SUMMARY:

• Accomplished Information Security Compliance, and Governance leader with a solid track record of success in leading business transformation and cultivating cultures of excellence.
• Provides 10+years’ Leadership/Managerial/Consulting experience in Business, IT, Security and IT Governance Risk & Compliance (GRC).
• Deeply experienced working with regulatory requirements (SOX, SOC 2, HIPAA, industry - related security standards, PCI-DSS, NIST 800 series) and frameworks such as ISO 27001/27002/27005 , COBIT, and COSO.
• Excellent knowledge of Service Oriented Architecture (SOA) and Enterprise Service Bus (ESB)
• Experienced and effective in working within a matrix environment with diverse team members.
• Expert problem solver with a track record of building solutions that reduce risk and positively impact a company's bottom line.
• Excels in driving engagement and adoption across the enterprise leveraging a highly collaborative approach.
• “Roll up the sleeves” style of leadership that partners with executive leaders, business units, and IT teams to understand nuances and tailor working solutions that deliver immediate, positive impact.
• Strong leadership abilities; able to coordinate and direct all phases of project-based efforts while managing, motivating, and leading teams.
• An expert in developing and implementing procedures, systems, and software that accurately assess threats, risks, and software security vulnerabilities.
• Skilled in creating holistic security solutions and comprehensive controls that cost-effectively protect the security of the organization.
• Extensive involvement in internal users in Information Security and effective cyber attack response.
• Good knowledge of Cisco PIX, Endpoint security and Gateway Security
• Extensive knowledge of Microsoft Directory, DNS, and vulnerability management.

PROFESSIONAL EXPERIENCE:

Confidential, Austin, TX

Enterprise Information Security Architect

Responsibilities:

• Developed Standard Operating Procedures to support the division’s Information Security Management System adhering to ISO 27001/2 standards
• Provided advice and counsel for decision-making operational planning and information security to the division businesses
• Shared Confidential vision and demonstrate its values; negotiating and counseling at the expert level the justification for technical controversial positions, and consult with management to set short-term strategic technical direction
• Developed and deliver secure coding to meet PCI compliance requirements
• Developed and deliver awareness to support customer privacy and protection of customer data
• Responsible for managing staff, developing policy/standards, risk management, web application security, security /awareness, security operations and Application Security Incident Response
• Developed information security roadmap providing IT strategic alignment and process enhancement for stakeholders
• Developed the MVSS’s software security assurance program to align with the mission of MVSS optimizing the end-to-end business processes that were harmonious and coherent to senior management
• Developed Enterprise Risk Management which educated senior management on all known information risks, which in turn drove prioritization and spending.
• Developed numerous policies to support the requirements for MVSS’s Minimum Baseline Standards which were adopted.
• Responsible for the upgrade of the Time Reporting database, work that includes OLTP Database as well various reporting data marts, Data warehouse, providing data feed to various groups.
• Evaluated cloud service providers for FBI CJIS requirements to meet public safety applications to be hosted in the cloud.
• Ensure that project team consider the full spectrum of security requirements for cloud hosting

Confidential, San Diego, CA

Lead Information Security Analyst

Responsibilities:

• Developed the company’s software security assurance initiative (SSA). This involved deployment of web application firewall technology and process development to align with SDLC.
• Provided input to Enterprise Risk Catalog which educated senior management on all known information risks, which in turn drove prioritization and spending.
• Provided input to bi-weekly security vulnerability and security patch meetings recommending action plans

Confidential, Bellevue, WA

Senior IT Consultant

Responsibilities:

• Laid the groundwork for continuing improvement in security.
• Assisted developers in the resolution of application security issues. Reviewed software source code and worked with software development teams to improve secure software development practices.
• Developed procedure that accurately assessed threats, risks, and software security vulnerabilities.
• Conceived and created security test plans for computer security incident response, systems penetrations tests, and systems security audits.
• Created metrics used to assess risks.

Confidential, Seattle, WA

Consultant

Responsibilities:

• Set the foundation for continuing improvement in IT security.
• Conducted GAP analysis to determine the sufficiency of security measures.
• Developed procedures for system security audits and penetration tests using Metasploit, and vulnerability assessments using WebInspect to document the findings.
• Introduced Next Generation Incident Management program for large software manufacturing firm. Assisted in global process reengineering and analyzed MSCRM 3.0 out-of-the-box functionality.
• Upgraded data access and storage for leading Media Company.
• Revitalized internal sales/marketing programs by transitioning to MS CRM. Developed CRM security roles.
• Performed tuning of SQL query, batch jobs, optimizing batch process as well tuning various ETL jobs.

Confidential, Bellevue, WA

Consultant

Responsibilities:

• Positioned the company to conduct faster and more efficient testing. Developed methodology to identify manual tests that were best suited for automation.
• Developed SQL procedures to test ONYX Backend procedures and application enhancements.

Confidential, Redmond, WA

Software Test Engineer - Test Lead

Responsibilities:

• Set the foundation for continuing improvement in security. Participated in development code reviews and information security policy reviews and threat analysis.