SUMMARY:

To obtain a Mainframe/Data Base Security position utilizing my extensive computer skills, background, and expertise to contribute to the efficiency and security of an organization.

COMPUTER SKILLS:

Mainframes: Confidential /MVS/ESA, Confidential /MVS/XA, IBM9672, IBM9121, IBM9221, IBM390, z/OS, Unisys2200, Unisys4800, RS6000, AS/400, Dec Alpha, SUN5000, SUN6000, and UNIX (AIX)

PC: Hewlett Packard, Compaq, Dell and Confidential Personal Computers

Software: RACF, Top - Secret, CA-ACF2, CA-Examine, CA-Scheduler, Candle, CA-ROSCOE, ChangeMan, MQ Series, WebSphere 6.0, EASYTRIEVE, IMS/DB/DC/DL1/MFS, JOBSCAN, OMEGAMON, SMF, SYNCSORT, VPS, XPEDITER, BMC Products, Endevor, Rhumba, Vanguard Utilities, Consol, Windows XP/Vista, Lotus Notes R-7.1, Microsoft Office, Retina, AppDectective, AppScanOperating Systems DBMS, DOS, IMS, JES2, JES3, MS-DOS, VM/ESA, MVS/XA, MVS/ESA, OS/390, z/OS, TSO, SDSF and ISPF

Languages: C-LIST, SAS, REXX, COBOL, COBOL2, DB2/SQL, IMS-DL/1, JCL, and SAP

Databases: DB2, IDMS, IMS, PANVALET, Oracle, SQL, Unix, Active Directory, VSAM and CICS.

Protocols: LDAP, Asynchronous, Bisynchronous, HASP, IBM3270, LANs, RJE, VTAM and TCP/IP

Programming Aids: ABEND-AID, MFS, TSO/ISPF, and VSAM UTILITY

Networking: ACF, NCP, NDM, Sterling Connect Direct, Axway Secure Transport, PDF, and FTP

Government Compliances: Sarbanes - Oxley, GLBA, HIPAA, DITSCAP, DIACAP, NIST, FISM and ISO 17799

EXPERIENCE:

Confidential, Baltimore, MD

Sr. Audit Compliance & Assurance Analyst

Responsibilities:

• Employed by Confidential Staffing., contracted by Confidential ; member of the Americas Audit Compliance & Assurance Integrated Technology Delivery Team. Responsible for validating Security logs for the NASCO Mainframe LPARs.
• Responsible for the re- of mainframe applications, mainframe systems, window devices, domain controllers and networks in compliance with Internal Audit, Risk Management and Sarbanes-Oxley Act and GLBA.
• Review and control all ACF2 access reports for policy and compliance audits.
• Weekly conference calls with Team Manager were performed every Monday, Wednesday & Friday.
• Position was a remote position, worked from home, performed all tasks & responsibilities via Home office, conference calls. Data request, Data management was created and documented using Confidential Lotus Notes and Same Time application.
• Weekly status reports, created and updated and sent to team Manager.
• Adhere to the security measures that apply to the security of all accesses and highly protected information.

Confidential, Richmond, VA

Sr. Security Analyst

Responsibilities:

• Utilized RACF and ACF2 ACP to administer access for all 43 LPARs in production and test platforms.
• Responsible for the re- of mainframe applications, mainframe systems, and networks in compliance with Internal Audit, Risk Management and Sarbanes-Oxley Act and GLBA.
• Utilized Sterling Connect Direct to provide access to over 1400 UNIX servers and 43 LPARs.
• Review and control all RACF and ACF2 reports for compliance efforts polices.
• Worked closely with the DB2 group resetting connections and secondary auth IDs.
• Reset passwords on the RACF, ACF2 and on the NT platform also checking user accesses across all platforms and help prevent any system violations that may occur.
• RACF and ACF2 logons, access tables, translate tables, and DB2 Secondary Auth connections to meet all DB2 and ACF2 criteria.
• Help application owners with any RACF, ACF2 issues over the phone off hours
• Monitor and maintain all accesses, resources, and applications on the mainframe and UNIX systems, as required by Sarbanes-Oxley.
• Perform programming to enhance the third party software, OEM Products, and the job scheduler, including writing batch JCL using REXX, COBOL, and Assembler programs to enhance their performance.
• Maintain production JCL by executing batch programs in MVS-TSO and Client-Server environments.
• Consult with different project teams on administrative issues, problems, and procedures relating to any application.
• Adhere to the security measures that apply to the security of all accesses and highly protected information.
• Supported ACF2, RACF, MVS/OS/390 v2.10, z/OS, Control-SA, Connect Direct, MQ Series, JES2, NDM protocol

