SUMMARY:

• Information Security Policies, Processes and Practices for the Enterprise including Technology Risk Management program, Security Baselines, Security Policy Management, Threat and Vulnerability Management, Security Awareness and, Application Security, Key Controls Testing (SOX), Key Risk Indicators, Vendor Security Assessments, Security Monitoring and Event Correlation, Security Risk Assessment, Security Incident Response, LifeCycle Management, Security Architecture and Security Operations among others.
• ITSM, ITIL, FISMA, NIST SP, ISO 27001:2013, FFIEC, COSO - ERM, COBIT, SOX, J-SOX, STIGs, CIS, HIPAA-HITECH, FedRAMP, STRIDE, HITRUST, OWASP, OCTAVE, Cloud Security Alliance, LM Kill Chain, STIX & TAXII, among other frameworks and standards.

TECHNICAL SKILLS:

TECHNOLOGY: Qualys, ArcSight, Palo Alto Firewalls, McAfee Firewall, McAfee Web Gateway, NetIQ, Snort, TrendMicro, Nessus, Nexpose, Metasploit, Control Compliance Suite, BlueCoat, Dragon, Checkpoint, Tuffin, EdgeSite, Cisco Routers, Cisco Switches, SAN, VMWare, NMAP, MS SQL, Citrix Netscalers, MS Visio, IPSec & SSL VPNs, MS ISA Server, SolarWinds, Cisco ACS, MPLS, TrendMicro Products, TripWire, VNC, Cisco ASA, Cisco VPN Technologies, Cisco IPS, Cisco Identity Services Engine, Cisco Network Access Control Technologies, Cisco IronPort Web & Email Security Appliances, Cisco TrustSec Architecture, Cisco SAFE Architecture, Cisco Wireless Products, RSA SecurID, Websense, CVSS, among others.

AUDIT COVERAGE: Remote Access, Boundary Infrastructure, Collaboration Infrastructure, DataCenter Facilities Management, Information Security, Branch Office Infrastructure, Derivatives Core Infrastructure, Equity Order/Trade Capture & Routing Systems, Capacity Management, Change Management, SDLC, DataCenter Operations, Corporate Networks, Platform Infrastructure Audits, Data Storage, etc

PROFESSIONAL EXPERIENCE:

Confidential

IT Security Strategy

Responsibilities:

• Designed, syndicated and implemented the IT Security Strategy for the Bank’s Information Technology
• Built a rolling 3-Year IT Security Roadmap to support the IT Security Strategy for the Bank
• Currently implementing a robust risk focused and prioritized annual IT Security Program based on Industry leading standards geared towards ensuring the security and safety of the Bank’s customers, data, processes and technologies
• Responsible for planning, executing and reporting of the annual IT Security projects that support the IT Security Strategy and RoadMap
• Managing project staff and consultants to deliver on the IT Security project deliverables
• Design and Management of operational IT Security processes and controls derived from the IT Security Strategy such as Vulnerability and Exploits Management, Layered Malware Protections management, Intrusion Prevention management, Firewalls Management, Security Patch Management, Applications & Databases Security Management, Platforms Hardening Management, Security Incidents and Event Management among others
• Presenting & providing IT Security reports and metrics to Executive and various IT Steering Committees
• Liaising with Federal and State regulators, external and internal auditors on examinations and audits of IT Security to ensure a clean bill of health of the IT Security Program, controls and processes
• Drafting, syndication and implementation of IT Security policies, standards and procedures based on Industry standards and frameworks

Confidential

Manager III - IT Risk & Security

Responsibilities:

• Information security strategic risk assessment and reporting
• Implementation of security and risk management projects
• Remediation of technology security deficiencies to realign with industry best practices using a risk based approach that balances cost, functionality, environment and culture
• Security architecture and design review of perimeter networks
• Review and implementation of strategic Security Monitoring processes and technologies
• Application security design, implementation and monitoring controls through SDLC and operational stability
• Review of Vulnerability Management processes and implementation of strategic Life Cycle procedures and tools that in corporate security baselines, patch management, among others
• Cyber security infrastructure reviews and remediation of infrastructure and process deficiencies

Confidential

Sr. IT Security Architect/Engineer

Responsibilities:

• Lead and manage enterprise security architecture design including infrastructure and application security
• Create and maintain enterprise security policies, standards, baselines, procedures among others
• Project manage the deployment and integration of all security solutions and of any enhancements to existing security solutions in compliance with best security practices
• Perform threat assessments and forensic investigation into security incidents and communicate results to senior management
• Supervise, design and execute vulnerability assessments including penetration testing, remediation and reporting of security control risks
• Design and implement security log event collection and correlation leveraging SIEM tools to capture, analyze and action security incidents
• Provide security assessments and input into the application development process (SDLC) and release management
• Design and manage perimeter security components such as the DMZ, ASZ, IPS, Firewalls, DNS, Reverse Proxies, among others leveraging defense-in-depth layering solutions
• Design and manage security incident response for managing malware infections, lost/stolen devices and denial of service through mitigation processes and tools

