INFORMATION SYSTEMS MANAGEMENT

IT Security Program Management

Domestic and International

Summary:

Results-oriented and talented IT Security program manager, accomplished in developing, implementing, and managing privacy and data protection security projects. Qualified in all facets of projects from feasibility analysis and conceptual design through implementation. In-depth knowledge of IT regulatory compliance, excellent organizational, leadership, budget management, team building, negotiation, and project management qualifications. Disciplined budget holder, effective communicator with experience in managing multi discipline and multinational teams. Known by colleagues for solid reliability and strong work ethic. Enthusiastic and out-going, develops effective working relationships with internal external parties.

PROFESSIONAL EXPERIENCE

Confidential

Corporate IT Security Program Manager

• Led the implementation of the Banks Database Vulnerability Assessment Scanning and remediation program. Solution implemented, IBM's Guardium Vulnerability Assessment Scanning, Database environments in scope Teradata, Informix and Netezza.
• Worked directly with IT Senior management, Security Architecture and IT Risk Compliance subject matter experts in the development and implementation of the Banks Enterprise Wide Database Vulnerability Assessment Scanning and Remediation program.
• Led global teams across broad technical, financial and business disciplines. Focused teams on business objectives and tracked progress to ensure project milestones were completed on time, on budget and with the desired results.
• Collaborated with Line of Business Program teams socializing an holistic approach to data protection for a complex threat landscape.
• Partnered with Enterprise Architects interdepartmental teams for buy-In and implementation across the enterprise.
• Facilitated collaboration workshops with subject matter experts across the globe using web-based collaboration tools.
• Coordinated IT risk assessment for more than 5000 Database servers across the enterprise.
• Spearheaded a campaign to develop and implement new KPI reporting capabilities in the area of vulnerability management.
• Remediated over X of vulnerabilities created by insecure database configurations, missing databases patches, unauthorized changes, misconfigured privileges. weak passwords and other vulnerabilities.
• Reduced vulnerability identification and remediation cost by 65 through process flow improvements and automation.
• Accountable for the development, end user acceptance and implementation of robust, sustainable and cost effective BAU workstream post project close.

Confidential

Corporate IT Infrastructure Project Manager

• Successfully orchestrated the build out of a new Corporate Enterprise wide data center. Time frame - 10 Months, Budget- 3 Mil .
• Established project governance model, developed project charter, communication plan, project plan, risk management strategy, assumptions and KPI reporting mechanism.
• Designed innovative templates for information gathering, conducted presentations on the corporate IT data center build out and IT infrastructure relocation strategy to a wide range of stakeholders, compiled data and prepared documentation to include application architecture, data flow diagrams, device and component interdependencies, business impact, application performance baselines.
• Facilitated data center design workshops with external service providers, architects, and network operations to determine I.T. requirements such as network hardware design, cabling, telecom circuit, server equipment, electrical needs and layout of I.T. Closets/Server Room.
• Represented IT Infrastructure team as a single point of contact to external service providers and internal business, actively involved in negotiations about SLA, availability, performance and end user experience. Closely interacted with senior management and executives to align IT with changing business goals and vision.
• Led vendor RFP, proposal review, demo, and selection process.
• Responsible for professional services statements of work, contract terms, rates, plans, schedules, resources, change orders and roles/responsibilities.
• Successfully executed the relocation of two business unit IT data centers to the new corporate IT data center, resulting in annual savings of 1.2 million in personnel, access charges and reduction of applications/licenses fees.

Confidential

Senior IT Security Project Manager

• Primary responsibility was to transition the organizations internal security application monitoring function to an external security event monitoring service provider.
• Managed the outsourcing of various application monitoring programs to a vendor supported Security Operations Center.
• Worked collaboratively with Business Unit heads and extended project team members in the development of detailed work streams.
• Developed, designed and implemented SOP for external security monitoring service provider. Activities included process flows, roles, and responsibilities definition.
• Facilitated end user access appropriate to role workshops with business leads.
• Responsible for ensuring that end user access and privileges were appropriately defined, implemented and monitored.