Confidential, Richmond, VA

Sr. Audit Compliance & Assurance Analyst

Responsibilities:

• Responsible for the re- of mainframe applications, mainframe systems, window devices, domain controllers and networks in compliance with Internal Audit, Risk Management and Sarbanes-Oxley Act and GLBA.
• Skilled with Top Secret’s configuration and design at the technical level.
• Monthly I would send out Initial Data Request (IDR’s) requesting all Security logs for Network Devices and all Event logs for Window Servers. Request would consist of devices per month.
• Data would be reviewed and test would be ran checking for Login, Management and Security updates and those changes would be validated to ensure proper Change Management under the GSD331 and ITCS104 guidelines, guidelines are based on Confidential and U.S. Federal Government Policies
• Past Due notices would be issued if requested information was not given by the deadline. During testing of the data, Follow-Ups would be issued if additional information was needed or questioned.
• Data Sheets would be created if there was suspicious activity, data logs not received or incomplete.
• Review and control all RACF, Top Secret, and ACF2 access reports for policy and compliance audits.
• Weekly conference calls with Team Manager were performed every Monday, Wednesday & Friday.
• Position was a remote position, worked from home, performed all tasks & responsibilities via Home office, conference calls. Data request, Data management was created and documented using Confidential Lotus Notes and Same Time application.
• Weekly status reports, created and updated and sent to team Manager.
• Adhere to the security measures that apply to the security of all accesses and highly protected information.

Confidential

InfoSec Engineer

Responsibilities:

• Responsible for the and Accreditation of mainframe applications, mainframe systems, and networks in compliance with Confidential 5200.40 Confidential 8500.2, and other applicable directives.
• Create and update SSAA, SDD and Test Plan documents for DITSCAP and DIACAP efforts in accordance with HIPAA, DoD and NIST requirements.
• Conduct Periodic Review of accredited applications, systems, or networks to ensure configuration stability and continued compliance with Information Assurance and security requirements.
• Served as the overall IT platform owner and single point of contact for the ACF2 and RACF Mainframe system application and resources.
• Review and control all RACF, Top Secret, and ACF2 reports for compliance with DISA & DIACAP STIGS and DoD policies.
• Work closely with CIRT and CERT teams in case of incidents of mainframe or network outages.
• Execute and Accreditation (C&A) Plans against a negotiated timeline.
• Prepare comprehensive Risk Assessment Reports to support interim Accreditation and Accreditation Reports to support Full accreditation.
• Facilitating DISA’s Security Technical Implements Guides (STIGs) and Security Readiness Reviews (SRRs) to prepare mainframes and networks for an IATO and or ATO.
• Supported RACF, ACF2, Top Secret, MVS/OS/390 v2.10, z/OS, IBM3270, LANs, NCP, IBM3494, MQ Series, CA-Examine, OMEGAMON, PDF, FTP, AppDective DB2, PGP, Encryption, AppScan and Retina.

Confidential, Winston - Salem, NC

Sr. Mainframe Security Engineer

Responsibilities:

• Responsible for the evaluating access on out-dated mainframe applications, midrange systems, and networks to be compliant with the new mainframe and midrange applications.
• Responsible for the re- of mainframe applications, mainframe systems, and networks in compliance with Internal Audit, Risk Management and Sarbanes-Oxley Act.
• Ensure Privacy of all applications and provide guidance to applications, systems, or networks owners as needed.
• Review and control all RACF and Top-Secret reports for compliance with Internal Audit and Risk Management polices.
• Securing WebSphere applications from internal and external threats.
• Monitoring IT infrastructure including operating systems, databases and servers distributed and host environments using Tivoli Monitoring software.
• Control and create access models and User Groups structure to ensure access for the Sarbanes-Oxley project.
• Created reports to monitor activity of the Top Secret database and to track any unauthorized access to all Critical Applications.
• Supported RACF, ACF2, z/OS, Control-SA, IBM3270, MQ Series, JES2, OMEGAMON, PDF, FTP protocol