We provide IT Staff Augmentation Services!

Chief Information Security Officer Resume

SUMMARY

  • me is a certified information security professional wif a background in systems and network engineering.
  • My experiences are diverse; ranging from creating and leading an information security program for a high performance computing center and statewide research network, managing operational security for an international retailer, and designing security architecture for cloud based medical applications.

PROFESSIONAL EXPERIENCE

Confidential

Chief Information Security Officer

Responsibilities:

  • Lead strategic direction and build program for information security.
  • Reduced high and critical vulnerabilities by 40%.
  • Implemented Risk Assessment program for HIPAA/HITECH.
  • Develop metrics and improve compliance status for Payment Card Industry (PCI) requirements.
  • Implemented Vendor Risk Management processes.
  • Prepare presentations for the Board of Directors.
  • Function as an advisor on risk for the executive leadership team.

Confidential

Associate Director Cloud Security Architecture

Responsibilities:

  • Created security architecture for CTS Healthcare solutions in the cloud.
  • Engaged wif clients to design approved architecture for cloud services.
  • Met HIPAA compliance objectives, performed Governance, Risk, and Compliance (GRC) fucntions.
  • Build out and test security controls.
  • Scan for and work wif teams for remediation of vulnerabilities.

Confidential

Manager, Information Security

Responsibilities:

  • Responsible for approximately $5 Million operational budget plus additional budget related to capital projects.
  • Lead information security team to complete security operations portfolio.
  • Lead Vulnerability management process and remediation efforts wif cross functional teams.
  • Communicate wif business stakeholders for information security matters.
  • Conduct and lead penetration tests
  • Mentor staff interested in information security for staff mobility.
  • Work wif external and internal council for response plans and privacy concerns
  • Update and maintain information security tactical plan and roadmap.
  • Implemented network segmentation for cardholder data environment.

Confidential

Sr Security Analyst - Security Operations Lead

Responsibilities:

  • Evaluated, selected, and implemented vendor for Managed Security Services.
  • Investigate and respond to information security incidents.
  • Supervise consultants, interns, and direct reports.
  • Create custom searches and dashboards in log management and aggregation platform for information security team.
  • Create project justification forms for annual capital expenditure projects in information security
  • Implemented Active Directory Certificate Services for implementation into Voice over IP environment.
  • Provide assistance, advice, and architectures to achieve PCI compliance.

Confidential

Security Analyst

  • Implemented enterprise certificate PKI for internal applications for ease of management and increased security.
  • Transitioned and updated vulnerability management tools and processes.
  • Reviewed, selected, and implemented vendor for endpoint security solutions for the entire enterprise (Data Loss Prevention, Encryption, Antivirus).
  • Analyze and review firewall logs and wif brand protection and loss prevention to secure Ecommerce environment.
  • Updated security policies and risk assessment for PCI and SOX compliance.
  • Performed wireless penetration test for stores wireless environment and routine vulnerability scans.
  • Implemented Data Loss Prevention for network stored data at rest.

Confidential

Information Security Officer

Responsibilities:

  • Worked wif General Counsel for the Ohio Board of Regents wif regards to information security matters.
  • Built relationships wif other Ohio based Higher Education Institutes.
  • Consulted for other State of Ohio Agencies on matters of information security.
  • Served as a member of the State of Ohio Data Protection Subcommittee for implementation and guidance for Ohio Revised Code relating to privacy and security.
  • Reduced internally and externally facing vulnerabilities through vulnerability scans, penetration testing, and team remediation meetings.
  • Conducted operational risk assessment to enumerate assets and threats to the assets.
  • Utilized intrusion detection systems for awareness of internal security threats.
  • Managed the transition of multiple state organizations to a unified network and security platform creating a more manageable and efficient service.
  • Communicate and train employees in security policy and security awareness
  • Setup and administrated management system for Ohio’s Third Frontier Network. Negotiated pricing from vendors and obtained a 50% matching grant from Sun Microsystems for hardware and maintenance.
  • Assisted wif management and design of OARnet co-location facilities.
  • Provided systems administration consulting services for OARnet customers.
  • Administrated and responsible for day-to-day maintenance of UNIX machines, reduced service related trouble tickets.
  • Installation and support of IP Telephony and VPN solutions.

Hire Now