EXECUTIVE SUMMARY

Decisive, experienced and knowledgeable Senior Risk and Compliance Consultant with a proven track record in implementation operations while driving numerous projects to successful completion. Expert in data analyses requirements acquisition and implementation, and regulatory compliance within the ever-changing medical industry. Develop test plans, reports, and data collection for complete requirements coverage, and provide risk assessment from design documentation and test results. Effectively provide training on process and procedure to remain compliant with all regulatory requirements, and create detailed defect write-ups, assigning severity and defend findings. Seek a role as Manager of Global Information Systems and Security where attention to detail and development of budgets, risk assessment and implementation and training are held at a premium for a company poised for extraordinary growth.

CORE COMPETENCIES / AREAS OF EXPERTISE

Problem Resolution/Troubleshooting Processes/Procedures Project Planning and Management Team Leadership Compliance Testing/Evaluation Implementation/Integration Communications Risk Assessment Design Documentation/Reports Regression Testing Strong Working Relationships Employee Training and Personal Growth Development Governance Risk Documentation Compliance and Audit Management

KNOWLEDGE BASE / CLEARANCE

• Sarbanes Oxley SOX
• HIPAA
• SAS 70
• SSAE 16
• FISMA
• DISA STIG
• DoD / PHI / PII
• TRICARE / Medicare / Corporate
• ISO 27024
• TCSEC-C2 Security Clearance Exp. 3/2019
• PROFESSIONAL EXPERIENCE Confidential Senior I/S Risk and Compliance Analyst
• Provide overall governance and compliance within the Information Systems I/S for TRICARE, Medicare, and Corporate Companies. Main responsibility TRICARE and Medicare.
• Plan and oversee monthly risk assessments and ensure deadlines are met.
• Liaison between I/S areas and internal/external auditors to ensure goals and objectives are met and resolved any conflicts whenever they arise.
• Subject Matter Expert SME and Project Lead for TRICARE yearly audits ATOs and monthly Self-Assessment remediation/reviews between I/S areas and auditors.
• Successfully accomplished a number of large process improvement and application upgrade projects from design to post-review, ensuring projects are successfully completed within the specified timeframes.
• Train Junior Consultants and employees within the Team in risk management, security, and compliance.
• Represent manager in meetings whenever there is a scheduling conflict or whenever manager is out of office.
• Provide guidance for risk documentation and/or remediation for all I/S areas in realm of preparation of Health Insurance Portability and Accountability Act HIPAA , Federal Information Security Management Act FISMA , Department of Defense DoD , Information Assurance Vulnerability Alerts IAVA , Defense Information Systems Agency DISA Security Technical Implementation Guide STIG , National Institute of Standards and Technology NIST compliance across multiple Lines of businesses including Medicare, TRICARE, and Commercial infrastructure.
• Instrumental in creating new automated tools to use within our Department for increased productivity to meet demanding deadlines.
• Accepted additional responsibility in programming support for Audit-related Risk documentation repository database which is written in VBA and SQL, along with other databases and programs in Visual Basic, SQL, and stored in MS-Access to support I/S risk assessment infrastructure.
• Evaluate, recommend, and update procedures in accordance with company policies, standards, with customer requirements, and needs.
• Create Analytics data to track remediation progress during yearly audits, monthly Self-Assessment audits, etc., which have high visibility within the Company, for presentation to Executive management, ensuring Service Level Objectives SLOs and Service Level Agreements SLAs are being met. Track improvements and/or issues and notify each I/S area of results. Based on results, determine timeframe for remediation for each I/S area to ensure each audit deadline is being met.
• Create Analytics data for CIO, CEO, and outside Customers, turning large volumes of data into meaningful analysis aligned to the business objectives with visual interpretations to create a holistic picture. In having the full view of the Company's security and compliance state, enabled I/S to be more proactive in strategic planning and decision-making.
• Develop and document better processes for a more streamlined approach for handling self-assessment and yearly audit procedures for TRICARE.
• By utilizing advanced-level MS-Excel and Audit Control Language ACL Desktop to achieve complex analysis and reporting, Executive management is able to see an overall picture of Vulnerability/Threat reporting not previously available in order to make better business and security decisions.
• Manage TRICARE self-assessment Walkthrough.
• Ensure vulnerabilities were either remediated or documented in a timely manner within I/S for Medicare and TRICARE based on Retina, Nessus, PGD, AppDetective scans or by zero day vulnerabilities, or by IAVMs, etc.
• Write Standard Procedures Documentation update Information Systems Standards Manual ISSM, a government version of a Systems Security Plan SSP , as needed for our Team's data.
• Evaluate and test Archer for environment for implementation into Company. Part of Test Team for first Phase of implementation of Archer.

