SUMMARY

Over eighteen years of experience in the IT sector with an emphasis on IT security and Information Security. Security experience includes identity management, security architecture, vulnerability management, IT audit, risk assessments, application security, incident response, and policy development. Established an Information Security security program and led the implementation of ISO 27001. Established an IT audit program and formulated a risk-based strategy for assessing security controls. Centralized incident response activities to cost-effectively eradicate malware. Throughout career, developed Security policies in adherence to industry best practices and a company's risk tolerance. Holder of numerous certifications including CISSP, CISM, CISA, CRISC, and CEH

PROFESSIONAL EXPERIENCE

Responsibilities

• Provides leadership and strategic direction for the function, ranging from planning and budgeting to motivational and promotional activities expounding the value of information security
• Liaison with and offers strategic direction to related governance functions such as Physical Security/Facilities, Risk Management, IT, HR, Legal and Compliance plus senior and middle managers throughout the organization as necessary, on information security matters such as routine security activities plus emerging security risks and control technologies
• Direct Information Security risk management efforts to include the assessment of risk, creation of control objectives and the implementation of controls
• Direct the preparation and authorize the implementation of necessary information security policies, standards, procedures and work instructions
• Lead the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies and FDA regulations

Confidential

Vice President and Deputy CISO

Responsibilities

• Identify the vulnerabilities that may affect information assets and implement cost-effective security and risk management practices that function to minimize or eliminate their effects on the company's systems/applications/networks
• Provide information security interface to the business continuity plan/program for the company's data, information, and assets
• Provide and maintain technical expertise on security aspects of systems, applications, and networks currently resident to include emerging technologies
• Use DHS security clearance to participate in Cyber Security Threat Intelligence briefings for the financial community
• Manage receipt and dissemination of internal/external threat intelligence
• Review system development, maintenance and acquisition efforts to ensure efficient and adequate security controls
• Act as liaison with auditors regarding their role in information security policies, procedures and audit compliance
• Establish and maintain the security awareness program to include consistent threat updates on phishing attacks
• Manage security operational monitoring of IDS/IPS, Antivirus, Web Filtering, SIEM, and all system access-controls
• Direct Incident Response program to include tabletop exercises, management of incidents and lessons learned, and annual review of policies, procedures and work instructions
• Routine line management and leadership of staff within the Information Security Management function
• Leadership and strategic direction for the function, ranging from planning and budgeting to motivational and promotional activities expounding the value of information security
• Liaison with and offers strategic direction to related governance functions such as Physical Security/Facilities, Risk Management, IT, HR, Legal and Compliance plus senior and middle managers throughout the organization as necessary, on information security matters such as routine security activities plus emerging security risks and control technologies
• Direct Information Security risk management efforts to include the assessment of risk, creation of control objectives and the implementation of controls
• Direct the preparation and authorize the implementation of necessary information security policies, standards, procedures and work instructions
• Lead the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies and FFIEC regulations

Accomplishments

• Implemented Phase II of ISO 27001 ISMS Information Security Management System to organize security management functions and create a consistent methodology for the assessment of information security risks
• Managed the upgrade of a SIEM solution to receive events globally from all assets
• Planned and implemented a Vulnerability Management program to consistently assess system and application vulnerabilities
• Planned and implemented a User Entitlement access recertification program for the continual review of user entitlements
• Streamlined RSA token on-boarding process for 3000 customers
• Replaced outdated Web Filtering solution to provide additional preventive controls for employees using internet resources

Vice President

Confidential

Responsibilities

• Create annual risk-based audit schedule and align with IT projects
• Update all active action plans for active issues to be reported for quarterly audit committee meeting with owner banks
• Supervise an IT auditor responsible for conducting IT operational application audits
• Create monthly IT audit report for CEO and attend quarterly audit committee meetings
• Execute the audit process on a wide variety of computing environments and computer applications and accurately interpret results against defined criteria
• Apply internal control concepts in a wide variety of information technology processes and appropriately assess the exposures resulting from ineffective or missing control practices
• Utilize the following tools to uncover vulnerabilities and assess threats: GFI Languard for Windows Wikto and Nikto web scanner for Windows and Unix, Wireshark network sniffer and Nmap port scanner Metasploit penetration testing framework Cain Abel password recovery tool.

Accomplishments

• Installed Paisley AutoAudit to automate the audit process
• Installed Risk Watch to create a qualitative/quantitative risk assessment of each audit and assess FFIEC compliance
• Completed the following technical audits: FTP, web servers, imaging application, switches/routers SSL VPN appliance, IPS appliances, IDS server sensors, ISP service level agreements, remote data center physical audit, external and internal access-control, desktop firewalls, internet access and email security.

