Beverly Burnett Roberts

[email protected]
845-492-0314

Professional Summary
A liaison, single point of contact and decision maker for external clients, vendors, internal
partners, stakeholders, business partners, offshore resourcing partners, technical/operations
teams, legal governmental/regulatory and auditors.
Data Architecture design for data analysis, validation, AI analysis, and
classification/frameworks.
Design the migration process for data sources to cloud utilizing SQL/Non-SQL solutions.
Certified Block chain Implementer, Smart Contact requirements vetting and DLT security
architecture.
AI data analysis tool selection and implementation processes. Master data manager for global
data life cycle, data categorization related to US & global regulatory standards/laws.
Currently guiding clients through Cyber/Info Sec policy, risk assessments, design of enterprise
security architecture and policies for on-prem to cloud hybrid landscapes and multi cloud.
NIST 800-171 and COBIT compliance, application security reviews.
Sec Ops process, oversight, with vetting and implementation of secure asset protection
processes and policies.

Professional Experience
McKesson September 2023 to
Present
Technical Program Manager for SSO/MFA/IAM/ Adoption - US Oncology
Data management, vetting and data classification for full data and data privacy life cycles.
Creation of identity standards.
Implementation of Active Directory, SMAL, SSO, MFA via OKTA IAM solutions and federated
identities for research organizations, large pharmacy providers and internal applications.
Thirty thousand Citrix users, twenty-five thousand MS O365 users, 250 PeopleSoft users along
with other 40 enterprise applications with more than McKesson clients, pharmacies, medical
practices, universities research partners and data subscribers. Role base access controls were
implemented for each client. Transition requirements for Entra ID for Azure AD.
Collection, verification, and migration of user data from Active Directory (AD)/Entra ID, Mongo
DB, Sales Force and CSX files. Azure Communication services as part of Office 365 GCC High.
Managed DNS translation/ resolution and endpoint security.
Conducted the initial application security reviews, application data quality analysis of active
directory, OKTA sign in widget customizations, and working sessions for OKTA tenant
configurations in all tenants.
Managed the development teams for all applications code improvements, change management,
bug fixes and overall configuration requirements for the application environments, Dev Ops,
SIEM reporting. Implemented SSO and federated identities for DDI, oncology research
partner.
Implemented MFA using OKTA and Strata for UCLA, Yale, other research organizations, clinics
and private practices.
Managed domestic and internationally based technical resources in USA, India, Ireland, Poland,
and Mexico, from IBM, E&Y, OKTA professional services, McKesson Dev OP and Support
Services.
Cyber Security and IAM maturity at the organization as co-chair of the project artifacts and
documentation creation committee.

Kraft Foods/IBM April 2022 to August 2023

Technical Solutions & Security Architect for IAM/PAM/ SIEM Adoption
Implementation of CyberArk PAM globally.
Reconfiguration and expansion of F5 footprint to bolster MS Azure AD/LDAP functionality,
access and redundancy for US and Canadian tenants. Required security operations coordination
with internal and external resources for the identification and assessment of all on prem and
cloud assets.
RSA Archer is used for the entry and tracking of security risk identification, assessments,
remediation processes, audit, compliance and overall security review processes. Business,
regulatory and compliance reporting generated for the RSA Archer tool for regulatory and
policy compliance. Implemented the Archer, Saviynt workflows for GRC transparency and
compliance.
Manager the parallel cutover with CyberArk/IBM resourcing and issue remediation/escalation
process.
While navigating a changeover of global support service vendors.
Managed the creation of login pages, customer registration process, profile development and
migration, MFA, IAM, identity management reporting, automation workflows.

OKTA August 2021 to April

2022
Technical Project Manager IAM Adoption
Implemented projects for DOD contractors in an Org-to-Org transfer of OKTA accounts to
facilitate the merger of Peraton & Perspecta. Lead the team for enterprise/commercial
configuration of OKTA, OIN Active Directory, OIN Radius, API configuration, customization of
Login pages, customer registration process, profile development and migration, MFA, IAM,
identity management reporting, automation workflows.
Implemented OKTA Adaptive MFA, OIDC, adoption of OKTA for MS 365 environments and as
well as the introduction of OKTA and MS Azure for client.
Responsible for migration of 20 thousand plus profile imports, working with both Peraton &
Perspecta technical teams to define the new architecture, policies and procedures for post-
merger OU’s, roles alerts, monitoring, audit logs, log capacity and reporting.
Managed the security operation process and coordination for internal/external partners for pre-
production vetting, confirmation of production release requirements and day two support hand
over. Acted and OKTA systems engineer for several clients.
Lead working sessions for initial analysis, define the effort for Epics/Stories/Features,
conducted deep dive analysis of current state to create project plans, implementation plans and
OKTA engineering involvement in new feature development and client level issue resolutions.
Collaborated closely with client project managers, security and SiteMinder teams to define
POC’s, customizations, globalization, OKTA Verify, OKTA Dashboard and onboarding schedules
of applications.

