Profile

Applicant is a senior manager working in the Confidential. Applicant has provided exceptional professional consulting to clients globally, to assist them in developing, and enhancing a more effective security posture for their organization. Prior to joining Cognizant Technology Solutions Applicant was the Senior Enterprise Security Architect for Confidential’s internal hosting infrastructure. Applicant was responsible for developing effective IT security strategies and communicating the transformation of these solutions to senior management and Confidential executives. Applicant has also held positions as a Principal Security Consultant with Confidential Security and Privacy, a Senior Information Security Consultant with Lucent, and a Network Security Analyst and Trainer with RISC management.

Applicant has provided information security education training and certifications of various IT security technologies. Applicant has worked within all sectors and industries(retail, banking & finance, health - care, telecommunications, etc) with a strong focus on developing and delivering IT security solutions that integrate IT security controls based on policies, standards, and requirements.

Applicant’s work has also included policy development and implementation, and security architecture and solutioninig of multi - faceted, multi customer hosting environments globally. Applicant has 19 years in Information Technology, with 16 years focusing on IT Security

Summary

• Nineteen years experience in Information Technology including information security management consulting, project management, enterprise risk management, enterprise security architecture and implementation. Policy development, enhancement and implementation, security process design enhancement and implementation, IT audit, assessment, remediation and compliance. Business transformation to IT security services.
• Eight years experience as a Technical Program Manager/Global Enterprise Security Architect - Responsible for budget and forecasting, identifying and delivering security strategy, policy development and implementation. Identify and recommend policy updates based on changes in industry standards, governmental regulation change and/or business drivers and technology life-cycle requirements. Infrastructure security standards development. Developing and implementing security solutions for web application infrastructure, Defining web application security controls and solutions. PCI compliance solution development for business unit applications. Enhance business controls and risk management and mitigation of internal infrastructure supporting global business units. Merger and acquisition review of policy and infrastructure for integration into existing environments. Architect and deliver proof of concept security solutions for internal business unit executives. Project Management - tracking and validating project successes to the office of the CIO for the world’s largest IT provider, and to internal stakeholders - business unit executives.
• Three years experience as Principal Security Consultant leading global teams to complete risk assessments, vulnerability assessments, security solution design and implementation of security services.
• Three years experience as Senior IT Security Consultant for a global IT provider. Led multi-faceted engagements of teams for delivering enterprise security design, intrusion detection design, firewall design, incident response process solutions and vulnerability and virus management program and process solutions.
• As a Senior IT Consultant, Principal Security Consultant and Senior IT Enterprise Security Architect - Applicant has led teams both directly and indirectly globally and virtually of over 40 personnel in the delivery of IT Security solutions.
• The solutions that Applicant has designed, enhanced, and implemented have required a strong understanding of industry related security standards including but not limited to; HIPAA, PCI DSS, ISO IEC 27001/2, ISO 31000, SAS70, SOX and GBL standards, country specific standards and data privacy laws (e.g. European Union Data Privacy, JIS Q 27002, GB/T ), APRA, ITAR Standards; applying and integrating these standards into business strategies.
• Applicant is active in the information security community and is professionally a member or associated with ISACA, IT Architects Association, IT Security Audit Professionals, Information Systems Security Association, ISO 27000 Information Security Management, NSA Alumni Association, and Cloud Security Alliance
• Applicant has published articles for Information Security magazine, SecurityFocus,, industry specific trade journals, and published various technical white papers

Skills

Government or Industry related Regulations:

• Health Information Portability & Accountability Act (HIPAA)
• Control Objectives for Information and related Technology (COBIT)
• Payment Card Industry (PCI DSS)
• ISO IEC 27001/2, ISO 31000
• COBIT,
• COSO
• Sarbanes-Oxley Act (SarbOx or SOX)GBL
• ITAR (International Traffic and Arms)
• Gramm Leach Bliley Act (GLBA)
• Information Technology Information Library (ITIL)
• SAS70
• Country specific standards and data privacy laws (e.g. European Union Data Privacy, JIS Q 27002, GB/T

Technologies (most recent but not limited to)

• Encryption - IPSec, SSL, PGP
• DS/IPS, DLP, SNORT, TripWire
• Firewall (CheckPoint, Cisco) - (Virtual Security Context)
• Virtualization Technologies
• Unix, Linux, zOS - SuSe
• Global Load Balancing Technologies
• Guardium DB Security
• SIEM Technologies
• Fusion Framework - Risk Management and Recovery Planning

Professional Experience:

Confidential

Associate Director/Principal Consultant - Senior Manager

IT IS Network Security

As a Senior Manager for Cognizant I deliver successful information & network security consulting services to clients. I am a practice leader within the Information Technology Services division that provides support through leadership to Cognizant\'s vertical and horizontal lines of business. I deliver effective proposals and security solutions to Cognizant clientele. I have successfully delivered Enterprise Security Solution Designs including one for Norway’s largest bank. Applicant also has lead large engagements and delivered successful PCI security compliance and readiness solutions for retailers and financial institutions.

