SUMMARY

• Dynamic IT Professional wif over twelve years of progressive experience wifin Information Security Management and Architecture, Technology Risk Control, Cloud Security, Data Loss Prevention, Incident Response, Threat and Vulnerability Management, Identity and Access Management, Disaster Recovery, Vendor Management, Cloud Security, Security Risk Assessments, Technical Auditing, and Infrastructure Support.
• Expertise as a hands - on technologist implementing security toolsets as well as extensive background in strategy and program development.
• Thorough experience as a team leader leading teams to generate a vision, establish direction and motivate members. Proven ability to communicate wif Senior Management, Technical and non-technical users. Continuous learner and skills to build solid business and technical relationships to guide organizational change. Working knowledge of Information Security controls practices as well as familiarity wif regulatory requirements such as SOX, PCI-DSS, HIPAA, FFIEC, FERPA, and control frameworks like NIST, ITIL, ISO 27000, and COBIT.

TECHNICAL SKILLS

• IBM AIX 4.X/5.X
• Sun Solaris 8/10
• Linux
• Windows 2003/8/12 server
• VMWARE Vcenter
• Vsphere
• ESXi 4/5
• MS SQL 2008
• Firewalls
• Cisco ASA
• Checkpoint
• IDS/IPS
• SIEM
• RSA Envision
• Qradar
• Qualys
• Retina
• Nessus
• FireEye
• Symantec SEP
• McAfee EPO
• NSM
• IBM Tivoli
• Checkpoint
• APP Scan
• Symantec ESM/ITA
• Firemon
• CyberArk
• NMAP
• NetIQ VSM
• Solar winds orion
• RSA Keon
• CA E-trust
• Websense
• Bluecoat
• DLP Vontu
• RSA
• Blockmaster.

PROFESSIONAL EXPERIENCE

Confidential, NY

Security Architect Consultant

Responsibilities:

• Established roadmap to develop Security Engineering Program strategy. Performed gap analysis along wif technical assessments to establish controls. Recommend additional solutions to improve enterprise security.
• Architect, deploy and configure new security solutions SIEM (Qradar) Anti Malware (FireEye) IPS (McAfee NSM) and provide engineering support for existing security tools (VM, Privileged Access, DLP, AV and Proxy,) for efficient operations. Establish operational guides
• Established Incident response framework and mentored Technology support personnel to look to anomalies and devised plans for appropriate resolution of security incidents. Create SIEM and IPS Alerts and Rules to prioritize incidents and reduce noise.
• Re-Architect existing Vulnerability management solution for efficiency and prioritize remediation efforts.
• Research and deploy countermeasures for new and emerging threats and exploits.

National Football League, NY

Information Security Consultant

Responsibilities:

• As the Lead Information Security SME, guided the CISO to develop a comprehensive Information Security Program from ground-up by developing Security strategy, Policies, Technical standards.
• Oversee and managed Threat and Vulnerability management processes including MSSP relationship.. Established Security Incident response plan, trained first responders and managed information security incidents.Managed Full interruption IT Disaster Recovery test. Provided Technical Security consulting to league and Club IT personnel.
• Oversee PCI compliance efforts for League and member clubs. Managed Vendor QSA and ASV relationship. Architect Implemented Administrative and Technical solutions to limit PCI scope including Network segmentation, SIEM and Log management, Privileged access remediation and Endpoint Security Projects.
• Served as the Information security SME/Technology Risk Manager for Corporate Human Resources businesses (Technology, Employee Benefits, Compensation, Staffing, Health and Wellness, Global Security), Assisted HR CIO and Privacy Officer in various Information Protection initiatives including DLP, Threat and Vulnerability Assessments, Security Metrics, OSP/Cloud Security, Incident response and Security Awareness.
• Supported Enterprise Vendor management program by performing security assessments of vendors and outsourced service providers including onsite visits, SSAE 16 and Architecture reviews, address gaps, deliver recommendations and sign off on information security in vendor selection decisions, provide technical support in contract negotiations. Identify risk levels and prioritize assessments. Monitor the TEMPeffectiveness of information security controls for services provided by business partners and HR third party vendors.
• Advised Business and Technology on Cloud computing initiatives. Designed security solutions and enhanced existing policies and control standards.
• As part of IT Risk Response & Mitigation Americas team, function as SME and participate in regional and global risk reduction initiatives including, Risk Radar, Security incident response, Training and Awareness and Metrics reporting to ensure proper risk mitigation. Contributed to Strategic initiatives for enhancing the Bank's Security Training and Awareness program. Assess and support information security incidents escalated from the Security Operations Centre (SOC).

Confidential, NJ

Information Security Officer

Responsibilities:

• Provided institutional leadership to define vision and strategy for implementing a comprehensive IT Risk Management program from ground-up including development of security policies, standards, and procedures, Risk Assessments, DLP, Security Training and awareness program designed to protect University information resources, limit liability and mitigate reputation, legal and regulatory risks.
• Acted as the SME wif the overall responsibility for Information Security matters, provided Security Architecture consulting and advice UITS on protection goals, objectives and metrics to measure TEMPeffectiveness of new policies and procedures.
• Established a Security Incident Response Plan and served as the university's primary responder to technology-related incidents. Managed Disaster Recovery Planning.
• Managed Annual External Audit for IT including remediation efforts. Performed infrastructure and application security assessments and implemented best practice solutions to improve internal and external security. Managed Internal and external Penetration Testing program.
• Performed security reviews of 3rd party Vendors, and cloud computing initiatives. Directed Organization wide PCI compliance efforts. Spearheaded Infrastructure and Network security initiatives and projects, established and managed SIEM and Vulnerability Management frameworks. Defined and Architected administrative, technical and physical security controls to mitigate risk.

Confidential, NY

Senior Security Consultant/Information Security Officer

Responsibilities:

• As Private Bank's Local Security Officer (LSO), was responsible for all aspects of IT Security wifin the WMI-US Locations. Served as an internal information security consultant/Architect to the organization.
• Lead the Bank's IT security risk assessment efforts by Performing First Cut Risk Analysis to Identify & prioritize Information security risks and recommend mitigating controls. Initiated Technical and process-related recommendations to address risks. Primary contact for compliance and IT controls reviews.
• Identified and Managed Security Risks related to business partners and third party external service providers. Served as the primary liaison between Internal and External auditors. Managed audit exception remediation efforts. Acted as certifier and signatory for Control Self-Assessment and IT Operational Risk control objectives.
• Developed and Managed Private Bank's Security Incident Response plan developing alerts, investigation and timely resolution of incidents. Developed and Administered the Bank's Security Training and Awareness program.
• Lead and implement Security solutions in various IT Risk Management areas such as Identity and Access Management, Vulnerability Management, Data Protection, Network and Platform Security.
• Develop technical standards for server environments consisting of IBM AIX, SUN-SOLARIS, LINUX and WINDOWS Servers. Manage Merger related technology rollouts.
• Provided 3rd level engineering for Security tool-sets like Symantec Enterprise Security Manager, SEP, APP SCAN, NetIQ VSM, RSA Keon and Secure ID, E-trust, IBM Tivoli, TACF, and ISS used to measure compliance wif policies and standards.

Confidential, NJ

Systems Administrator

Responsibilities:

• Administered Windows, IBM AIX RS 6000 and Sun Solaris systems in a clustered environment, including Security, performance management, backup and recovery, user management, storage management, network management, software patches and upgrades, Tivoli and E-trust access control.
• Firewall, Switches and Router, VPN, HTTP, DNS, NIS, NFS, DHCP, E-Mail administration.