Bank of New York Mellon June 2019 to January 2021

Technical Manager IAM Adoption & Infrastructure
Manage on shore and offshore resources implementing; Single Sign On (SSO), Multifactor
Authentication (MFA), Global User ID, Centralized Authentication, Credentials as a Service
(CaaS) for internal BNY Mellon users, partners, affiliates, and users external to the bank.
GRC risk analysis was conducted to guarantee compliance with, policies, procedures and
global/regional protocols for weekly reporting and risk tolerance reviews with global
management and regulatory authorities. Master data managed by system architects and
implemented as part of project.
Provided security model guidance based on NIST, ISO 2700 as well as DLP, GDPR and PDPA
regulations as part of the build out of the SecOps support for the project. Trained the systems
engineering team on new policies, workflows and endpoint security requirements
Implemented a security model to guarantee compliance of all windows servers and application
globally via customized development or the use of API’s and IAM, ICAM solutions to evaluate,
configure, test and productionalize, first SSO, then MFA and finally integrate IAM into SIEM
solutions for increased monitoring, pattern analysis, anomaly reporting.
As Data Architect designed a data science education aids and training path for the client.
Designed and implemented data analysis standards, data visualization and classification,
frameworks.
Currently working directly with Risk Management and Legal team to implement security
controls and provisioning / deprovisioning policies and processes across current IAM platforms
and business entities for BAU cyber security.
Once identity data stores were identified my team implements an evaluation and assessment
process to map current stores to our future state security goals and models.

KPMG, Woodcliff Lake, NJ January 2019 to March

2019
Lead Application Security Architect for Global Audit & Business Data Analyst
Conducted information security reviews for infrastructure, systems and applications for KPMG
MS Azure global environments based on NIST, ISO and CIS frameworks.
Provided data privacy, DLP and security recommendations for IaaS, SaaS and PaaS Solutions
Determined the risks, assessed vulnerabilities, used FoD scans and VSTS code review details in
the authoring of Security Risk Assessments (SAR), Authorization to Operate, ATO
Full cyber security and application-level risk assessments were conducted on a published
schedule for GRC, audit and legal compliance mandates.
Provide quality assurance (appraisal and approval) of security deliverables, to include revising
and drafting test plans, security specification reviews and standards, and technical
documentation.
Conduct the review of applications from a security and privacy perspective; review and
contribute to company IT Standards used in the solution security review process and provide
security recommendations and better practices regarding secure software development in
waterfall, agile and DevOps methods.
Managed the architecture and system requirements for firm wide and client master data
management processes, policies, lifecycle and regulatory compliance.
Managed review of current state networks, implementation of new internal subnets, ACL, IP
addressing schemas.
As Data Architect designed a data science education aids and training path for the client.
Designed and implemented data analysis standards, data visualization and classification,
frameworks.
Reviews of documentation and processes/policies for implementing Cyber Security Audits, to
assist clients with the implementation and auditing of SSO, MFA, SIEM, ICAM and PAM
solutions.
Work with others in the Information Protection Group on ongoing or new information risk
activities, designing process and training requirements of the team. Partnered with legal on
contact, license and vendor life cycle management.
The migration of applications included HR, SAP, Oracle, accounting and auditing applications.
Integrated full SDLC process for each application as per client or business unit policies.
BR/DR and incident management process were designed into all system deliverables.

iptiQ, Armonk, NY November 2017 to March

2018
Sr. Consultant Information Security & Infrastructure Programs
Senior IT Consultant reporting directly to the CTO, for the implementation of the UAPI product
offering and all the Info Sec and Infrastructure, architecture and components necessary for
delivery of the initial foundation modules for this startup organization.
Integration, analysis and definition of high-level security policies and processes, based on NYS
DFS 500, GDPR, current SwissRe security policies, platform and industry standards. NIST, CIS,
COBIT & ISO frameworks.
Incident vetting, reporting and analysis session were conducted on a bimonthly basis for
management review, policy development and configuration.
Endpoint security, data protection (DLP), GDPR, HIPPA, data at rest, data in transit, MS Azure
Security, NSG, NVA, IAM, WAF Next Gen Palo Alto configuration and roll out. Vulnerability
scanning, risk, usage and alerting monitoring, patch and release management.
Managed the Pen Testing process from the selection process, SOW definition, granting/revoking
of access credentials and the post testing findings reviews as well as the remediation and
retesting/confirmation tasks. Utilized Salesforce GRC and SharePoint to manage the global risk
registry.
Defined, authored and submitted to local iptiQ and global SwissRe management the iptiQ
Access Management Policy.
Prepared supporting documentation and completed numerous HIPPA, NYS DFS 500, Info Sec,
SwissRe and vendor security evaluation, questionnaires, and compliance surveys.
Implemented the IptiQ security portfolio for all cyber security programs and projects related to
MS Azure, Palo Alto, regulatory compliance, risk management, solution architecture and
delivery.

