SUMMARY:

• Results - driven IT Information Security Specialist with more than 15 years of Confidential and industry Information Systems experience in Information Technology, Confidential, Systems Engineering, and Information Security to clients across a variety of industries to include the military, government, engineering sector, and financial services.
• Specialization includes Information Security, Information Assurance, System Security Assessments, Communication Security, Risk and control assessments, Internal Control Systems, System controls Application/Disaster Recovery, Threat Modeling, Military Confidential (Tactical) Networks and security, System engineering (C4ISR), Vulnerability Management, Financial and Federal Government sectors.
• Significant experience includes Information Security, Systems’ Information Classifications, performing IT application systems controls reviews, Risk, Compliance, Information Technology, IT and Internal controls assessments, Regulatory compliance, Application/Disaster Recovery, Identity and authentication, Business Continuity Management, Security and vulnerability assessments, Management of the IT Service Continuity Management (ITSCM) continuity critical application systems, Mainframe/Mid-Range distributed systems reviews and testing of privileges and parameters for UNIX and Windows, Privileged Access, Group Privileged Group Access, Access to Sensitive Directories (UNIX & Windows), CRON jobs, and Batch Functions Access.
• Dynamic communication skills, Bilingual, and Highly motivated Multi-tasker.

TECHNICAL EXPERTISE:

Knowledgeable of Security standards, SAS 70, SOC, NMAP, LINUX, Qualys, Nessus, LDAP, Qualys, PowerShell, Tripwire, Fusion Tool, DLP, Confidential Systems, Database, Internal Audit, Internal Controls and Assessments, Active Directory, Microsoft Threat Modeling, JIRA, Familiarized with SSL, SHA, RSA, AES, Networks, CAN, Ethernet, Sarbanes-Oxley Act (SOX), Stryker, Abrams

PROFESSIONAL EXPERIENCE:

SR. Information SECURITY Specialist

Confidential

Responsibilities:

• Evaluated and responsible for systems application environments and access control processes to ensure they are being designed, deployed and implemented in compliance with company standards and industry standard methodologies.
• Responsible for Semi-Annual reviews, On & Off-Boarding, and testing of the Internal Control Systems (ICS).
• Led and managed the reviews for the following: Privileged Access, Group Privileged Group Access, Access to Sensitive Directories (UNIX & Windows), CRON jobs, and Batch Functions Access in the servers and reported findings.
• Managed & coordinated IT activities including internal controls, IT Governance, and IT process among the Daimler Financial Services units located in Latin America.
• Develop strategy and requirements to test critical systems strategy design solutions.
• Work with the business and technical teams that have access to desired critical systems to develop and scope new test strategy, ensuring a testing strategic approach is in place and the application systems are leveraged appropriately.
• Supported the planned and managed vulnerability assessments for customers provided feedback.
• Engaged and follow up on Internal and Corporate Audits to mitigate the risks.
• Reviewed in excess of 2500 users, 35 application system accounts to ensure regulatory in corporate and regional compliance.
• Coordinated IT activities among Daimler entities in Argentina, Brazil, Colombia, and Mexico and provided accountability for IT security within those entities to Daimler Financial Services' Americas regional headquarters in Michigan.
• Assisted the organization to identify and evaluate IT security risks through security reviews.
• Evaluated security risks, proposed, designed, implemented, tested, and integrated system solution.
• Ensured that acquired or developed systems and enterprise architectures are consistent with the organization's security architecture guidelines.
• Supported the planned and managed vulnerability assessments for customers providing feedback.
• Developed and maintained process documentation.
• Provided support across the board to ensure implementable and maintainable solutions to comply with ISO27001 to protect organizational assets.
• Created and implemented a database source to test our application and user access Ids for our internal control systems testing of the continuity critical systems.
• Responsible for the Mid-Range Servers effectiveness, validations, analysis, reporting reviews of privileges and parameters.
• Research and evaluate current or emerging security technologies to support organizational information security objectives. And evaluated Vendor solutions against company security/business requirements.
• Performed both periodic and ad-hoc analyses of user accesses to ensure compliance with established control processes.
• Research and evaluate current or emerging security technologies to support organizational information security objectives. Evaluates vendor solutions against company security and business requirements.
• Conducted User & Application Access Reviews.
• Worked on the New York State Law to ensure organizational compliance.
• Played a lead role and build of a strategy solution to develop, testing, and implement the solution to address application systems gaps.
• Coordinated application recovery reviews and assessments of IT projects and continuity critical systems.
• Manage the IT Service Continuity Management (ITSCM) continuity critical application systems landscape and third party vendors and applications’ security.
• Interview and work with business management, content owners, and IT to understand application and system security requirements. And communicated cross functionally to gain consensus on new strategies to test systems readiness.
• Developed application strategy roadmap and assessed system’s implementation solution and services for viability across the landscape of applications.
• Documented security and access control frameworks for application systems.
• Achieved 100% SOX compliance by scheduling numerous reviews to keep systems in compliance.
• Educated business unit managers, IT System teams about security design solution, controls, and prevention.
• Supported LATAM region accounts in Colombia, Mexico, Canada, and Brazil with routine questions on policy, procedures, information classifications, and ICS application recovery system plan solution designs, test, and implementation.
• Maintain the organization's business impact analysis (BIAs) and Application Systems Recovery plans.
• Apply knowledge of latest information security industry trends and practices in a practical manner to support internal and Customer business information.
• Plan, build solution strategy, implemented, tested, and conduct reviews of application systems plans and monitor and evaluate system conformance with organizational security policies, standards and guidelines.
• Created IT Disaster recovery plan procedures in the event of a disaster and mitigation procedures.
• Recognize and identify potential areas where existing application systems plans, policies and procedures required change or new development to mitigate system weaknesses.
• Partner with business process owners to design, implement, support and maintain a multitude of application recovery systems’ plans to align with business requirements.
• Experience with hosted and cloud services, especially DRaaS and SaaS, and the related security implications and control approaches.
• Thorough understanding of application recovery and disaster recovery principles and processes.
• Worked in collaboration with Infrastructure and Network team, lead/participate in development of security architectures, baselines and standards for each major type of infrastructure component (e.g., Network-Firewalls, Routers, Logging; Physical Servers, Virtual Servers, End-User, Compute, Mobile, etc.)
• Created, modified, and submitted system application and disaster recovery plans via appropriate channels.
• Implemented, managed, and maintained the development of BIA tool to determine RTO/RPOs.
• Supported security assessments and analyzed risks to identify potential internal control weaknesses and provide recommendations to remediate the risk.
• Conducted and performed security assessments in various technical environments, including Vendors/Suppliers, Mainframe, UNIX, Oracle Database, SQL Database, and Windows.
• Documented and ensured communicated policies, queries, vulnerabilities and current state of the company's system.
• Contributed expertise to identify weak controls and communicated vulnerabilities to management.
• Assisted in the conduct of on-site reviews.

Senior systems & Security engineer

Confidential

Responsibilities:

• Led the Information Assurance (IA) group on architectural information security and assurance matters for platforms interfacing with Confidential systems.
• Led client with the development Certification and Accreditation (C&A) documents to include Security Concept of Operations, Implementation Plans, System Security Plans, and System Security Test and Evaluation plans and procedures.
• Conducted risk and security assessments using NIST guides for integrated interconnected systems to measure security assurance and recommend type of control Technical, Operational, and/or Managed control.
• Supported/Performed IA risk assessments, develop Plan of Action and Milestones.
• Applied and implemented required security controls to mitigate architecture risks and vulnerabilities.
• Evaluated and provide guidance on IA and security related issues and required security controls to mitigate architecture risks and vulnerabilities.

Senior Lead Systems & Security Engineer

Confidential

Responsibilities:

• Managed enterprise-wide information-security program for th4e Brigade to include emphasis on Emergency Operating Center Communication Security, Information Security, Intellectual Property Protection, and Encryption.
• Collaborated with external auditors to conduct in-depth compliance audits testing, presenting all results to senior management.
• Managed and performed organization vulnerability assessments and supported certification and accreditation activities using DITSCAP throughout the UA and Loran peninsula.
• Instrumental in developing and implementing Business Continuity and Disaster Recovery Plans for military tactical sites.