SUMMARY:

Strategic level Information Technology Professional with broad - based experience in system design/administrationPMP program management, IT audit and GRC risk assessment.

PROFESSIONAL EXPERIENCE:

Confidential, Dallas, Texas

IT Systems Engineer

Responsibilities:

• Perform project management involving IT security, Access Controls, GRC, SailPoint and manual reporting for Confidential .
• SME involving Confidential, NIST 800-53, Confidential, PCI/DSS, ISO/IEC 9000, 27001,(2), Cyber Security / baselining operations to meet compliance objectives.
• Provide leadership in deciding key points involving timing, staffing, resources used, project scope.
• Established Governance and Risk management work to involve Confidential Archer, Control Self Assessment, risk impact, root cause analysis.
• Developed Policy, Standards and Procedure statements to mirror cybersecurity initiatives and existing IT operations. Evaluation of proposed SAP R3 documentation system.
• Research and debate modern methodologies to harden and secure corporate assets involving security patching and review of standards ISO / IEC 27001:2013, Confidential, NIST 800-53, ITAR req., HIPAA 164.310, GDPR, PMP PMBOK, Confidential, Sarbanes-Oxley section 4, Confidential, GAAP, SAP ERP 6.0, internal infrastructure and data from US Departments of Treasury, Education, and CMS.
• Financial services SME involving risk methodologies, risk impact for critical systems,business impact analysis, root cause analysis, control self assessments, OCTAVE, NIST RMF, threat agent risk assessment TARA and others
• Worked to baseline IT operations and internal controls surrounding access controls and risk management directives.

Confidential, Miami / Tampa, Florida

Program Manager Information Security, IT Auditor

Responsibilities:

• Provide guidance, direction and oversight for 3rd party assessments, internal audit engagements, baseline security standards, discovery and remediation of IT security and compliance issues surrounding HIPAA, risk standards CMS compliance, PAN data, PCI-DSS compliance, Confidential directives, NIST 800-53, Sarbanes-Oxley SOX, ISO/IEC 27001:2013, ISO/IEC JTC 1, Confidential 007 R2, and DISA/STIGS data standards.
• Performed Qradar SIEM administration involving report migration, alerts,custom reports and malicious activities.
• Reconciled Qradar with existing inventory to avoid gaps and rogue equipment. Analysis of log sources and metric generation.
• Built relationship with IBM-Qradar, and SIEM security vendors to avoid shortfalls in knowledge base.
• Engaged in Risk Management to perform root cause analysis, TOGAF, OCTAVE, control self assessment, enterprise Governance Risk Compliance Confidential and risk impact.
• Authored IT audit engagements, planned requirements, staffed auditors and scheduled work with stakeholders
• Provided direction in the selection of an External Audit firm which performs attestation of our Authority to Operate ATO in the analysis of operations surrounding US Centers for Medicare & Medicaid services, PCI compliance, NIST, ISO/IEC and key points of compliance.
• Promoted to Point of Contact and Project Manager for change configuration management efforts surrounding production and test environments, protected health information PHI, Confidential, MARS-E, data privacy and Confidential compliance.
• SME surrounding tools: SCADA Cyber Ark IAM identity access manager, IDM application identity manager, EPV electronic password vault, PSM privileged session manager modules. Proficient with Tripwire Enterprise 8.5.2, IP 360, ProofPoint, Q Radar, Core Impact, Hitech, IP360, FireEye,Tenable Nessus, Nexpose Rapid 7, Computer Associates SMDB and Archer Confidential risk and compliance suite.
• Build relationships with vendors IBM-Qradar, Tripwire, Tenable Nessus to earn SME status.
• Perform system administrator interviews, security patching, reviews of pharmaceutical business entities and reporting on controls testing and remediation surrounding data standards and Sarbanes-Oxley SOX, PCI compliance with IT Audits. Peer review performed on final output. SAP process control management and activities.
• Worked to provide technical oversight involving SIEM network and vulnerability configurations surrounding network administration, SCADA cybersecurity analytics, AIX, Linux RHEL 6, NMAP, trace routing and OWASP top 10.
• Authored an approach for Confidential and Confidential compliance involving CyberArk, Q Radar report writing, Tripwire Enterprise, Symantec Enterprise and Nexpose Rapid 7, Bit9, Core Impact and Sophos antivirus.