CLS Bank International, New York, NY April 2017 to

October 2017
Sr. Business Analyst Security Architecture & Security Projects
Implemented Global IT Security Architecture as a service (ITSA) program, ensuring compliance
with the newly redefined IT Security policies for US federal and international FX) regulatory,
CLS Legal, business requirements and new product security reviews. Managed security
relationships with CLS business partners, third party service providers and vendors
security/compliance evaluations and audits.
As the initial point of contact for the IT Security Architecture team I conducted the initial
triage, project analysis and assignment of IT Security Architecture resources to each CLS
project.
Managed review of current state networks, implementation of new internal subnets, ACL, IP
addressing schemas.
Insured that all vendors were evaluated by CLS IT Security Architecture as part of functionality,
security, legal and infrastructure readiness surveys and CLS Audit Control mandates.

Estee Lauder Company, New York, NY April 2016 to

February 2017
Sr. Infrastructure/Technical Program Manager for Transformation
Currently overseeing all aspects of the global deployment of VoIP, Skype for Business, Lync
migrations, Network & Security upgrades and Data Center Infrastructure build out for 135 sites
in 35 countries for Estee Lauder.
Worked closely with the client to build a comprehensive site analysis, resource and deployment
plan to coordinate infrastructure upgrades, Lync 2010 migrations, Office 365, Skype for
Business and training, this included coordination of IVR, CSP, SIP, DID Audio Codes and
licenses, Server Site SQL, SaaS, MS Best Practices for hardware/software configurations and
metrics. Centralized telephony platforms, RTC Standards across multiple brands and product
lines.
Managing PMO, Technical and Vendor resources for APAC, EMEA, North America, Latin
America, for HCL, Net Call, AT&T, Telstra and SunGard. This was critical in providing
infrastructure, network and security services globally.
Single point of escalation for all internal and external communications, issue resolution to client
senior management.
Implemented virtual servers using VMware in APAC, EMEA and North America data centers to
support collaboration tools, telephony, IVR and SaaS deliverables.

CREDIT SUISSE, NEW YORK NY, NY December 2015 to

May 2016
Sr. Analysist & Project Manager CCAR Testing & Reporting
Focused on the development of an overall testing platform for CCAR related data intake, stress
modeling, data flow and the eventual production of CCAR reports.
Implemented the transition of Testing and QA resources from HP Quality Center to ALM.
Managed the CLM and contract review processes, for tools, services and partners to insurance
cyber security, GDPR, CCPA, NYDFS and adherence to corporate standards and processes. For
both US domestic and international programs.
Responsible for garnering approval for all vetted & prioritized change requests, distributing
communications related to each testing release for the impacted environments & regions.

DEUTSCHE BANK, JERSEY CITY NJ May 2015 to

December 2015
Sr. Project Manager & Analyst CCAR
Lead Analyst for Legal Entity Creation and Infrastructure Reassignment
Oversaw the build out of the CCAR Legal Creation and Project Management Organization, for
the $1.6 Billion-dollar outsourcing effort.
Partnered with the Deutsche Bank's HR, Communications, Legal, Branding, Client Services, and
all in-country regulators to ensure the transition of assets and personnel was consistent with
local and international employment laws, taxation laws and trade treaties.
Participated in twice daily SCRUM calls to insure the identification of risks, issues, and their
remediation paths.

CITI GROUP, NEW YORK NY, NY May 2014 to

May 2015
Senior Analyst CCAR and Technical PM for Commercial Retail Risk
Evaluated the related risks, generation of remediation plan for all business, IT programs,
initiatives and projects that are required to bring CITI Group into compliance with the 2014 and
2015 US ST/CCAR mandates under DFA Sec 165.
Implemented robust processes for Capital Optimization and compliance for Wholesale
environments.
Integrating Credit Markets, Operational Risk calculations, analytics and regulatory reporting
Tracking all requirements, deliverables and change requests related to Basel & CCAR
integration of Business Submissions and Accounting Feed Data for Retail divisions. Managed
CLM, in country legal requirements vetting, contracts and client tools.
Development and implementation of single platform for the support of CCAR regulatory and
compliance reporting.

EXPRESSCRIPTS, Franklin Lakes, NJ July 2013 to

February 2014
Senior Technical BA & Infrastructure Program Manager for DOD and POS Programs
Implemented 5 Government Health Care programs for Department of Defense (DOD) and
Medicare plan participants and in-pharmacy Point of Sale (POS) systems. The new business
models required a review of all insurance programs, pharmaceutical distribution and supply
chains and drug interaction review & consultation requirements.
Manages production to QA migration and anonymization of all QA data for in-flight projects
issue resolution for all US Government regulation changes implemented on January 1
AMERICAN INTERNATIONAL GROUP, Jersey City, NJ July 2012 to
July 2013
New York Life Insurance Company, New York, NY March 2011
to July 2012
Credit Suisse, New York New York, NY February 2010 to
March 2011
Global Program Management & Analysis for Investment Banking Provisioning System
Development
JetBlue Airways, Forrest Hills, New York, NY September
2008 to January 2009
Senior Technology Project Manager JP Morgan Chase, Brooklyn, NY November
2007 to June 2008
Senior BA & Project Manager Capital One, Richmond, VA March
2004 to October 2006
Senior Project Manager & PMO INTROCOMP, NEW YORK, NY July 2001 to
March 2004
Project Manager & Principal Trainer MERRILL LYNCH, (Global Systems Deployment),
New York, NY March 1997 to March 2001