We provide IT Staff Augmentation Services!

Senior Business Continuity Analyst  Resume

Dedham, MA

PROFESSIONAL PROFILE

Represent the organization on Information Security matters as the Information Security Officer. Manage Security, Operations, and Network Information Resource teams for public, non - profit, banking, financial, manufacturing, judicial, public utility, and most recently ecommerce sites. Perform Information Security Governance and Management function based on a risk management approach for business appropriate Information Security programs, policies, and procedures based on IS0 27001:2013 and NIST principles. Determine and manage Regulatory Compliance and Reporting, Business Continuity Planning, Disaster Recovery Planning, and Incident Response Planning requirements. Solution expertise includes business and technology risk analysis and remediation, change management methodology adoption and implementation, and business impact analysis and procedural implementation. Possess expertise in systems integration, critical IT applications support, data center creation, consolidation, and relocation.

Highlights of Applicable Experience

  • SSAE 16 Establishment, Audit & Remediation
  • PCI DSS Audit & Remediation
  • SOX 404 Audit & Remediation
  • MA CMR 17 Audit & Remediation
  • Written Information Security Program (WISP)
  • IT Strategy, Planning & Implementation
  • Security Governance and Management
  • Regulatory Compliance & Reporting
  • Risk Assessment & Management
  • Security Program, Policy, Procedure Audit & Remediation
  • Project Management
  • Vendor Management
  • Information Classification, Retention & Disposal
  • Business Impact Analysis
  • Disaster Recovery Planning
  • Business Continuity Planning
  • Emergency Management Planning
  • Data Center consolidation and relocation
  • Total Cost & Ownership (TCO)
  • IT Methods/ Processes/ Practices
  • Technical Infrastructure Plan Development
  • Internal and External Communications/ Presentations
  • Merger and Acquisition Due Diligence Activities
SUMMARY OF QUALIFICATIONS
  • Assist organization with establishing themselves for acquiring a positive SSAE 16 designation and subsequently working with outside auditors with reviewing the SSAE 16 criteria.
  • Perform PCI Audit and Remediation Project Management functions, which lead to the review and remediation of Security, Operations, and Application Development Policy and Procedures to comply with PCI requirements.
  • Provide strategic vision, tactical leadership, and task oriented guidance to implement procedures, systems, infrastructure buildup, and applicable regulatory controls that support the Disaster Recovery and/or High Availability (DR/HA) initiatives.
  • Perform SOX 404 and MA CMR 17 privacy compliance efforts for ecommerce sites.
  • Review proposals for outsourcing business activities to determine whether security controls are in place to reduce vulnerability to security compromises.
  • Manage assessments of the major information security subsystems and controls in accordance with established policy and best practice guidelines, check for compliance with the systems, policies, and procedures, and drive remediation where non-compliance exists.
  • Identify and evaluate business and technology risks, and related opportunities for improvement.
  • Lead and conduct annual/ongoing Business Impact Analysis activities to ensure we categorize business units accurately for level of risk tolerance and perform appropriate annual testing of plans.
  • Conduct training to business and technology partners in identifying risk scenarios and methods for mitigating those risks.

PROFESSIONAL EXPERIENCE

Confidential Dedham, MA - Consultant

Senior CISO Consultant

  • Assist manufacturer with FDA approval process for a new medical device
  • Perform as SOX 404, MA CMR 17, and PCI DSS information security consultant
  • Design PCI compliant infrastructure including firewalls, IDS/IPS, tokenization, and two-factor access
  • Implement and maintain security policy and procedure review and remediation activities.
  • Analyze Business functions for the purposes of creating, maintaining, and implementing Disaster Recovery Plans.
  • Report compliance assessment and remediation efforts to regulatory organizations as required.

Confidential Boston, MA - Consultant

Consulting Information Security Officer

  • Create and implemented the design and initiated secure operations in co-location facilities.
  • Conduct periodic security reviews, vulnerability scans, and risk assessments.
  • Design secure infrastructure including firewalls, IDS/IPS, encryption, and two-factor access
  • Perform review and enhancement of Business Continuity and Disaster Recovery Plans
  • Provide and monitor Information Security training and related promotional activities to ensure employee awareness and understanding of security policies and procedures

Confidential Houston, TX - Employee

Principle Consultant

  • Project Manager and Disaster Recovery Services Delivery Practice SME.
  • Established disaster recovery testing methodologies; planed and coordinated the testing of recovery support and business resumption procedures in different functional areas to assure recovery procedures are effective for the restoration of key firm resources and critical business processes.
  • Analyzed business processes to determine supporting elements such as organizational considerations, technological elements, and vital records.
  • Worked with and managed vendors of disaster recovery services and facilities for alternate sites; recommended outside services for use during a disaster situation.

Confidential Cranston, RI - Consultant

Senior Business Continuity Analyst

  • Reviewed and published recommendations for the Business Risk Analysis process for business and technical partners.
  • Trained and worked with a broad range of Business Units across RBS Group to complete Business Impact Analysis worksheets.
  • Modified Business Impact Analysis worksheet tools coinciding with information required to populate the Living Disaster Recover Planning System (LDRPS).
  • Reviewed system related plans acting as a liaison to the Information Technology Group

Confidential, LLC. South Easton, MA - Consultant

Information Security Officer

  • Perform as SOX 404, MA CMR 17, and PCI DSS information security consultant
  • Develop and provide Business Continuity Planning Services based upon Disaster Recovery Institute International’s (DRII) Professional Practices.
  • Project Manager and implementation team leader for the separation of nine school sites from twelve town sites utilizing Cisco and WinTel infrastructure.

Confidential, Woonsocket, RI - Employee

Systems Integrator - Technical Project Manager

  • Project Manager for the successful “overnight” conversion of the Pharmacy infrastructure (utilizing hot-site equipment) from Pyramid to Sun systems; Cisco networks, applications, WebLogic middleware, telecommunications and Oracle databases supporting 4,100 stores nationwide.
  • Participated and effected organization change through the Information Systems Process Group charged with improving the Standard Systems Processes with post-process and post-project reviews.
  • Member of corporate disaster recovery group tasked with the development and testing of recovery strategies used to create disaster recovery plans.

Hire Now