SUMMARY

• Highly skilled, results driven customer focused tri - lingual (Spanish and Portuguese) Manager with 25 plus years Audit and Information Technology experience working globally across diverse industries.
• Extensive detailed knowledge of Information Security technologies and best practices.
• Provides cost effective, time saving strategies utilizing latest technology to enhance infrastructure and automate processes to support business objectives and achieve compliance.
• Implementation management of security tools, Critical Watch, Nexpose, Rapid7 and Splunk companywide to ensure IT and Information Security risks are addressed and the action plan/remediation processes were completed.
• Leadership/Management: Start up experience in creating a new Project Management Office (PMO) and team development in Project Management Institute (PMI) methodology.
• Enhances infrastructure to fulfill business needs, automate processes and facilitate growth while working collaboratively between diverse departments, vendors, clients and executive teams. Enjoys coaching and team development.
• Combines technical aptitude with creative approach to problem solving to transform ideas and plans into powerful, reliable management systems.

PROFESSIONAL EXPERIENCE

Confidential

PCI Security Consultant

Responsibilities:

• Interface with clients to review and analyze complex systems (Applications, operating systems, databases, and Networking devices), to identify risks and vulnerabilities within the client environments.
• Analyze cardholder data flows (business and application data flows) and accordingly identify the risks to cardholder data.
• Provide guidance to clients on PCI DSS awareness.
• Work independently to collect, consolidate and analyze evidences of clients PCI DSS compliance and meet the internal quality assurance requirements.
• Produce final reports on compliance to detail the controls observed during security assessments in accordance with various security standards and regulations, PCI DSS.

Confidential

PCI Security Consultant

Responsibilities:

• Participate in the development and oversight of required corrective action plans relating to security compliance and PCI issues.
• Provide oversight in order to monitor and maintain and GRC platform (Archer).
• Establish and manage the security risk assessment for new and ongoing projects and advise on architectures, security, and mitigating controls.
• Provide technical implementation details necessary to assess and design practical security controls in conjunction with other functional areas.
• Partner with team members and cross functional groups to ensure programs align with PCI compliance requirements.
• Promote security compliance internally while maintaining core values of transparency, fairness and trust.

Confidential

Information Security Manager Consultant

Responsibilities:

• Mange systems security functions and insure that user access rights are suitable and properly controlled.
• Analyze the Bank’s IT infrastructure, systems and facilities to identify security risks and weaknesses and recommend corrective actions.
• Monitor cybersecurity information sources, FS-ISAC, US-CERT and professional publications for emerging cybersecurity risks and develop appropriate responses as needed.
• Perform due diligence on 3rd party service providers and mission-critical systems to verify and adequacy and effectiveness of information security controls and incident response/disaster recovery plans.
• Analyze information, provide assessments, and compile reports including a monthly summary of security information reports submitted throughout the bank.
• Receive security alerts and coordinate appropriate responses.
• Act as key decision-maker and member of the Technology Committee and the Business continuity and Incident response teams.

Confidential

Senior IT Security Consultant

Responsibilities:

• Ensure the organization is complying with all applicable standards and frameworks, such as NIST SP 800-53, ISO/IEC 27001/2, the Cybersecurity Framework, COBIT and/or PCI/DSS.
• Assist client manage the annual Privacy Impact Assessment and PII holding inventory.
• Assist client manage the Human Resources Department to assess the Employee Handbook updates to the chapter that covers information systems policies and procedures.
• Assist with the general evaluation of security programs at third-party service providers to ensure compliance with minimum requirements.
• Assist client to maintain the Security Information Security Plan and associated security control documents. Ensure staff, systems and networks are in compliance with NIST SP 800-53. This includes categorization of systems.
• Assist client to maintain the incident response plan. Coordinate annual tabletop testing of the Computer Security Incident Response Plan (CSIRP).
• Assist client to maintain the PII Security Plan.

Confidential

IT Security and Compliance Manager

Responsibilities:

• Completed the PCI Internal Security Assessor (ISA) certification. Completed the 3.1 PCI audit for the company.
• Completed the Payment Card Industry Professional (PCIP) certification.
• Completed the Forensic Scientist program. Implemented Encase for the complete company.
• Implemented the change management (CM) procedure companywide and the CM committee.
• IT lead person for companywide migration from one network to another. (Kate Spade to Confidential )
• Design sustainment strategies and measurement systems to ensure that requirements can continue to be maintained over time.
• Documented Policies, Risk, Audit, Lines of Business, Legal, Compliance and external regulators, including PCI DSS Council to ensure proper handling of Payment Card Information.
• Implemented SOX 404 General Control’s companywide.

Confidential

PCI Security Specialist

Responsibilities:

• Develops and implements security standards, procedures, and guidelines for multiple platforms and diverse environment (e.g. client server, FedRAMP, distributed, mainframe, etc.).
• Exercises judgment within broadly defined practices and policies in selecting methods, techniques, and evaluation criterion for obtaining results.
• Communicating technology impacts and risk to various levels of executive management understanding the need to tailor and deliver appropriate content for given audience.
• Work closely with subject matter experts including GIS Policy, Risk, Audit, Lines of Business, Legal, Compliance and external regulators, Safe Harbor, cyber security, including PCI DSS Council to ensure proper handling of Payment Card Information.
• Support line of business PCI self-assessments, third party QSA lead PCI Assessment as well as GIS lead PCI Assessments impacting the Domestic US and International regions.
• Assist in the analysis of PCI assessment findings, owner identification, remediation planning and validation.

Confidential

IT Senior Compliance Auditor

Responsibilities:

• Identifying key risks and controls, knowledge of Sarbanes Oxley (SOX) readiness, controls optimization, including the configuration of controls around security, business process and within IT environments.
• Applying internal control principles and business/technical knowledge including information technology general controls and application controls; financial reporting concepts; working experience applying professional skepticism skills
• Aid, as well as perform assessments, using client's proprietary or other relevant tools to evaluate controls, security, SOD, FedRAMP, Safe Harbor, cyber security and potential for optimization.
• Provided project management skills, including developing project plans, budgets, and deliverables schedules.
• Developed a positive environment, monitoring workloads of the team, while meeting client expectations, and respecting the work-life quality of team members. This includes providing candid, meaningful feedback in a timely manner and keeping leadership informed of progress.
• Interacting with clients on solutions and executing projects on client engagements, forming client relationships and demonstrating an understanding of the client's business.
• Work with the PCI project team to proactively resolve issues and build remediation processes of findings for Quality Assurance review.