PROFESSIONAL SUMMARY

• Under the direction of the Chief Information Security Officer and the corporate board:
• I lead the design and development of comprehensive security and risk programs.
• I build security strategies dat aligns business risk wif development strategy
• I identify, promote, and architect security solutions dat advance the business in a quick, secure and risk aware manner.
• Python, Perl, .Net, Java, C, C++, Pascal, PC Assembler, Borland, Bash, Batch, Powershell, Csh
• CI/CD, Jenkins, Scrum, Agile

PROFESSIONAL EXPERIENCE

Confidential

Director of Security Architecture

Responsibilities:

• Manage cross functional team in Geo - diverse organization
• Provide secure solutions for Azure, AKS, and Docker
• End to end visibility on all projects, processes, and audits.
• Created and implementing S-SDLC program wif over 120 applications in mind
• Managing security team from India
• Formed security architecture review board and implemented cross functional review
• Provided guidance on and oversee secure application coding practices
• Creating metrics for security vulnerabilities
• Point of contact for security issues
• Implemented and managed exception process

Confidential

Application Security Lead and Architect

Responsibilities:

• S-SDLC program owner and Application security expert
• Implemented best in breed SAST and DAST solutions
• Implemented the application security program in-line wif industry best practices and compliance
• Responsible for all project security architecture solutions.
• Provide out of the box thinking and solutions for development projects
• Integrate wif development agile process
• Provided guidance on and oversee secure application coding practices

Confidential

Application Security Lead and Architect

Responsibilities:

• Responsible for the security posture of the application by steering development architecture and infrastructure to a lower risk posture.
• Identified lower cost solutions for static code analysis tools and migrated to CheckMarx in order to lower costs, improve performance and gain supported language support.
• Automated system security deployments on Unix environment wif python fabric.
• Review code analysis results for over 30 products and make recommendations for development wif an emphasis on OWASP top 10, SANS 25 and PCI.
• Represent security for change review board and approve network changes.
• Executed ISO-27001 Audit and provided overall ownership between business units and management.
• Integrate security wif the development process to ensure security is baked into application and minimize.
• Manage security related outages by coordinating wif various teams to assist in triaging incidents.
• Documented security policies and controls.

Confidential

Application Security Lead

Responsibilities:

• Serve as information security leader and subject matter expert and actively assist teams in the development of secure business solutions for medium to highly complex problems.
• Performed product review between WhiteHat, Checkmarx, Fortify, Veracode analysis tools and implemented best solution for environment.
• Monitor, analyze, and interpret security/system logs for events and incidents reflective of unauthorized access or operational irregularities.
• Leads the security design of all development platforms.
• Support and lead information security incident response as required.
• Perform technical IT security risk assessments and lead remediation efforts.
• Analyze audit findings and make recommendations to lower security risks to acceptable levels.
• Support information security awareness and create training material for developers specific to OWASP top 10 and SANS TOP 25 coding vulnerabilities.
• Consult, advise, and approve secure application and network design.
• Ensure dat security changes comply wif company change management policies and procedures.
• Author security policies, procedures, standards, and guidelines for computing infrastructure.
• Establish and enforce operating system and application hardening standards.

Confidential

IT Security Manager

Responsibilities:

• Manage global IT security model, including risk assessments, policy, procedures, solution providers and deliver day to day controls
• Ensure the safeguarding of company assets, intellectual property and computer systems by setting security objectives and metrics consistent wif company strategy and compliance requirements
• Manage corporate compliance wif applicable regulations including PCI, HIPPA and global privacy standards
• Participate in a leadership team dat develops and executes IT strategy
• Work wif consultants as appropriate for independent security audits
• Conduct and manage audits of IT general controls and security areas
• Act as a liaison wif external auditors for IT reviews
• Develop and recommend security budget. Authorize expenditures in accordance wif approved budget.
• Ensure dat company assets are secured Lead company Business Continuity Plan (BCP) process

Confidential

Principal IT Security Architect/Senior IT Security Architect

Responsibilities:

• Multi-disciplined SME, able to support multiple business units wif a variety or architectures CISSP, ISSAP, CIFI.
• Supports TPF and MVS mainframe compliance, 6,000 servers, 10,000 users.
• Security representative for the architect review board.
• Responsible for researching and recommending enterprise architecture changes and providing solutions.
• Lead Payment Card Industry (PCI) liaison for the enterprise and worked directly wif all the Qualified Security Assessors (QSA).
• Performed risk assessments on all products, solutions and vendors.
• Architected and proposed solutions dat allowed reuse, multiple environments, and leveraged current solutions in an out of the box thinking.
• Architected and spearheaded enterprise encryption solution, as well as, enterprise PKI solution and managed project from cradle to grave.
• Managed Global Computer Incident Response Team (GCIRT) and defined escalation procedure.
• Managed firewall access requests and security exceptions.
• Created, modified, and reviewed security policies.
• Ensured projects security requirements were met.
• Security lead for management and acquisitions.
• Performed forensic and fraud investigations and support legal and HR.
• Managing outsourced 3rd party relationship.