Confidential, Miami, Florida and Livermore, California

Program Manager Information Security IT Audit and Risk SME

Responsibilities:

• Liaison to risk compliance efforts surrounding large financial institutions Confidential, financial market infrastructures FMIs and significant service providers SSPs in order to support 3rd party assessments, risk management, information systems, vendor risk assessments, Confidential, business resiliency and cybersecurity risk.
• Helped to manage governance risk compliance Confidential efforts in key aspects of the business Portfolio involving program management Confidential, FMIs and SSP projects involving cybersecurity, Confidential, vulnerability, threat assessment efforts, risk posture, risk assessment, security architecture and key security tools.
• Developed Policy and Procedure statements to mirror cybersecurity initiatives as they relate to Confidential, FMIs and SSPs.
• Research and debate modern methodologies to harden and secure corporate assets involving security patching and review of standards ISO / IEC 27001:2013, Confidential, NIST 800-53, ITAR req., HIPAA 164.310, GDPR, PMP PMBOK, Confidential, Sarbanes-Oxley section 4, Confidential, GAAP, SAP ERP 6.0, internal infrastructure and data from US Departments of Treasury, Education, and CMS.
• Financial services SME involving risk methodologies, risk impact for critical systems,business impact analysis, root cause analysis, control self assessments, OCTAVE, NIST RMF, threat agent risk assessment TARA and others
• Provided direction, support and maintenance for risk awareness and risk acceptance where appropriate within a 1,100 user network involving threat landscape, secure development practices, gap analysis and risk posture.
• Security tools utilized: IBM Qradar, Tenable Nessus 6.7, SIEM, Java scripting, Nexpose Rapid 7, Tripwire Enterprise 8.5.0, IP360, FireEye, RedSeal, PGP, ProofPoint, Wireshark analyzer and other methods in establishing benchmarks for cybersecurity, intrusion detection, security patching, SIEM efforts and proactive analysis of threats and vulnerabilities.
• Provided IT Audit and Information Security guidance through standards: CoBIT 5, COSO, ISO/IEC 27001:2013, DISA STIGs, NIST 800-53, PCI compliance, SCADA, SharePoint, TOGAF, Confidential 7 and SAP ERP with 4 pillars, provisioning, and access granting. Provided direction regarding SAP process control activities.
• Authored Programs in risk avoidance, risk transfer, factor analysis of information risk FAIR, suspicious activity reports, technical writing of policies and procedures, security plans, business continuity and intrusion detection efforts.
• Created Qradar and JIRA management reporting script algorithm used to highlight discrepancies between network inventory and critical security tool Qradar inventory. Analysis of log auto discovered items in Qradar to avoid duplication and the mis-reading of log files.
• Extensive cybersecurity, anti-malware and data loss prevention efforts using ProofPoint, Sophos, McAfee and Symantec enterprise.
• Responsible for Information security on an 1,100 + user environment involving Active Directory, Linux RHEL 5, 6, Cisco and Juniper firewalls log analysis and network security appliances.
• Proficient with PGP, RedSeal, QRadar, CyberArk, Tripwire Enterprise, Nexpose Rapid 7, Nessus 6.7, Sophos AV, ProofPoint, BlueCoats, Bit9, Snort, Windows 10 security, Altiris ver. 8 and IP360.
• Provide IT Audit expertise involving Governance Risk Compliance GRC involving Capability Maturity Model CMM, ISO/IEC standards, OCTAVE, FAIR, TARA, OWASP top 10 controls, CoBit, NIST, Confidential controls and Centers for Medicaid/Medicare CMS standards.
• Led IT Audit efforts to facilitate a) findings b) recommendations c) risk remediation and ultimately passing Confidential CMS reviews of Network security controls, compliance with SOX, Confidential, redundancy, application development involving SDLC, SOX sect. 4 internal controls assessments, IT physical security of operations and co-location data center, IT management reporting structure and internal audit committee functions as well as future IT audit.
• As Project Manager, successfully communicated, via targeted meetings, to facilitate information flow between IT security teams, HR, IT operations in order to remediate compliance shortfalls in PCI compliance, SOC, SIEM and IT audits.

