PROFESSIONAL SUMMARY:

• An experienced professional with developed focus on Governance, Risk Management, and Compliance (GRC) - ITIL controls such as an incident & problem management.
• Proficiency in testing methodologies and approaches (COBIT, FDA, HIPAA, ISO/IEC 27001/2, NERC - CIP, PCI DDS, PII, SSAE 16 / ISAE 3402, SARBANES-OXLEY ACT (SOX) 404).
• Successfully serve in multiple roles of escalating responsibility and expertise during a 20+ year career working directly with Information Security Systems Technologies, for example; administration, support, engineering, architecture, analysis, and leadership teams.
• A hybrid acumen and heightened ability to identify, analyze, understand, communicate, and execute, while balancing technical complexities with business requirements. Strives to infuse added-value and is extremely accomplished in achieving both short-term objectives & long-term company goals through relationship building and strategic planning. A critical thinking hands-on technologist
• A solid goal and task oriented professional. Hybrid acumen with the ability to understand, communicates, and manage business requirements and IT Policy Governance. Functional Risk Management, identification of threats, exposures, with the know-how to address them through real solutions.
• Can operate in any selected domain of Management interest and I am highly capable of strategic planning with respect to closing escalating open issues with success and realized process improvements.
• Effective mapping of the social scope of Management, the identities, and objectives of stakeholders, while designing the basis upon which solutions may be evaluated and action plans developed. Recognized experience in all facets of Risk Assessment, specializing in high visibility time sensitive projects and vendor security evaluations and compliance.
• Defining a framework for the activity and agenda for identification and performing an analysis of situational incidents and problems involved in processes.
• Mitigation of issues using available technological, human, and organizational resources, thus ensuring business goals and objectives are met and/or exceeded.
• Keen understanding of IT Assurance: ITIL-F, Good Practice IT Service Management -Strategy, Design, Transition, Operation, and Continual Service Improvement with a strong focus on Strategy and Design. As Security Lead, routinely supervised and managed the activities of junior team members.
• My interpersonal communication and management style is persuasion coupled with a focused strategy which compliments both organizational goals and the individual employee.

SPECIALTIES:

Multiple years’ experience working directly with PCI DDS Compliance Requirements alongside QSA to ensure Tier 1 and 2 Merchant Certification. Proficient with OWASP, ISO 27001 and NIST, coupled with system hardening and remediation. Security Technical Implementation Guides (STIGs). Conducting Risk Assessments, Security Application, Architecture, and Managing IT Security related Governance tasks in accordance with industry accepted information systems audit standards coupled with the ability to solve complex problems. Successfully align Business Strategies with IT Strategies, while handling Cascading Events. Communicating strategies and goals into the Enterprise environments and accomplishing mission objectives. Optimize organizational structures that facilitate strategy and goals of Service Delivery Life Cycle requirements.

PROFESSIONAL EXPERIENCE:

Confidential

Principal Risk Manager Global

Responsibilities:

• Providing Risk Assessments, Compliance Control Validations, with detailed review of practical options for your organization ensuing due-care and diligence is provided by your business in order to protect your business.
• Company-wide risk assessments and/or targeted technical analysis based upon functional business and technology risk management objectives and defined scope. Great for audit preparation, self-analysis, compliance control, remediation validation, governance support and more.
• Proven ability to successfully navigate the needs of the business with realistic technical goals and a keen understanding of the sensitivity issues and potential limitations involved.One vision with a single focus and expertise: GRC - Governance, Risk Management, and Compliance (COBIT, FDA, FISMA, HIPAA, NIST, PCI, PII, and SOX).

Confidential, Jersey City, New Jersey

Risk Management Analyst

Responsibilities:

• Drive the creation, implementation and maintenance of a company-wide security program, policies and procedures, by facilitating collaboration with IT team to implement best practices and processes to manage information security risks. Responsibilities include risk assessment, communication & management of potential threats, evangelizing security best practices throughout the organization, technical documentation, vulnerability scanning, addressing regulatory compliance (PCI, NIST, HITECH, etc), development of security incident response, business continuity, and disaster recovery plans. Strong leadership qualities and being able to work well in an dynamic environment.
• Mitigate identified risks; meeting business objectives & regulatory requirements.
• Collaborate with information technology teams to implement and maintain information security road-maps. Investigate cyber-security incidents and ensure execution of the incident response process for resolution of cyber-security incidents.
• Determine security requirements by evaluating business strategies and requirements; researching information security standards and technical controls; conducting system security and vulnerability analyses and risk assessments.
• Successfully engage IT and business leaders to ensure adequate security solutions are in place throughout all systems and platforms.
• Develop/maintain awareness and information security industry best practice training.
• Respond to requests for information on IT company policies, practices, guidelines and standards.