Environment/Tools: ACL Desktop, Active Directory, SharePoint, Windows XP, MS-Office Excel 2003/2007/2010, Access 2003/2007/2010, VBA, SQL, MS-2008 Visual Basic Express, MS-SQL Server 2005/2008, CA-Harvest, Outlook, Archer. Required knowledge of HP UNIX, zLinux, Z/OS, RedHat Linux, Network, LAN/WAN, security, firewall, audit, Incident Response Management, TRICARE, Medicare, Commercial policies and government practices, PHI, PII, DB2, Domino, Web Apache, Tomcat, patch implementation, Nessus, Retina, PGD, SRR scanning, Manual Checklists, STIG requirements, analytical skills, leadership skills, and technical background.

Confidential

IT Security Coordinator

• Primary responsibility is to be a Liaison between the newly formed First Coast Services Options FCSO and Blue Cross Blue Shield of Florida BCBSFL in order to ensure a smooth transition of network access between the Companies and to coordinate the security, compliance, audit, and network split.
• Document and revise BCBSFL Security Operating Procedures SOP's into Work Instructions for Systems Security processes.
• SME for numerous projects including EDC Transition, EVT Transition, and MIIS Project Identity Management . Took on additional responsibilities, answering security hotline for various Medicare applications.
• Instrumental in updating various processes after Domain/Company split. Troubleshoot and coordinate with internal/external Departments and Companies relating to security issues in Z/OS, RACF, UNIX, WIN XP, WIN 2000 environment.
• Instrumental for enhancing Systems Security Access request form and Access Removal form, to aid in minimizing user/analyst errors as much as possible for improved performance.
• Responsible for end-to-end completion of security access requests in a Z/OS, RACF, UNIX, WIN XP, WIN 2000 environment.
• Revise the Systems Security Access Request and Systems Security Access Removal forms to ensure effective compliance with ISO 9001, CMS requirements and to enhance internal controls for improved processes.
• Provide responses for audit requests assigned to FCSO Systems Security for all internal and external audits, assessments, and reviews in accordance with CMS guidelines, BPSSM, FISMA, SOX, HIPAA, and NIST standards.
• Train Junior Security Analysts in audit compliance and in applied security.
• Ensure timely management approval of requests Complete or Coordinate technical tasks necessary to enable the requested access Follow up with other Information Technology IT areas internal and external to ensure timely completion of tasks assigned Problem resolution and escalation and Coordination of maintenance of security-related role templates and Knowledge Base.
• Utilize the CISS Tool in testing and auditing Centers for Medicaid and Medicare Services CMS Core Security Requirements CSR 's as assigned audit .
• Review security controls and processes to ensure efficiency and compliance with all applicable CMS Core Security Requirements pertaining to mainframe, network, Windows, and UNIX provisioning, maintenance, de-provisioning that is related to CMS requirements for Access Control identified in the Core Security Requirements CSRs , the CMS Business Partner's Systems Security Manual BPSSM , and other Federal government guidelines and documents.
• Work in an environment that is unique in Healthcare to meet strict Government standards for Medicare.

Environment/Tools: PHI, PII, RACF, TSO/ISPF, REXX CList, IBM Utilities, JCL, IMS, CICS, UNIX, Z/OS, Windows XP/NT/2000, Active Directory, FASST, Service Center, and Support Center, Oracle PeopleSoft.

Confidential

Senior IT Security Analyst

• Responsible for analyzing network strategies for a large enterprise network 117,000 employees/non-employees for Oracle, Unix, Z/OS, OS/MVS, ACF2, WIN NT/2000/2003 environment.
• Maintain Client Company's security standards for environment during merger with Blue Cross Blue Shield of Georgia and Anthem Companies in compliance with Sarbanes-Oxley Act SOX and to meet HIPAA Standards under COBIT and SOX 404 Control Objectives.
• Respond to audit requests for risk documentation, analyze results, and appropriately respond to 3000 audit requests for SOX 404, HIPAA, SAS 70 Controls, and Train other analysts in provisioning/terminations.
• Provide technical review of current administrative procedures and review new security tools and methodology and provide suggestions to management and team regarding possible usage.
• Train Junior Security Analysts and provide mentoring and leadership for the region within our group Four people . Identify and resolve technical issues and ensure unauthorized access is prevented in support of divisional/corporate directives.
• Control, monitor, and maintain access to multi-platform products, facilities, and corporate data. Troubleshoot complex problems with access to corporate applications software facilities for all computing environments.
• Configure software product interfaces within the security system, support upgrades of IBM-supported products, and test new release and maintenance upgrades of security system.
• Write procedural documentation for terminations/provisioning to meet SOX and HIPAA compliance.