Confidential

Corporate IT Security Project Manager

• Primary responsibility Corporate IT Security project portfolio management. Worked closely with Senior IT Management in the development and implementation of the organizations IT Security Operations program. Led, planned, organized, and manage multinational teams to bring about the successful completion of high profile global security initiatives.
• Worked directly with IT Senior management, Security Architecture and IT Risk Compliance subject matter experts in the development and implementation of IT security standards/policies/procedures and guidelines.
• Directed the global rollout of a Security Incident Event Manager solution known as Arcsight SIEM . Delivery of this enterprise log monitoring platform entailed proof-of-concept/pilot, business processes analysis, architectural design and development. Led cross-functional/multinational teams in the areas of feasibility analysis, planning, budgeting and implementation. Project scope covered both Domestic and International operations, 7500 endpoints and was a key deliverable in meeting the organizations strategic goals with regards to IT Regulatory Compliance.
• Directed the rollout of Guardium, solution continuously monitored/tracked all DBMS traffic at the network level and database servers. Key deliverables, real-time database monitoring and alerting. Solution consolidated and normalized audit information from disparate systems into a centralized audit repository, leveraging both policy-based controls and anomaly detection. Data repository streamlined incident management, enterprise-wide compliance auditing and reporting, correlation, and forensics work streams.
• Managed the global rollout of an IT Risk and Compliance solution, Symantec's Control Compliance Suite CCS . Delivery of project entailed proof-of-concept/pilot, business processes analysis, architectural design and development. End points in scope were IT assets across the global enterprise that was classified as critical to ongoing business operations. The solution automated the vulnerability identification work stream, alerted on deviations from Corporate Security standards and reported on the overall risk and compliance posture using web based dashboards.
• Change Management Steering Committee member. Charter of the Steering committee was to reduce complexity multiple disparate service desks , inability to meet deadlines for service delivery and lack of visibility to make decisions. Key deliverables, implementation of a new IT service management program ITSM . The foundation of the program was to leverage ITIL and using technology HP Service Manager to automate best practice processes like incident, change, problem and configuration management. Initiative resulted in service desk consolidation eight disparate service desks to one , improved visibility into change status timely and convenient access to information and reduced risks/cost from system failures or unforeseen problems.
• Implemented a laptop theft data recovery/service program, using a third party software based solution know as Computrace. Solution tracked stolen laptops using GPS or WI-technology. When the stolen asset accessed the internet, data delete services would be used by Security Operations to remotely delete all information from the hard drive
• Directed vendor security risk assessment program, conducted technical risk evaluation of software, installed systems and networks.
• Spearheaded a campaign to develop and implement new KPI reporting capabilities in the area of vulnerability management.
• Facilitated collaborative discussion between cross functional teams in the development and implementation of new access-controls.
• Streamlined Security Operations incident response work stream, resulting in 28 improvement in operational response time.

Confidential

Business System Analyst / Project Manager

• As a consultant within the Operational Excellence Services team my primary responsibility was to partner with clients Fidelity Investments business units to identify and enable improvements in the organizations Identity Access Management infrastructure.
• Developed project plan to assess current Identity Access Management capabilities and to make recommendations on desired state. Plan was developed using established project methodologies, plan development, resource planning and allocation, project budgeting, scheduling, contingency planning, risk analysis and mitigation.
• Led cross-functional teams in structured workshop setting, using facilitative skills to effectively mine group knowledge between subject matter experts. Strategy was effective in gaining quick consensus and buy in, streamlined project scope management and compressed overall project lifecycle.
• Worked collaboratively with Business Unit heads and extended project team members in the development of detailed work streams.
• Gap analysis was performed highlighting the variances between business requirements and system capabilities.
• Gathered, defined and documented requirements for desired state of Identity Access Management based on assessment findings.
• Mobilized the project team in the delivery of assigned tasks/work products to ensure quality and timely execution.

Confidential

Information Systems Manager

• Manage corporate I.T. initiatives including project management, capital/resource planning, scoping from design-to-implementation, end-user training, and level 1-3 customer support across the global enterprise. Develop strategies for new service offerings and deployment.
• Project lead in the legacy migration of the companies custom developed manufacturing execution application to an off the shelf third party application suite known as Visiprise manufacturing.
• Led cross-functional teams in the build out of IT infrastructure in support of new manufacturing facilities globally. Leveraging structured workshop setting, using facilitative skills to effectively mine group knowledge between subject matter experts. Strategy was effective in gaining quick consensus and buy in, streamlined project scope management and compressed the overall project lifecycle.
• Project lead in re-definition and implementation of Enterprise-wide change and event management process and procedures. Duties included managing cross-functional teams to ensure development of new processes, systems, and documentation in support of strategic goals.
• Developed, designed and implemented SOP for IT infrastructure in support of manufacturing business metrics. Activities included process flowcharting, roles, and responsibilities definition.