Confidential, Wilmington, Delaware

Risk Management Analyst

Responsibilities:

• As an Information Risk Officer have the following responsibilities and functions: Developed understanding of the implementation and adherence to COBIT, PCI, and Sarbanes - Oxley Requirements and Compliance: Risk identification, tracking, resolution from an Information Technology (IT) perspective.
• Integral part of a team responsible that works closely with the Information Risk Management group to understand corporate risk standards and reporting requirements. Identify, track, drive resolution, and monitor progress of IT related risks to Tech Ops. Drive and assist with Control Self-Assessment reviews working with operations teams.
• Assist with the monitor and tracking of threat management metrics with a focus on improvement. Routine interaction with senior staff to report results. Routine interaction with tech individual contributors to drive remediation of identified issues.
• IT experience with a track record of success driving process improvements and change. 3 - 5 years of experience in systems auditing/IT Risk, or related field preferred.
• At least 5 years domain experience with engineering and operations for Windows, ESX, Unix/Linux, SQL Server and Oracle systems.
• Exceptional written and verbal communication skills.
• Demonstrated ability to present to management and effectively communicate with technology professionals. Skilled in problem solving and analytical reasoning.
• Ability to work well in a team oriented, agile environment. Strong analytical and communication skills and an eagerness to learn new technologies.

Confidential, Princeton, New Jersey

Risk Management Analyst

Responsibilities:

• Mastery of BMS security risk assessment tools and question sets. Conducts risk assessments on BMS high security risk applications. Understanding of application architectures (including web, client server, mobile & controls around cloud deployments).
• Responsibilities included vulnerability testing using web scanning tools like Webinspect or Appscan.
• Documents all residual risk; provides security risk advice; gets business approval for remaining residual risk.
• Prepared operational metrics, trend analysis, risk assessments reports for senior management for FDA, HIPAA, PII, and Sox compliance.
• Provided training and awareness; keeps OneBMS portal materials updated; perform training sessions as needed.
• Executed dynamic risk-based assessment plans that identifies value-added recommendations to enhance Company processes and controls.
• Worked with a highly skilled team environment to secure U.S.-based operations, international company subsidiaries, strategic initiatives, critical business processes and key third-party outsourcing arrangements.
• Conducted pre-audit interviews included reviewing testing business processes and monitoring compliance with company policies, procedures, regulations (e.g., U.S. Foreign Corrupt Practices Act, interactions with healthcare professionals) and master services agreements.
• Strategic assessments include the Company’s social media programs, data privacy and sustainability reporting. Throughout the assessment, the Risk Manager responsible for interacting with senior management and enhance oral and written communication skills.

Confidential, Voorhees, New Jersey

Lead InfoSec Analyst

Responsibilities:

• Responsible for risk management by providing vulnerability analyses, incident response and root cause analysis. Perform risk assessments to either confirm the adequacy of security controls. Ensure compliance with company policies, practices, and regulatory requirements to protect the overall integrity and reliability of company data. Understanding and adherence to DoD & NIST Best Practice. Provide n-depth research and dissemination of information regarding risks, threats, and vulnerabilities.
• Direct ownership of the Enterprise Vulnerability Management process to include impact determination and vulnerability escalation for action execution. Prepare Security Operations documentation including Patch and Vulnerability Management Practice Policy. Ownership of Administration and Management of McAfee/Foundstone Enterprise Vulnerability Scanning System and Tripwire Data Integrity and Compliance Systems.
• IT Security liaison on a number of key projects such as Content Filtering, Web Host Migration, Document Management, Malware, Asset Management, SAP related Risk Assessments… Perform sensitive forensic investigations with documented chain-of-custody responsibility. Oversee the administration, monitoring, and support of Intrusion Detection\Protection Systems (IDS/IPS) to include custom alerts and signatures.
• Manage new partners with respect to vendor process, including contractual Master Contract and Statement-of-Work and Statements of Work. Assist with the architecture and development of new security technical solutions, process-flow improvements. Employee Security Awareness presentations, IT Security training, control documentation, and testing. Expertise working very closely with various internal and external personnel of various levels during the IT Audit process. Routinely author and revise policy, practice, and procedural documentation in support of regulatory requirements.