Confidential, St. Petersburg, Florida

Technical Program Manager, Information Security, IT Audit/Risk SME

Responsibilities:

• Developed IT audit and risk mitigation strategies, assignment of owner and elicited key remediation actions.
• Monitor identified risks and IT audit issues with tools and teams. Assist critical incident response process with IT engineers and stakeholders. Escalate early to business owner and management team to determine when to engage senior leadership.
• Establish and maintain strong relationships with business operations, technical operations, engineering and finance.
• Direct business processes, product requirements and overall enterprise impacts the project may have on the existing system infrastructure. Identify, confirm, and obtain participation from required cross-functional teams. Work with the other team members and Strategic Business Initiatives to do this effectively. Utilize CSIRT and use OWASP to baseline SIEM event trends and attack patterns and vectors. Confidential 007 R2, SCADA cybersecurity, anti virus efforts with Symantec Enterprise, PAN data analysis, Amazon Web Services and Golang.
• Work with leadership to help identify and assist in making program trade-offs to balance scope, time, and costs.
• Develop and execute PMBOK defined and led project plans, with dependencies, milestones based on backlog, story points and velocity to establish reachable targets.
• Information security role in auditing Active Directory for remediation. Provide understanding and knowledge of Active Directory, Cybersecurity, ProofPoint, Qradar, security patching initiatives, Amazon Web Services, Golang, Tripwire Enterprise,Tenable Nessus 6.7, Nexpose Rapid 7, Vulnerability Management, Threat Assessment, input validation, Node.js Java scripting, SIEM CVE, security monitoring, Zachman and TOGAF. Apply key controls with risk assessment, remediation as well as internal audit best practices.
• SME to IBM Qradar and upgrades, FAQ knowledge and malicious activity reporting.
• Oversaw a 3000+ computer group a CAT 1 Network and the risk surrounding migration of the activities
• Created reports and coordinated remediation efforts. Qradar CyberArk 9.2 beta tested platform for ID of privileged accounts, access control lists, audit trails and password history analysis. SAP ERP pillar analysis, provisioning and access granting, SAP process control assessments performed.
• Created and implemented a risk management plan. Identified project related risks and triggers; establish risk thresholds and contingency plans using OCTAVE, FAIR, TARA plans, refine estimates to create baseline resource plan.
• Provide oversight, updates, POA&Ms progress and management of appropriate processes and communication.

Confidential, Miami, Florida

CTO, Program Manager, SME IT Risk and IT Audit

Responsibilities:

