 12 core infrastructure platforms.
• Managed all daily operations and access governance activities for identities and accounts, privileged account access, and role and entitlement management.
- Partner with IT Risk Management team and liaise with 2nd/3rd LOD, maintaining relationships and providing visibility of program.
- Work with our risk partners to support issue management using risk assessments to resolve severity of issues, partnering with process owners for the timely development and execution of remediation action plans.
• Review, assessment, benchmark and development of issue remediation action plans for IT programs and technologies within IAM.
- Implement policies, standards, and processes for IAM in support of alignment with overall Enterprise strategy and compliance.
- Provided advisory services to business and technology teams concerning IAM security controls and responded to internal, external and SOX audits and regulator requests.
• Identified gaps/risks in user Joiner-Mover-Leaver processes and created and enhanced IAM processes, automating them where possible to remove manual work that lead to errors of omission and commission.
• Major stakeholder and active participation with IAM Solutioning for successful implementation of newly deployed SailPoint IIQ.
- Strategic management planning for future state Project Releases in support of capability deployments for IAM Transformation.
• Development, communication and execution of new Enterprise-wide strategy for Privileged Access Management (PAM).
2013 : 2021
Freddie Mac
Information Security Manager
• Administration Lead of Information Security Team responsible for facilitation of corporate-mandated, periodic security reviews conducted based on associated risks to corporation’s financial reporting, as regulated by Sarbanes-Oxley (SOX); ensuring compliance with company’s established Information Technology General Controls (ITGC).
• Oversee the timely execution/completion of the corporation’s periodic security recertification efforts surrounding privileged, financially-significant and other “high-risk” user permissions and resources.
• Facilitation of security recertifications encompassing 25,000+ internally owned accounts/resources across 180+ financially significant internally hosted applications/platforms, impacting approx. 75% of the user base.
• Constant communication with internal/external auditors and corporate Risk Management to document and update all required process control objectives, narratives and protocols, ensuring continued alignment with COBIT standards
• Worked with MAC Dev. Team for successful migration of procured IdentityIQ SailPoint Recertification system.
• Worked with Project Management Team to fully document initial project requirements as well as future-state enhancements for implementation of SailPoint Recertification.
• Worked with Risk Liaisons to update control matrices in conjunction with recertification process changes.
• Performed UAT Testing for SailPoint implementation as well as four sub-sequent releases surrounding application enhancements and identified defect corrections.
• Successful implementation of Enhanced Transfer Recertification process and automation of segments of user revocations workflow.
2012 : 2013
Freddie Mac
Information Security Senior
Please refer to Information Security Senior position referenced above for related job obligations and responsibilities.
2010 : 2012
Freddie Mac
Information Security Professional
• Responsible for day-to-day facilitation and timely execution of organization’s Privileged Security Recertifications.
• Primary coordinator between Information Security, Infrastructure Operations and Business Areas to facilitate timely compliance of periodic reviews surrounding privileged and “high-risk” user access certifications.
• Facilitated monthly review and certification of 500+ privileged resources across 12 Infrastructure Components, containing 6,000+ privileged user permissions across the corporation.
• Monitoring, tracking and performance of compliance checks on recertification data and timely coordination of change remediations and access revocations identified during the monthly recertification cycle.
• Provide ad hoc training and articulate security guidelines, policies and standards in regard to team’s three corporate-wide security reviews to internal customers and developers to ensure consistent understanding throughout the corporation.
• Responsible for the creation and constant updating of all procedure documentations for platform data pulling, process review and access requisition for internal auditing controls.
• Congregate with internal and external auditors to document all required process controls and protocols within team narratives, ensuring their alignment with COBIT standards.
• Coordinate/implement department-wide website updates/revisions for Information Security business unit.
• Extensive audit-engagement with internal (IA & Risk Mgmt.) and external (KPMG, E&Y, Deloitte and PwC) audit for the re-engineering of existing ITG Controls as well as remediation of two Significant Deficiencies.
2006 : 2010
Freddie Mac
Information Security Associate
Company:
Freddie Mac
Years of Experience:
20
Spoken Language:
English, Farsi
Skills
Access, Analysis, Application Security, Auditing, COBIT, Computer Security, Data Security, IAM, Identity Management, Information Assurance, Information Security, Information Security Management, Information Technology, Internal Audit, Internal Controls, IT Audit, IT Management, IT Operations, Management, Network Security, Program Management, Risk Management, Sarbanes-Oxley Act, Security, Security Audits, Security Awareness, Software Documentation, Visio
About
Information Security Manager with broad experience within the Identity and Access Management arena, specializing in Access Certification, User Access Provisioning & Password Credential Management in conjunction with mandated corporate SOX compliance. Engagement areas include the review, assessment, benchmark and development of issue remediation action plans for a number of Information Security programs and technologies as they relate to Identity & Access Management. Particular areas of interest within Information Security include: Information Security Controls and Process Analysis, Application & Security Risk Assessments, Identity & Access Management, Privileged Access Management.
Specialties: Identity Management • Quality Metrics and Reporting • SOX • ITGC Control Structure • Privileged Access Management - PAM
Profile Photo