I also am responsible for developing the professional careers of junior team members, providing mentoring and guidance and establishing individual and team goals. I evaluate and match appropriate personnel and teams to key engagements. I work with Cognizant global cross functional business units to deliver successful security solutions for Cognizant clients.

I utilize my extensive experience and knowledge within the architecture discipline to transform business requirements to IT security services. I am successful in promoting security solutions to senior executives by being an effective communicator and identifying needs within the business. As a practice leader I am responsible for responding to IT infrastructure services related requests for proposals (RFP), creation of ITIS statements of work (SOW) documents, creation of ITIS division service offerings pre-sales presentations to senior management and executives. I lead and work with global cross functional teams to deliver business transformation into IT services.

Confidential

Senior Enterprise IT Security Architect - Technical Program Manager - Confidential Internal Hosting Infrastructure

• Develops and communicates IT Security strategy to the office of the Confidential CIO and cross functional business units within Confidential. Responsible for strategy, solutioning, reporting, validating project successes, to the Confidential CIO, and Confidential business unit executives
• Provides IT strategy and direction with vast experience in enterprise security architecture, product and vendor evaluation, solution design & delivery of business transformation to IT security services, strong focus on IT security architecture, policy & risk management and mitigation and audit
• Participated in R&D security solutions for Confidential internal deployment. Developed and designed architectural solutions and lead security process reviews for web based and mobile based solutions for Confidential internally
• Provides mentoring and consultation to junior team members pertaining to IT Security solutions, architecture principles, and professional development
• Prepare and deliver successful security solutions throughout the IT security life-cycle
• Designs and implements IT security solutions, including network, infrastructure security, and policy driven solutions which responsibilities include;
• Provides Enterprise IT security designs to align with Confidential business strategy
• Identify trends and provide strategy and direction for multiple global cross functional business units within Confidential. Deliver robust, scalable security designs allowing for future business growth and technology adoption.
• Provide guidance as a board member of Confidential’s corporate policy review teams.
• Developing architectural solutions complying with industry, government and corporate standards and regulations.
• Project and resource management, and solution delivery of business transformation to IT security services. Deigning solutions that have a strong focus on access control technologies, virtualization, identity and content management, security technologies, IDS/IPS, policy and risk management.
• Ensured designs, and solutions utilized approved processes and methodologies, such as GS Method, Unified Method Frame Work, ITIL, CORBA, ISO, etc..
• Developed first in house use solution of Global Load Balancing within Confidential to increase overall infrastructure readiness
• Prepared, documented, and provided peer reviews of install procedure guides (IPG- cookbooks) for IT & security technologies for implementation into Confidential global data centers
• Facilitated, coordinated, provided subject matter expertise for integration and consolidation of security solutions into existing data centers globally
• Develop and coordinate implementation of highly available security solutions to meet stringent security SLA/SLOs
• Identified potential technical limitations and exposures for security technologies and processes, prior to implementation and identify and utilize mitigation plans when and if required
• Facilitated and provided senior tier level problem determination and crisis management leadership during implementation of core security solutions, including during steady state. Lead and provide effective support during incident management and problem determination related events. Core team member of Confidential’s Threat Mitigation team
• Developed and streamlined enhanced security processes for application & infrastructure implementation into Confidential global data centers yielding cost effective solutioning, provide significant contributions to Confidential intellectual capital repositories
• Provide direction and core recommendations to the office of the Confidential CIO pertaining to security strategy, policy, compliance and standard update. Develop, foster and nurture key relationships with global Confidential business unit executives for supporting of enterprise security solutions
• Principal Security Consultant Lead and manage Confidential Security & Privacy security consultants utilizing Confidential GS method on security engagements. Provide effective guidance and mentoring to consultants. Track engagement activities, time, billing and milestones, Successfully solution and deliver multi-million dollar security solutions with Fortune 100 clients
• Core team lead of Confidential’s threat mitigation, incident response, and disaster event team
• In 2003 received the Outstanding Leadership Award from then Confidential GM - Ginni Rommetty – Now Confidential CEO

Confidential

Senior IT Security Consultant

• Roles and responsibilities included delivery of enterprise security design, intrusion detection design, firewall design, incident response design, vulnerability and virus management program and process, and PKI design and deployment of these solutions. Performed vulnerability and penetration testing.
• Acted as the liaison between IT security vendors and clients
• Prepared, maintained IT solutions for Lucent clients
• Liaison for Lucent executives providing IT Security guidance and recommendations for client executives
• Responsible for all engagement consultants’ work related activities.