OBJECTIVE

• Information security professional with over twenty years of experience securing and supporting enterprise systems. Seeking Security Risk Management position to further advance my career.

SUMMARY

• Information Risk Management and Regulatory Compliance. GLBA, FFIEC, (PCI - DSS), Sarbanes Oxley, SSAE 16 SOC I/II, HIPAA, NIST Cyber Security framework.
• Technology and Security Architecture design evaluation and risk management.
• Cloud Security Controls assessments and auditing.
• Development Operations (Agile/Waterfall) controls assessments and auditing.
• Project Management controls assessments and auditing.
• Security Operations Design, Risk Assessments, and Auditing (Vulnerability Management, Penetration Testing, Security Events Management, Security Incident Management and Response)
• Active Directory Security Design, Deployment and Auditing.
• Virtualization Systems Design, Deployment, Administration and Auditing (ESXi 6.5x, 5.5x, IBM HMC/VIOS)
• Network Security Design, Deployment, Security Assessments and Auditing (IPS/IDS, NAC, Wireless, Firewalls, Routers, Switches, Load Balancing).
• Business Continuity/Disaster Recovery Planning, Assessment and Auditing (BCP, DR, BIA’s)
• IT Service Management Auditing (ITILV3) (Service Strategy, Design, Transition, Operation)
• Security Framework Standards (NIST Cyber Security and Risk Management Frameworks)
• Security testing and troubleshooting with Nmap, Netcat, Metasploit Pro Penetration Test Platform, Retina, Foundstone, Nessus, Rapid 7 Nexpose Vulnerability Scanners, Fiddler, HTTP Watcher, Backtrack and Kali Linux Penetration Framework.
• Network Traffic Troubleshooting with Wire shark, and Windump/Tcpdump Sniffing tools.
• Application White-listing with Bit9 Parity.
• Microsoft Windows 2016, 2012, 2008 controls design and deployment.
• Microsoft SQL 2000, 2005, 2008 controls design and deployment.
• Web Server Design, Troubleshooting and Security Implementation ( IIS 5, IIS 6.0, IIS 7.x, Apache, Web-sphere)
• Antivirus/Antimalware Deployment and Troubleshooting (Mcafee, Symantec)
• Goal orientated, multi-tasked individual that takes the initiative to get the job done.
• Successfully meets deadlines.
• Communicates ideas and solutions effectively.
• Knowledgeable and experienced in troubleshooting multi-tiered information systems.

PROFESSIONAL EXPERIENCE

Confidential

IT Audit Manager

Responsibilities:

• Served as a trusted risk advisor to internal business banking line teams with providing governance and oversight for cloud based transition of services to support the banks enterprise strategy.
• Responsible for the planning and execution of technical audits of IT Infrastructure and Information Security supporting banking operations.
• Responsible for providing technical training for internal audit staff to increase knowledge amongst the team in areas on the audit plan.
• Responsible for the review of audit work papers and documentation within audit database of Sr. IT Auditors and junior staff ensure that work meets methodology requirements.
• Partnered with business lines, risk partners and information technology and security to provide clarity and transparency to the detail of controls weaknesses/failures and the associated risks stemming from issues raised from audits.
• Responsible for continuous monitoring of IT/IS controls portfolio through project orchestration and issues management through the banks risk register.
• Responsible for validation for IA raised issues working with risk managers to address deficiencies.
• Responsible for Internal Audit presence on IT/IS committees within the bank to support enterprise initiatives.
• Partner with Sr. Audit Manager/Audit Director to provide status updates and insight to audit engagements to business lines as needed.
• Provide input to Audit Director on Audit Universe and areas for focus in yearly audit plan along with supporting development of bi-annual audit opinion delivered to executive management.
• Develop and update standard audit work programs (SAWP) utilized in assessment of the banks controls environment.
• Develop and update scripts (Power-shell) which are utilized to automate evidence collection within Active Directory environment.
• Integrate with various internal audit teams to provide subject matter expertise on information technology and cyber security subjects to support overall execution of the banks audit plan.

Confidential

Lead Information Security Analyst

Responsibilities:

• Responsible for working various business lines within Confidential serving in an information security capacity.
• Served as the business continuity coordinator for the Registration and Titling Services business line of Confidential .
• Served as the information risk manager for the Registration and Titling Services business line of Confidential .
• Served as the information security officer of the Registration and Titling Services business line of Confidential .
• Responsible for working with internal and external auditors to ensure compliance with Sarbanes Oxley regulations.
• Responsible for working with external auditors from various states to provide evidence to support compliance with SSAE 16 SOC I and II audit requirements.
• Responsible for security oversight of multiple projects related to the development of applications that supported the Registration and Titling Services business line in their contractual obligations to the states in which services was provided.
• Responsible as a member of a larger information security team to provide incident response support services to the company.
• Conducted quarterly system access reviews on internal and externally facing application systems to comply with Sarbanes Oxley requirements.
• Responsible for on-going vulnerability management program concentrating on infrastructure and web applications for the Dealertrack Registration and Titling Services business line.
• Achieved Verizon Cybertrust certification for the business line within the first six months of employment.
• Responsible for working with various software development teams to determine security requirements for new projects.

Confidential

Security Engineer

Responsibilities:

• Responsible for working with various healthcare vendors to conduct systems security reviews, making recommendations to address security issues, and following through to ensure secure deployment of health information technology systems.
• Conducted information system controls review on various IS infrastructure components ( Cisco Routers, Switches, Firewalls (Palo Alto/Fortinet), IPS (Palo Alto/Fortinet), Databases (MSSQL), Web Servers (IIS/Apache), Servers (Windows/Unix), Virtualization (ESXi), Endpoint security (BIT9,Mcafee), and VOIP (Cisco/Avaya), Wireless (Aruba).
• Conducted vulnerability and compliance scans of IS infrastructure systems to ensure alignment with security best practices and federal regulations (HIPAA).
• Responsible for conducting risk assessments and evaluating controls related to the enterprise virtualization environment (ESXi).
• Responsible for providing information security, audit and risk management expertise to various groups within the organization to ensure successful outcomes to critical business initiatives.
• Designated as a point person for the IS infrastructure team for reviewing findings from internal and external auditors, and providing feedback to management on courses of action to address indentified issues.
• Responsible for feedback to upper management on emerging security threats that could impact hospital operations and lead to non-compliance with HIPAA.
• Responsible to stay abreast of the latest software vulnerabilities, malware, spyware, malcode trends, and performing risk analysis and apply preventative and detective controls to hospital information systems.
• Conducted security reviews on database management systems (SQL 2000, 2005, 2008) to ascertain weaknesses in configurations and partnered with Database Administrators to implement preventative/corrective controls to address security issued.
• Lead of the incident response team, responsible for detection and remediation of threats to information systems, along with the development of technical measures to prevent security breaches.
• Designed and implemented patch and vulnerability management processes, which included continuous systems security review, risk analysis, security vulnerability remediation, and patch baseline and testing.
• Developed network design and security control documentation for critical health information systems deployed within the organization.
• Designed and implemented system hardening security baselines to improve the security posture of the organization, in which all Windows 2000/2003/2008 Server information systems for the organization were built from.
• Responsible for implementing IPS/firewall rules on Palo Alto 4020 to prevent and remediate security events.
• Responsible for maintaining Web Filtering Solution (Palo Alto) to remediate and prevent web based attacks and comply with information security policy.
• Responsible for implementation of security rules within Bit9 Application White-listing solution used to secure desktops against rogue code execution.