Confidential

Network and Security Manager

Responsibilities

• Developed a 5-year plan for designing network and security infrastructure which includes depreciation of assets and the development of new technology
• Worked with CIO on creation and management of IT Security policies and procedures
• Worked with HIPAA Coordinator on compliance with HIPAA security standards
• Adhered to Performance Excellence program Baldrige by helping employees align their personal goals with department/organizational goals
• Managed operational/capital budget
• Created metrics for departmental indicators to guide employees to success
• Maintained network device inventory, managed all data/voice wiring, and designed and implemented new data closets
• Utilize risk assessments to modify configurations based on security best practices

Supervised one Network Engineer

Accomplishments

• Created a formal security program with CEO and CIO approval which included a high-level security policy, procedures for security hardening of IT assets, security awareness for all employees design of enterprise Intrusion detection/prevention project for the infrastructure, servers, and desktops.
• Configured, installed, and managed Cisco switches Catalyst 3524, 3508, 3550, 2950, 4006, 6509 and routers 1600, 2500, 2600, 3600, 3700
• planned and implemented Veritas enterprise backup solution for Novell, Microsoft and Unix servers
• planned and implemented desktop upgrade to Windows XP planned and implemented new IP subnet structure using DHCP and VLANS
• VPN Cisco Concentrator 3030 administration used CiscoWorks to manage Cisco devices
• periodic upgrades of all Cisco switch and router IOS used CiscoSecure ACS to authenticate switch, router and VPN login
• Installed Cisco MDS9216 Fibre channel switches and managed SAN installation of two EMC CX700 Clarion's
• managed Active Directory upgrade Installed Juniper SSL VPN device
• Installed Cisco WLSE for wireless network management.

Confidential

Technology Services Manager

Responsibilities

• Supervised four Server Administrators, one Network Engineer and five Desktop Support Technicians
• Conducted performance evaluations by assessing progress on key performance outcomes
• Managed network device/desktop inventory
• Managed operational/capital budget for desktops, servers and infrastructure equipment
• Designed and implemented new data closets and managed all data/voice wiring

Accomplishments

Successfully merged two technology teams Desktop and Server that had issues with workflow, personality traits and the organization of responsibilities

Network Manager

Confidential

Responsibilities

• Supervised three Server Administrators
• Conducted performance evaluations by assessing progress on key performance outcomes
• Managed network device inventory and operational/capital budget
• Network infrastructure design and planning

Accomplishments

• Upgraded Sidewinder Firewall to a Cisco PIX
• Planned and implemented an enterprise upgrade of network gear using Cisco switches and routers
• Administration of ten Microsoft NT 4.0 servers, four Novell 4.11 server and thirty WIN2000 servers
• Implemented NT PDC, BDC and WINS CSU/DSU configuration planned and installed an upgrade of Netscape mail to Novell Groupwise 6.0
• Installed Cisco VPN 3030 Concentrator and the VPN3002 hardware client
• Installed Ciscoworks to manage Cisco devices
• Upgraded Proxim wireless to Cisco/Aironet 340/350/1200 series
• Upgraded all Cisco Catalyst IOS to 12.0
• Configured, installed, and managed Cisco switches Catalyst 3524, 3508, 3550, 2950, 4006, 6509 and routers 1600, 2500, 2600, 3600
• Installed and configured CiscoSecure ACS to use the Novell NDS database for outbound internet authentication.

Senior Network Administrator

Confidential

Responsible for providing technical support for the LAN/WAN and all Novell Servers

Accomplishments

• Upgraded 3.1 Novell servers to Intranetware 4.11 to prepare for y2k
• Designed and implemented Novell NDS
• Administration of Secure Computing Sidewinder firewall and Netscape email server
• Converted all print servers to NDS and installed Arcserve on all servers

Confidential

Lan Administrator II

Responsible for the Network Administration of a 700 user LAN

Accomplishments

• Upgraded all Netware 3.12 servers to Intranetware
• Created and managed NDS tree and convert all print servers to NDS
• Installed and troubleshot all network supported software
• Responsible for physical installation of servers and peripherals
• Provided communication and connectivity support.

Confidential

Network Administrator

Responsible for managing securities and administration for a Novell 4.0 Network

Confidential

Systems Operator/Telecommunications Support

Provided technical support for Operations and Telecommunications

Confidential

Provide writing guidance for MIS Programmers and Telecommunications Specialists

SKILLS

Identity Management IAM , hard/soft one-time password tokens, LDAP, Risk Assessments and Vulnerability Management Applications, Network, Business Processes , PCI security assessments, SDLC, IT Security Policy development, ISO 27001 and ISO 27002, NIST Cyber Security Framework, Cryptography, Mobile Security, Data Loss Prevention DLP , Project Management, TCP/IP, Ethernet,

TOOLS

Nmap port scanner, Nessus, NetStumbler, GFI Languard, Wikto and Nikto web scanner, Canvas Exploit application, John the Ripper, Cain Abel, Snort IDS, Wireshark, Metasploit, Websense, Symantec SEP, RSA tokens, Risk Watch, RSA Archer