• Plan, organize, direct and control small, medium and high value Financial Services, CMS governed Health Insurance Industry, Pharmaceutical and Manufacturing Client audits, business projects and risk assessments involving Project Management Body of Knowledge PMBOK / PMI standards, IT Audit internal controls, SCADA Cybersecurity, Confidential, SOX, HIPAA, Confidential, NERC-CIIP 007 R2, CSIRT, DIARMF, SIEM, CVE, SAP, application development and systems development life cycle SDLC.
• SME in Banking and Financial Services involving Confidential, Federal Reserve, Confidential, FMIs, SSPs Information Technology and Cybersecurity thus providing a reasonable assurance of security and compliance.
• Provided to Financial Services Clients IT governance, IT security awareness, taxonomy-code flaw search, design flaws, Infrastructure, IT environmental standards and Top-level policy direction for operations involving key direction for and operations and network infrastructure.
• Acting liaison to third party security risk management efforts with Health Insurance industry clients, manufacturing and distribution clients, their external vendors and internal audit teams. Utilized SAS-70 (legacy) and SSAE-16 audits and reviews. Applied standards for internal controls with Confidential, SOX 404, NIST 800-53, DIARMF, OCTAVE, FAIR, and referenced CoBIT 5 and COSO enterprise risk management.
• Defined and execute vulnerability risk assessments to include team selection, security scans, internal/external audits and OWASP top 10 incident response project planning, perform triage on McAfee SIEM events. Analysis of ArcSight enterprise service manager, Log Rhythm security intelligence platform, Amazon Web Services, Golang, CyberArk Identity Access, Node.js Java scripting and Tripwire Enterprise with IP360.
• Provided support and administration of Qradar involving Service Level Arrangement SLA with IBM, functionality of reports, malicious activities and reconciliation to existing internal System inventories.
• Strategic level Authoring and execution of Info Confidential Policy, IT Security Manuals, SAP ERP 6.0 4 pillars definitions, ISSM Information System Security Manuals, backup BCP disaster plans, additional corporate-level policies and procedures as network systems evolve. Obtained board approval of all written documentation submitted.
• Active role in Information Security working with POA&Ms, SCADA, FISMA, Confidential, DIARMF, ISO / IEC 27001, ISO / IEC 27002.
• Secured and improved IT operations surrounding a Confidential rework of corporate policies and procedures, BCP, application access controls, POA&Ms, Confidential, OWASP top ten, SSAE-16 audit compliance, SailPoint, SOX, PCI, Cobit 5, and IT governance, security / risk assessments including OCTAVE and FAIR.
• Research current industry trends in threats, SIEM, CVE vulnerabilities, application design flaws and countermeasures.
• Provided SAP process control assessments and engineering analysis.
• Performed SDLC development of technical requirements, system design, quality assurance, user acceptance testing, and pre-production testing of distribution project analysis for operations using AIX UNIX LINUX tools and provided a final report of findings.
• Lead strategy meetings for remediation audit findings and deliverables. Motivate staff to provide accurate and timely reports to ensure a reasonable assurance of security and compliance.
• Managed an inventory control project involving deliveries and product valued at over $500k for Advance Auto stores.
• Volunteered for new project administration duties to include building an IT Audit case, information gathering, access / exploitation, and reporting of findings with Tenable Nessus 5, ProofPoint, Qradar, IP360, Nexpose Rapid 7 and Tripwire Enterprise 3.x.
• Provide Client senior management with a documentation of SOX internal controls and the creation of action plans using POA&Ms, BCP disaster recovery, VISIO design, reporting of milestones reached and follow-up goals.

Confidential, Syracuse, New York

IT Systems Manager

Responsibilities:

• Hardened and secured network of Win2k8 servers, workstations, barracuda firewall, Cisco routers, Checkpoint Load Balancer, TCP/IP, DNS, POP email accounts, cloud security in database. SME with SCADA Cyber security and Symantec enterprise security.
• Introduced the internal control need for enhanced IT security, IT audit, ethical hacking and Tenable Nessus usage.
• Implemented cloud computing security, SLA and contract administration. Secured PCI compliance procedures for office.
• Provided key direction in a legacy database conversion project to a virtual web-based application.
• Initiated new service level agreements SLA in vendor management and realized over $200k in cost savings.
• Upgraded new IT security procedures and solicited IT vendor support. Secured remote access and new VPN.
• Hands-on IT technician, Microsoft gold partner skilled with IBM Site Protector, IBM QRadar, IBM Web Gateway, IBM Network IPS and IBM App Scan Enterprise.
• $500k budget, Proficient with Excel, PowerPoint, Project, Access, Backup Exec, and ARC serve.

Confidential, New York, New York

Bank Officer, Vice President and Risk Program Manager

Responsibilities:

• SME with Confidential, FMIs,and SSPs regarding BASEL II Accord directives and integrated key components within all projects.
• Utilized a mature Project Management Office and PMBOK in assessing SDLC procedures for critical capital markets application.
• Identified potential risk impact regarding a key IT risk component and mitigated a $30 million exposure.
• Provided ITIL v2, COBIT, Confidential, FDIC, and OWASP top project best practices analysis for system-network enhancements.
• Wrote key controls and inputs for annual Business Impact Analysis BIA and BCP disaster recovery plan.
• Provided expert analysis involving ISO /IEC 27001, BASEL II accord, Confidential, SOX, Confidential directives.
• Directed 14 person staff in a corporate governance project utilizing risk, Confidential and Japanese FSA principles.
• Built project management PMBOK, NIST information quality, and ISACA COBIT standards into IT key controls.
• Highlighted IT risk to effectively mitigate issues in IT network infrastructure, and SDLC/systems development teams.
• $1 million budget, oversaw 14 staff, made key recommendations to management to help direct IT operations.