Confidential

Assistant Vice-President

Responsibilities:

• Analyzing and assessing the risks assumed by IT
• Identifying and evaluating the effectiveness of IT General and Application Controls designed to address those risks
• Providing practical, innovative, and value-adding solutions to issues identified
• Reporting review findings to senior management at local, global functional and Group level
• Collaborating with executives, peers, and subordinates in the furtherance of achieving mutually beneficial outcomes
• Monitoring results, risk and developments in the Investment Bank for the Americas and input into planning decisions
• The ability to identify key risks within a variety of Infrastructure platforms and processes
• Developing and maintaining an effective network of relationships within the bank
• Assisting with pre-implementation reviews, examining business, project and IT risks
• Proven ability to anticipate and provide solutions to complex problems
• Analyzing issues and developing and executing plans that contribute to significant improvements in financial and operational performance, asset management, and risk reductions

Confidential

Assistant Vice-President & Team Leader

Responsibilities:

• Provided customized security solutions within Active Directory for implementing delegation of roles, separation of duties and concept of least privilege by utilizing Microsoft Security Best Practices
• Provided vulnerability management by leveraging Qualys product to identify both threats and vulnerabilities within the bank’s infrastructure and also managing the remediation process
• Managed various applications, databases and OS security issues through the leveraging of various tools such as ArcSight Security and Incident Management tools
• Provided consulting services to other departments with security assessments for their operations and projects in areas such as cryptology among others
• Designed security documents to be used as policies, standards, guidelines and procedures for enforcing access controls in various applications, databases and operating systems
• Managed and coordinated with various teams to ensure a secured network environment by reviewing change requests for various operations and projects
• Performed periodic Risk Assessment as part of Heat Mapping process to identify, prioritize and manage the Bank’s IT Risks
• Managed various audits(SOX, External & Internal) and gap tracking issues with the mandate of resolving the issues and providing long lasting solutions for resolving identified process gaps
• Supervised periodic Penetration and Vulnerability Risk Testing Assessments
• Managed monthly KRI Risk Compilation, Assessment and Mitigation Programs
• Managed and Coordinated Continuous Self Assessment Risk Program
• Planned and coordinated semi-annual Information Security Planning

Confidential

Network Security Engineer

Responsibilities:

• Managed Active Directory Domain Controllers with distributed Global Catalog servers
• Using GPO to integrate various security layered applications such as MS ISA Server 2006 among others
• Building WAN based DNS Servers as bastion servers in a master DNS architecture with secured and hardened configuration
• Building and managing MS ISA Server 2006 Enterprise edition integrated with Websense Security layered applications
• Managed Cisco Pix and Cisco 3000 VPN Devices providing various solutions architecture
• Managed access and providing solutions on Cisco Core switches such as 6500s & 4500s
• Managed Juniper DX Load Balancers and Application Acceleration devices
• Installed and configured various fiber channel switches
• Managed firmware, licenses, patches, etc on the switches to maintain OS security
• Implemented LUN Masking and Zoning on the Fabrics to provide security
• Implemented Disk Groups, VDisks & Hosts on different HP & EMC Arrays
• Implemented storage presentations to cross platform OS
• Integrated VMWare with HP SANs to ensure a robust infrastructure
• Implemented and managed VDisks, Groups & Hosts with Storage presentation to HP MSA & EVA storage devices on the backend
• Installed and configured ESX hosts in a cluster formation on HP Blade Servers
• Integrated VMs on VLANs enabling a robust infrastructure where tools such as VMotion can be employed
• Migrated VMs to different redundant clustered roots

Confidential

Manager - Information Technology

Responsibilities:

• Installed and configured Checkpoint Endpoints on a distributed Windows Platform
• Performed OS hardening of Windows Servers for use with Checkpoint Endpoints
• Used Smart Clients to manage the management server, enforcement points and Policy Editor
• Employed tools such as FW Monitor, cpinfo, ethereal, among others to troubleshoot problems on the firewalls
• Created perimeter DMZs utilizing the enforcement points to separate various traffic into the network
• Provide secured encryption mechanisms for ensuring the integrity and confidentiality of transmissions
• Planned, installed and managed two Active Directory Domain Controllers as failovers for the Agency
• Configured Group Policy to manage User & Software security, domain software delivery and also to provide a locked down client environment
• Created and maintained Active Directory based User accounts for MS Exchange mailboxes
• Configured DHCP and Active Directory integrated DNS
• Installed and maintained Active Directory integrated Exchange environment
• Integrated Outlook Web Access for external access with Secure Socket Layer s
• Integrated AVG Anti-Virus for brick level scanning to patch vulnerabilities and minimize threats to the assets of the Agency
• Installed and configured MS SQL as a back-end server for the Agency’s Intranet web front-end and also the Operations Document Management System
• Maintained database tables ensuring database integrity and security at all times
• Performed backup of the data, log files and also the databases
• Designed, installed and maintained enterprise-wide anti-virus environment for desktops, windows servers and MS Exchange as an overall operations security posture
• Planned and cabled access and distribution layers of the network
• Configured and maintained network switches and routers
• Planned and documented the entire network using MS Visio for Infrastructure layers
• Drafted and implemented IT Security Policy for the Agency and its satellite units
• Documented security best practices for installed applications within the Agency
• Developed in conjunction with development partners (stakeholders) an IT Medium Term Strategic Plan for
• Performed various IT security consulting assignments as per Clients’ requests.
• These requests covered the following practice areas, network security perimeter design using Cisco Devices, Checkpoint Firewall installation, Vulnerability assessments, Security Incident Response, Security Baselines, Security Incident & Event Monitoring, Infrastructure cabling, Enterprise Anti-Virus assignments, Windows 2000/2003 Domain deployment, Windows 2000/XP client assignments, deployment of MS Exchange 2000/2003, Network Security analysis, documentation of Security Best Practices, IT audits, among others.