Confidential, Wilmington, Delaware

Advisory IT Architect/Senior Security Analyst

Responsibilities:

• Knowledge across multiple platforms, processes, architectures - applies knowledge of IT and associated methods, and tools of the IT design profession to attain project/business unit objectives. Recognize and articulate complex problems related to solutions being developed for global deployment. Local technical supervisory responsibility for two (2) Security Engineers. Research, evaluate, and prepare project plans related to implementing IDS/IPS, Firewall, Content Filtering, Web Applications & Database Connectivity, Antivirus, VPN, Client Firewall, and associated security methodologies.
• System hardening, critical Servers, Routers, Workstations, Gateways, and Encryption solutions. Responsible for planning and directing the activities of technical project teams engaged in technical and/or business analysis, design and development of new and re-engineered in-house systems or processes. Security event monitoring, process, procedures handling, identification, and analysis of information security vulnerabilities, exploits, and threats, to include critical problem escalation.
• Liaison between parent organization, client, and third party Management. Guide the information security incident response process, pre-incident planning, identification, containment procedures, post incident evaluations, change management, and forensics.
• Coordination and production execution of corporate compliance initiatives including Sarbanes-Oxley, FDA Validation, COBIT, HIPAA, and ITIL-based change and service management processes.
• Utilize knowledge of auditing concepts to manage requirements.

Confidential, Moorestown, New Jersey

Security Consultant

Responsibilities:

• Maintain security and operational efficiency metrics through comprehensive reporting, including on-the-fly data mining, historical reporting, self-auditing and tracking capabilities.
• Analyze, recommend and implement monitoring and compliance procedures based on external and internal information security risk and vulnerability assessments.
• Collaborate with colleagues and key stakeholders to ensure that security monitoring alarms are in conformity with overall security strategy.
• Maintain a best-in-class cybersecurity incident monitoring and response processes. Build efficiencies in incident tracking and handling via automation.
• Strong knowledge of the cyber security field and excellent communication skills.
• Triage security forensics activities on identified compromised systems and unauthorized changes to production configurations.
• Current with new developments in the security industry including alerts, bugs, vulnerabilities and viruses; evaluate and report on their potential business impact.

Confidential, Mount Laurel, New Jersey

InfoSec Network Engineer

Responsibilities:

• Execute Security Risk Assessments, Vulnerability Analysis, Penetration Testing, IT Audit and Reporting. Conduct Security systems testing, encryption, penetration, and application, in conjunction with Quality Assurance.
• Experience supporting level 1 and level 2 organization's PCI-DSS 2.0 compliance effort, working with ISA or QSA.
• Deployment of Enterprise level Application and Engineering Systems and Tools, etc.
• Implement and troubleshoot solutions involving RIP, IGRP, EIGRP, OSPF, BGP, SNA, and TCP/IP. Coordination and execution of corporate compliance initiatives including Sarbanes-Oxley, Electronic Communications and Transactions Act 2002, ISO/OSI, BS7799 and ISO 1799.

Confidential, Wilmington, Delaware

Senior Security Consultant

Responsibilities:

• Lead network security efforts in incident handling, health-check monitoring, and outage management. Perform advance troubleshooting, remediation, including configurations, upgrades, and critical deployments.
• Routinely interface with executive level business and technical managers in the technology support group. Configure and troubleshoot solutions involving MPLS, Token Ring, SONET, and DWDM technologies.

Confidential, Langhorne, Pennsylvania

Network Manager/Security Engineer

Responsibilities:

• Direct the management of Technology Engineering & Support Group with multiple website connectivity.
• Administer Corporate Information Security Infrastructure Systems and supporting technologies. Supervise 10 subordinate local/remote technical professionals (6 local and 4 remote personnel).
• Full-life Project Management; Systems Security Architecture and Engineering. Implement network security protection measures for growing web based environment.
• Ensure security requirements for Payment Card Industry Data Security Standards (PCI DSS) compliant.
• Report directly to CIO\CTO and created IT Department Budget Plans.
• Administer corporate information security infrastructure systems and related technologies.
• Implement system hardening, including application servers, database servers, and web servers.
• Contribute in the development and testing of disaster recovery and business continuity plans.
• Analyze the technical needs of government contractors, procurement agents, and technical managers. Recommend network computer systems, cabling, supporting devices, and software applications.