Environment/Tools: CITRIX, IBM Tivoli, Active Directory, EUM Enterprise User Management , RACF/ACF2, TPX, Z/OS, AIX and HP UNIX, SAMS, SMITTY, ITIM Tivoli , PHI, PII.

Confidential

Business Process and IT Risk and Control Auditor

• Provide leadership, guidance, and training to Junior IT Risk Consultant in technical aspects and auditing.
• Auditor for Enterprise Risk Services for Client Company's external audit controls to reveal the client's business and information security exposures and implement solutions that reduce risk and enhance the quality, assurance, and security of information systems and business processes.
• Research, organize, and analyze data by utilizing information resources with information gathered through interactions with clients, other team members, and third party contacts identifying and testing internal control policies and procedures with a focus on technology and security documenting the application and control findings in accordance with Sarbanes-Oxley Act SOX under COBIT Control Objectives.
• Sections of Control Activities include Database Administration, Disaster Recovery/Tape Backup, Information Systems Operations, Information Security, and Applications Systems Implementation and Maintenance.

Confidential

CIO/Project Manager

• Provided technical solutions and project planning for new startup Company.
• Directed technical staff consisting of approximately five to seven Nortel Network data and voice engineers, and two Security , CCNA Network and Security professionals including myself .
• Responsible for interviewing candidates, background checks, human resource management, and retention for 10 employees.
• Successful completion of all projects within budget.
• Provided project management as well as team lead responsibilities for design and implementation of technical service to include MS .net, OS2, VTAM LAN/WAN connectivity as well providing first line support for MS ACCESS, SQL, MYSQL Data Base structures and schema's.

Confidential

Senior Data Security Analyst

• Responsible for a high-profile project for the AEGON Data Security Team to come up with a solution for consolidating mainframe multi-session managers such as NVAS, Teleview, and multiple instances of SuperSession into a single application to fit the AEGON environment.
• This project required a background of network, mainframe Multi-session Manager software, VTAM, JCL, OS/390, SNA, TN3270, WIN NT/95, end-to-end connectivity, project management and development skills, problem resolution and analytical skills.
• Researched existing AEGON and Transamerica networks, applications, and end-user environments to come up with a solution that best fit the needs for the Data Security Team.
• The solution was a newly installed instance of SuperSession, which insured the latest maintenance level, and incorporated RACF as the source for profile and security checking, greatly reducing maintenance time.
• In the process of implementing software and migrating over 4000 users, interfaced with other technical teams such as VTAM, CICS, IMS, Helpdesk, and MVS.
• This project requires network problem resolution and diagnosis due to the myriad of applications and uniquely installed instances of applications.
• Also successfully completed a second project to convert JCPenney users over from in-house written menu program to SuperSession.

Confidential

Senior Network Systems Management Analyst

• Work on Event Management Team in Network Development to design, implement, and test solutions for automatic problem ticket creation from production batch jobs and network events processed in Enterprise environment on the OS/390 V2.4, V2.7, and V2.9 mainframe, RACF, WIN NT/95, through Netview TME 10 V1.x and NAPA V4.x which is transported to HP-UX UNIX based server using Service Center V2.x.
• Work with others to design GUI format for problem tickets coming into Service Center based on type of problem messages coming in. Write REXX and Netview CList to customize and filter job abend information coming into Netview.
• Install, customize, tune and support Netview TME 10 V1.x, NAPA V4.x releases, VisionNet V5.3. Enable and support SNMP, SMTP for mainframe TCPIP with CIP interface into Cisco routers.
• Plan and design scenario for Y2K testing for Netview and NAPA standalone and integrated testing. Support person for the VTAM/NCP group working to resolve problems from NDM Connect:Direct , VTAM, SNA, TCP/IP and FTP, end-to-end network.
• Train Junior Network Systems Analysts in network application and support.
• Implement and test new customer connections through Advantis network to NDM. Utilize VISIO for Network design and mapping. Coordinate efforts with external and internal customers and other groups on many projects.

