SUMMARY:

Accomplished and growth - focused cyber security professional with expertise spanning defense-In-depth security, vulnerability management, security awareness, security monitoring, incident response, and security risk assessments with keen interpersonal, communication, and organizational skills who works efficiently under pressure and makes sound decisions.

TECHNICAL SKILLS:

Skills, Technology & Tools: CISM, CISSP, PCIP, PCI-ISA, MCP, CompTIA Certified.

Security Tools: QRadar, Darktrace, Resilient, IBM AppScan, McAfee MVM, McAfee ePO, Symantec DLP, Kaspersky, Bromium, Crowdstrike, Symantec file/folder encryption, Symantec key Management server, SecureAuth Multi-Factor authentication, NMAP, Wireshark, Metasploit, Paros Proxy, Burp suite.

Network/Infrastructure Security: Tenable security center, Solarwind LEM, McAfee NSM, RSA Netwitness, Imperva, Cisco IronPort, FireEye ETP, Palto Alto WAF, Proofpoint email defense, Alert Logic, SAML, OpenId, VPN, IPSec, PKI, Digital Signature, TLS, TCP/IP, WLAN, Akamai Luna Center.

Platforms: MS Windows, Linux, AWS, Azure

Compliance / Regulations and Best Practices: PCI, HIPAA, GDPR, NIST, CCPA, Privacy frameworks, BCP/DR, Cloud Security Alliance, OWASP, ISO 27K.

WORK EXPERIENCE:

Confidential, NY

IT Security Manager

Responsibilities:

• Serving as Information Security advisor for executive leadership.
• Responsible for data security initiatives including PII data identification and classification.
• Lead NIST cyber security framework gap assessment efforts with various IT teams.
• Update and manage incident response plan and organize tabletop exercises for technical and business teams.
• Monitor SIEM alerts, prioritize incidents, prepare incident report and work with IT on containment and mitigation tasks.
• Perform deep-dive incident analysis by correlating data from various sources
• Build internal processes for drafting/testing/deploying policies and procedures.
• Manage external IT audits, penetration tests and vulnerability assessments.
• Stay up-to-date on the latest intelligence, including hackers’ methodologies, in order to anticipate security breaches .
• Lead and manage PCH Confidential compliance program, perform internal Confidential scans for compliance, perform internal security audits including self-assessment questionnaire.
• Manage security tools for threat detection.
• Lead vulnerability management program, run vulnerability scans, produce vulnerabilities reports for IT teams and provide guidance on remediation.
• Work closely with head of privacy, compliance, legal and HR on polices and standards.
• Manage MSSP’s tools and processes in cloud platforms.
• Collaborate with HR and legal in developing and implementing company-wide security awareness program.
• Collaborate with solution architect, Network team, DevOps and Desktop resources to provide secure solutions by implementing security check list in SDLC process.
• Perform Privacy impact assessment exercise to ensure all projects comply with privacy regulations and company’s data security policies.
• Work with various business teams on third party security risk assessments.
• Evaluate new products and technologies to determine their level of compliance with our security requirements.

Confidential, New York

LEAD Information Security Specialist

Responsibilities:

• Managed vulnerability management program, worked with various IT and business on mitigation approaches, performed threat modeling and participated in Secure architecture design reviews sessions.
• Evaluated cyber security controls and provide guidance for various computing platforms including cloud and mobile.
• Managed SIEM, fine-tuned rules for better detection and response.
• Led incident response activates from containment to evidence collection, remediation and lesson learned alongside with various teams.
• Developed and implemented security awareness program for Marvel, attained authorization from CIO, HR and department heads for successful implementation that include biannual classroom-based awareness and monthly phishing simulation tests.
• Incorporated security checkpoints into the firm's SDLC to ensures security is embedded in initial phases of the project.
• Led compliance efforts and annual audit activates with IT teams on minimum security baseline standards to ensure new systems are built and configured to secure specification.
• Participated in change management meetings and provided sign-off for the IT Security group.
• Coordinated and led third party security risk assessments, review security questionnaires, provide feedback and approve vendors based on data classification and security requirements.
• Worked with the CIO and global Information Security Officer on overall InfoSec strategic and tactical security improvements.
• Assessed and evaluated security tools including use cases and proof of concept.
• Reviewed access requests to critical data including network / firewall change requests.
• Worked with IT and Network admins on exceptions to ensure appropriate mitigation controls are in place.
• Coordinated and managed yearly security risk assessment and red team exercises with Global security team.
• Organized and executed bi-weekly security governance meeting with CIO and executive directors to discuss progress and effectiveness of overall InfoSec program.

Confidential, New York, NY

IT Security Manager

Responsibilities:

• Configured data security policies using embedded entitlement manager to allow access on need to know basis for various city’s agencies workers.
• Administered and managed user Provisioning and role assignments activities for various Confidential applications.
• Led security requirements and design review sessions with various IT teams.
• Managed and strengthen security vulnerability testing procedures using IBM AppScan and McAfee MVM products.
• Monitored security events for city applications using NetIQ Sentinel products.
• Managed and organized security awareness program.
• Promoted communications with citywide legal and agencies on IT security policies and data confidentiality policy for third party vendors.
• Participated in data classification process and identifying appropriate security controls based on sensitivity of data.
• Performed risk assessment activities including threat modeling and mitigation controls recommendations and testing.
• Performed internal security audits and performed vulnerability assessment.
• Partnered with project managers and QA team for all security related deliverables and milestones.
• Participated and contributed to overall security accreditation process enhancement for city of NY applications.

Confidential, NY

Information Security Analyst

Responsibilities:

• Performed External, Web Application, and manual penetration testing.
• Used various penetration testing and vulnerability assessment tools including Nmap, Nessus, Metasploit and other tools
• Reviewed findings with team members and create vulnerabilities tracker for senior management.
• Participated in remediation and retesting activities
• Built strong professional relationships with developers and application engineers to promote security in SDLC process.
• Analyzed and reviewed web application firewall logs and prepared weekly reports.
• Developed procedures for application security testing and vulnerability assessments.
• Lead security requirements review sessions with project managers and application architects.

Confidential, New York, NY

Compliance Implementation Specialist

Responsibilities:

• Performed gap analysis and prepared reports to ensure Confidential compliance requirements are met.
• Institutionalized Confidential best practices to end users on data protection.
• Headed configuration reviews for a successful Confidential .
• Demonstrated expertise on all aspects of testing payment application including data security standards and industry best practices.
• Led as a subject matter expert for Confidential Compliance related issues.
• Worked closely with external QSA on projects from start to finish ensuring timely implementation
• Collaborated with third party vendors and technical support to resolve pre-installation issues and refined configuration tests to ensure the required performance.