Confidential

Lead Engineer

Responsibilities:

• Design, implement and manage multiple distributed Checkpoint firewalls on Nokia IP and Windows platforms.
• Built on Nokia IP 330, 560 & 650s on IPSO 3.6 Operating Systems
• Implemented VRRP & QoS for different gateways
• Deployed Horizon Manager to manage both Checkpoint and IPSO components for Nokia IP devices
• Hardened Windows NT 4.0 sp6 & Windows 2000 Server OS for deployment of Checkpoint products
• Migrated CP 2000 modules to NG FP3
• Utilized Voyager, Iclid, few monitor, tcpdump, ethereal and other tools to manage and troubleshoot Checkpoint Firewall issues
• Review existing security modules and Implement new security measures to ensure the security and stability of the site
• Increased the number of Web Servers and their availability at Provider’s Hosted Environment
• Migrated cluster databases to a new and improved cluster platform
• Re-Design Site availability with Akamai EdgeSuite Platform
• Re-design current and future corporate DNS requirements with business objectives supplying the architecture for the new model
• Reviewed and designed Enterprise Wireless Infrastructure implementing the latest security best practices
• Provided Quality of Service implementation for Enterprise Wireless Infrastructure based on new corporate SLAs
• Enterprise Virus Control System Project
• Analyzed, designed and implemented a total virus control system for all segments of the enterprise
• Managed rollout of anti-virus products for over 5000 clients, 250 servers, and various gateways among others
• Reviewed any future requirements for securing the enterprise environment
• Internet Security & Accelerated Servers (ISA) Cluster Project:
• Reviewed and recommended a phased out plan for all existing Proxy servers
• Designed and Implemented an Active Directory enabled array of ISA Servers to provide proxy and security access to the intranet and internet
• Provided new tiered VPN architectures to replace existing RAS platform for corporate users
• Coordinated with corporate vendors to provide secured vendor
• Extranet based on both VPN and web-enabled technologies

Confidential

Lead Technical Consultant

Responsibilities:

• Supervising the building of QuadProcessor Servers for Client/Server implementations
• Supervising the installation and configuration of SQL 7.0 &2000
• Servers for Data Warehouse and OLAP Implementation at various client sites
• Supervising the installation and configuration of Windows 2000
• Family Servers for enterprise level client/server implementation
• Responsible for implementing industry best practices for troubleshooting and streamlining clients environments
• Responsible for resolving and recommending network solutions for all projects being managed by the consulting division among others.
• Provided expertise in the capabilities and limitations of various layered applications and systems
• Provided expertise in the detection, analysis and resolution of problems associated with IP based architectures
• Research and provide technical recommendations on Firewalls, NAT, IP among others
• Provided SQL and Analysis Services system and log analysis and also perform monitoring and database tuning
• Provided security support for new and existing projects and also develop technical documentation
• Communicate technical issues effectively to both technical and non-technical personnel

Confidential

Senior Systems Technologist

Responsibilities:

• Installed and maintained Checkpoint Firewall Servers
• Designed DMZs to implement security modules to protect network communication and more to provide VPN transmission in collaboration with subsidiaries in the Corporate Holding Group
• Installed and configured SQL servers in the organization
• Managed the introduction of new MS SQL servers in the organization
• Maintained Web based ActiveX application (Front-End) which included Crystal Reports, VB files and Stored Procedures
• Performed data updates to the databases on the SQL servers which involve making ODBC calls to the BPCS (AS400) application via
• Access link tables and queries
• Performed data recovery procedures using MS SQL scheduled jobs and ARC Serve database agents
• Planned, installed and maintained messaging servers
• Planned and migrated old production Exchange Servers to new Quad Processor servers without any service interruptions
• Managed Windows NT PDC and BDCs
• Built and managed DHCP & DNS

Confidential

Project Leader

Responsibilities:

• Corporate Builds' imaging with Ghost
• Automated software deployment and packaging
• Establishing, maintaining and documenting hardware and software standards for over 6000 clients. Also designed and wrote technical documents
• Reviewed s with other technical specialists to ensure quality and compatibility with existing products
• Project planning, technical walkthrough and implementation of various client/server applications
• Provided 2nd and 3rd level network support for clients