Confidential

Senior Network Analyst

• Install, customize, maintain, and upgrade mainframe host products such as NCP gen for Amdahl and IBM FEPs, SuperSession, VTAM, Interlink SNSTCP, AFT user written batch data transfer application , Connect:Direct, BlueVision, and NetMaster, WIN NT/95 in an Enterprise environment with Cisco routers, MVS, RACF.
• Involved in Project to move an entire data center from one location to another.
• Troubleshoot enterprise wide problems. Helped install backbone route for Cisco routers.
• Maintained and troubleshoot DNS on Unix Solaris servers.
• Tasked with project of converting AFT file transfers to Connect:Direct.
• Utilize VISIO for Network design and mapping.

Confidential

Senior Network Analyst

• Install, customize, maintain, and upgrade mainframe host products such as NCP gen for NCR FEPs, AFT, VTAM, TCP/IP, Interlink SNSTCP, Connect:Direct, WIN NT/95 and NetMaster in an Enterprise environment with Cisco routers, MVS, RACF.
• Involved in major project of moving an entire data center from one location to another.
• Troubleshoot enterprise wide problems.

Confidential

Senior Data Communications/Systems Analyst

• Install, customize, maintain, and upgrade mainframe host software products including TPX, IBM NCP, Connect:Direct, Netview, WIN 3.11/95 and Assist/GT running under CICS.
• Provide communications configuration, installation, customization, and maintenance for all phases of data communications from end-to-end. Write, implement, and test system automation techniques using Netview Automation.
• Customize and upgrade TCP/IP and FTP on IBM mainframe environment with MVS and RACF, including troubleshooting hardware and software network problems, and providing communications support on Distributed Network Systems.
• Analyze equipment requirements, perform cost analyses, and install/customize hardware and software to effectively match unique telecommunications standards. Perform and read GTF traces/dumps as part of problem resolution.
• Responsible for all phases of implementation and security for third party software and communications for Disaster Recovery Team.
• Perform PC software upgrades testing training in Novell Netware 3.11 and Windows for Workgroups environments.
• Train Junior Network personnel in systems analysis and design.
• Worked with Vendors in pricing and support of contracts, upgrades, troubleshooting.
• Worked within budget on new projects.

Confidential

Data Communications Analyst

• Consult with various companies in supporting software such as Novell Netware 3.11 LAN's.
• Design graphical presentations using i.e., Harvard Graphics, AmiPro, and various other software in a Novell Netware 3.11 environment.
• Provide technical support to customers and sales personnel.
• Resolve all phases of issues, from end users to systems, in an MVS/ESA, RACF, VSE, and DOS environment.
• Provide Product information and presentations to customers Sales personnel.

Confidential

Systems Programmer/Analyst

• Project Lead for many data center moves as the Company acquired more data centers to consolidate services.
• Handle resource management in working with other areas to ensure work was completed in a timely manner, contacting appropriate resources from other groups to get their input and cooperation to complete the projection on time, work with external Vendors outside the Company to implement receive new versions of software within budget constraints and to receive support.
• Support IBM NCP for IBM FEPs and supported RACF in a multiple host environment running MVS/XA, MVS/ESA, VM/XA SP2.1 and VSE 1.3.5. Supported a network of over 30,000 users, successfully resolving an average of 100 software, hardware and telecommunications issues per week for the Distributed Network Systems.
• Provide third party software support for TRACS, SuperTracs, Connect:Direct, Netview with NLDM and NPDA, CDNDT and TPX including installation, security, testing and implementation into a production environment.
• Perform changes/upgrades and support for ACF/VTAM and RACF in a multiple IBM 3090/ES-9000-host environment running MVS/XA, MVS/ESA, VSE, VM/XA.
• Train Junior Systems Programmers and mentor in Network applications and support.

Confidential

Systems Programmer/Analyst

Support ACF/VTAM, IBM NCP, and system software in an enterprise environment. C S Bank Company was merged with NationsBank and Data Center began move to Carolinas'.

Confidential

Computer Systems Programmer Grade GS-5 to Ending Grade GS-11

• Select and interview candidates for junior positions.
• Setup professional training for new team members within the Information Systems Group.
• Plan and justify professional training for the Information Systems Group and was successful in getting much needed training approved within budget.
• Train Junior Systems Programmers and mentor in Network applications, Security, and Support.
• Represent MCLB, Albany I/S at the yearly Marine Corp Data Network conferences for strategizing upcoming new software and network developments within the Marine Corp.