Hemal Shah | KPMG | US
close
Share with your friends

Hemal Shah

Director – Cyber Services

KPMG in the U.S.

Hemal is a Director in KPMG’s Cyber Services practice with more than fourteen (14) years of Information Security advisory and industry experience. He has a strong background in delivering Identity & Access Management strategy, transformation and implementation projects.

Professional and Industry Experience

Hemal holds a Bachelor’s of Science in Computer Networking and a Masters in Information Security Management. Before joining KPMG, he worked for Citigroup as a Security Incident Response Specialist, leading remediation efforts to threats and attacks against Citigroup or any of its subsidiaries around the globe. Prior to joining the firm, he worked for Ernst & Young providing professional services to clients.

Assessment & Strategy Projects

Global Reinsurance Company – Identity Management Strategy

  • Led an identity management strategy project to assess current state, identify key gaps against industry and peers, and develop a sustainable strategy that meets the organization’s business needs.
  • Assessed current state and designed a 36 month road map for implementation a mature IAM Program across the enterprise that included technical & business implementation plan, resource needs, budget required, and business case.
  • Presented findings and roadmap to C-Suite to obtain program and budget approval.

Human Resources & Outsourcing Company – RBAC Strategy

  • Served as the Technical Lead for a Human Resources and Outsourcing Company in developing a strategy to implement Role Based Access Control (RBAC) across the enterprise.
  • Assessed current state and designed a 36 month road map for implementation of RBAC across the enterprise that included technical & business implementation plan, risks, and assumptions.
  • Created an application catalogue of entitlements and roles, documenting technical requirements for each source system, assisting the client in understanding methodologies and basic RBAC concepts.

Global Insurance Company – Identity Management Strategy

  • Led a Global Identity & Access Management vendor implementation to assess gaps and identify areas of improvement.
  • Reviewed global IAM design and solution’s architecture, custom development processes, business transition process(es) related to ITIL, and operational readiness.
  • Observations and findings of the assessment were documented and shared with global CISO and the organization’s steering committee.

Insurance & Annuity Company – Identity & Access Management Assessment

  • Assisted in performing a Logical Access Assessment engagement to understand current state across the enterprise.
  • Developed current state gap analysis and developed capability maturity model.
  • Developed and recommended 36 month remediation road map to close gaps and improve process efficiency.

Program Delivery, Transformation & Implementation Projects
Freddie Mac

  • Lead a team executing an Identity & Access Management Strategy for a large assessment management’s company
  • Lead a team through the planning, vendor selection, and implementation of a Privileged Access Management solution. This includes requirements, design, architecture, and implementation.
  • Lead a team in defining operational processes and Target Operating Model for the organization to sustain their Privileged Access Management Program.
  • Lead a team in additional account discovery efforts and conducted gap assessment against their implemented SDLC and Change Management processes to identify areas of improvement and provide recommendations against leading practices.

Asset Investment Company

  • Lead a team executing an Identity & Access Management Strategy for a large assessment management’s company
  • Lead a team through the planning, vendor selection, and implementation of a Privileged Access Management solution. This includes requirements, design, architecture, and implementation.
  • Lead a team in defining operational processes and Target Operating Model for the organization to sustain their Privileged Access Management Program.
  • Lead a team in additional account discovery efforts and conducted gap assessment against their implemented SDLC and Change Management processes to identify areas of improvement and provide recommendations against leading practices.

Re-insurance Company – Privileged Access Management Strategy, Implementation, continuous assessments

  • Lead a team to define a global Privileged Access Management strategy by conducting a discovery, prioritization, and risk ranking exercise.
  • Lead a team through the planning, vendor selection, and implementation of a Privileged Access Management solution. This includes requirements, design, architecture, and implementation.
  • Lead a team in defining operational processes and Target Operating Model for the organization to sustain their Privileged Access Management Program.
  • Lead a team in additional account discovery efforts and conducted gap assessment against their implemented SDLC and Change Management processes to identify areas of improvement and provide recommendations against leading practices.

Global Insurance Company – Device Access Control (DAC) Implementation

  • Project managed and leading a global implementation of DHCP, DNS, and IPAM implementation.
  • Architecting the solution to replace existing DHCP & DNS infrastructure, deploy device registration portal(s), and integrate with current Mobile Device solution across the North America.
  • Assisting the vendor in developing the implementation plan and approach. This includes business socialization, communication, and obtaining buy-in from key stakeholders.

Global Insurance Company – Privileged Password Management (PAM) Implementation

  • Project managed and led a team in implementing a Privileged Password Management solution across the globe to enhance the management and monitoring mechanisms of administrator access to key financial systems.
  • Led the efforts to socialize across the globe, architecture design, implementation cyber operations and end user training, and business process re-engineering.
  • Executed the implementation of 13,000 Windows & UNIX servers in the PAM solution across the globe.

Global Insurance Company – Unix Authentication Services Implementation

  • Project managed and led a team in implementing an enterprise solution to integrate UNIX authentication with Active Directory for improved compliance and security.
  • Led the efforts to socialize across the globe, architecture design, implementation cyber operations and end user training, and business process re-engineering.
  • Executed the implementation of 2,000 UNIX servers in Active Directory solution across the globe.

Agriculture Company – Identity & Access Governance Implementation

  • Served as the technical lead in the implementation of an access governance solution to centralize the access recertification process to critical applications across the organization.
  • Determined gaps from in existing business access recertification process and recommended remediation procedures.
  • Developed an implementation roadmap to integrate other applications into the access governance solution.

Consumer Insurance Company – Identity & Access Governance Implementation

  • Served as the technical lead in the implementation of an access governance solution to centralize the access recertification process for UNIX systems.
  • Developed an implementation roadmap to integrate other UNIX applications into the access governance solution.

Agriculture Company – Identity & Access Governance Implementation

  • Served as the technical lead in the implementation of an access governance solution to centralize the access recertification process to critical applications across the organization.
  • Determined gaps from in existing business access recertification process and recommended remediation procedures.
  • Developed an implementation roadmap to integrate other applications into the access governance solution.

Manufacturing Company – Identity & Access Governance Implementation

  • Served as an Identity and Access Management Technical Lead to assist a vendor with the design and implementation of an Access Governance solution into the client’s environment.
  • Analysed current state of roles, assisted the business in designing new roles, and advised the client on developing role management methodologies and best practices into the organization.

Program Development
Entertainment Company – PCI Compliance Services

  • Led a team engaged in designing a PCI program that included technology controls, redesigning processes, and interfacing with client and PoS vendors to close identified gaps.
  • Developed an implementation roadmap for controls over applications and business processes related to PCI requirements.
  • Assisted the client with preparing process(es) and control documentation for QSA review.

Technical Skills

SailPoint Identity IQ, CyberArk, BlueCat IPAM Suite, Xceedium, Oracle Identity Suite, MobileIron, Quest’s TPAM (PSM, PAR, PCM), Quest’s Authentication Services, RSA Aveksa Compliance and Identity Manager, QualysGuard Vulnerability Manager, Active Directory, SQL, Linux/Windows

Education and qualifications

  • QualysGuard Certified Specialist

  • M.S in Information Security Management from Stevens Institute of Technology

  • B.S in Computer Electronic Networking from Eastern Kentucky University

Accreditation

  • Hemal is a team member of KPMG’s Information Protection Services specializing transformation and implementation projects.

Professional Associations

  • International Association of Privacy Professionals

  • Information Systems Audit and Control Association

Publications
Load more
Connections
Load more

Connect with me

 

Request for proposal

 

Submit