OBJECTIVE:

Prefer a position with challenge, diversity and opportunity for professional advancement. Accomplish my goals by planning, executing and measuring progress.

SUMMARY:

• Enhances the professional growth of individuals in national, state and local governments, institutions of higher ; private companies and public corporations.
• Directs the strategic planning, marketing, organizing and implementation of activities for the Texas Regional Infrastructure Security Conference in San Antonio, Texas.
• Delivers cyber resilience by enabling organizations to build high - performing and effective security, risk and compliance management programs.
• Member of InfraGard.
• Key contributor in the creation and maintenance of an enterprise-wide information security program for a Fortune 200 company.
• Provides world-class information security consulting, risk analysis and risk mitigation strategies.
• Develops strategic security architecture and design decisions.
• Performs vulnerability assessments to identify security risks and potential threats across multiple platforms.
• Ensures compliance with IT security policies and various government regulations including HIPAA, Sarbanes Oxley, NERC, PCI and Confidential .
• Assist business units with conducting risk assessments and developing remediation plans for identified risks.

PROFESSIONAL EXPERIENCE:

Confidential, Austin, TX

Senior Governance, Risk and Compliance (GRC) Consultant

Responsibilities:

• Provided expert support to Confidential & Confidential consultants by developing collateral for the Texas Cybersecurity Framework (TCF) to capture assessment support data, identify compliance gaps, make recommendations for addressing the gaps, and document and present findings and recommendations report.
• Trained consultants on the TCF assessment methodology.
• Managed and implemented multiple projects to assess Texas state agencies and higher institution’s information security controls for alignment with the Confidential CSF.
• Partnered with Confidential & Confidential to ensure that project milestones were achieved, and deliverables were submitted to the client in a timely manner.
• Assessed overall adherence to the controls prescribed in the Confidential Cybersecurity Framework.
• Assessed control maturity in relation to the control objectives outlined within the Cybersecurity Framework.
• Developed recommendations and solutions for augmentation of identified gaps or deficiencies.
• Developed a customized prioritized approach to the execution of remediation efforts related to identified gaps in the CSF assessment.

Confidential, Omaha, NE

Senior Governance, Risk and Compliance (GRC) Consultant

Responsibilities:

• Managed and implemented multiple projects to assess Texas state agencies and higher institution’s information security controls for alignment with the Confidential CSF.
• Partnered with Confidential to ensure that project milestones were achieved, and deliverables were submitted to the client in a timely manner.
• Assessed overall adherence to the controls prescribed in the Confidential Cybersecurity Framework.
• Assessed control maturity in relation to the control objectives outlined within the Cybersecurity Framework.
• Developed recommendations and solutions for augmentation of identified gaps or deficiencies.
• Developed a customized prioritized approach to the execution of remediation efforts related to identified gaps in the CSF assessment.

Confidential, Woodlands, TX

Local Information Security Officer

Responsibilities:

• Managed security operations locally for an international oil and gas company.
• Collaborated with the Cybersecurity Team in Madrid to enforce global security policies in the U.S.
• Managed the vulnerability remediation plan for Repsol applications and systems using Nessus Security Center.
• Consulted with all lines of business to provide risk analysis and security requirements for enterprise level projects and business initiatives.
• Protected Repsol USA’s network by configuring, managing and patching the IBM intrusion detection system.
• Designed, managed and implemented security awareness campaigns for Repsol U.S.A.
• Directed and managed a proof of concept for cloud encryption to protect intellectual property and enhance the development of seismic software to assist the Geophysics Team.

Confidential, Houston, TX

Security Engineer

Responsibilities:

• Enhanced security operations for a Portugal based wind farm company.
• Conducted risk management strategy based on ISO 31000 & ISO 27001.
• Provided day-to-day administration for McAfee EMM and McAfee Threat Manager.
• Maintained adherence to NERC and SOX compliance by providing deliverables in order to meet control objectives.
• Developed and managed the vulnerability remediation process using Nessus.
• Developed and managed web filtering policy using McAfee Web Gateway.

Confidential, Houston, TX

Technical Specialist - IT Security Engineer

Responsibilities:

• Collaborated with cross-functional business and IT teams to provide security best practice recommendations on architecture, design and requirements for multiple projects and initiatives.
• Provided day-to-day administration on Symantec CCS, Tipping Point IDS/IPS, RSA Envision and Tenable Nessus.
• Ensure adherence to NERC and SOX compliance by providing deliverables in order to meet control objectives.
• Protected and defended Confidential ’s computing infrastructure from internal and external threats.
• Mentored junior level IT security technicians.

Confidential, Houston, TX

Lead Security Analyst

Responsibilities:

• Conducted risk assessments on SCADA and VMware ESX 4.0 infrastructure.
• Enhanced and optimized email and whole disk encryption to protect confidential data.
• Documented security standards for domain controllers, member servers and desktops based on Confidential and CIS guidelines.
• Developed security awareness program.
• Protect against data leakage by evaluating, installing and configuring Symantec Data Loss Prevention.
• Served as technical lead for DLP, whole disk encryption and email encryption.

Confidential, San Antonio, TX

Senior IT Security Analyst

Responsibilities:

• Coordinated, led, and conducted risk assessments involving information resources, as well as security incident investigations.
• Consulted with the institution’s faculty, staff and students providing guidance regarding system acquisition, development, testing, operation and disposal.
• Provides configuration management guidance based on Confidential and Confidential .
• Maintained compliance with regulations and laws such as HIPAA, PCI, FERPA, TAC 202 and UTS 165.
• Developed and reviewed information assurance, and awareness documentation.
• Conducted briefings to the institution’s faculty, staff and students on information security-related topics.

Confidential, San Antonio, TX

Lead Security Analyst

Responsibilities:

• Led the analysis of probable impact of recommendations and solutions on business areas and IS families.
• Effectively communicated risk and mitigation strategies to influence senior management, project teams and business areas that specific security controls were needed in order to reduce risks
• Planned, designed and implemented full disk encryption Confidential US and Confidential Mexico, including employee .
• Developed HEB’s security awareness program.
• Documented a comprehensive risk assessment on VMware’s vSphere virtualization infrastructure Confidential HEB.
• Performed vulnerability assessments of critical systems and applications using IBM AppScan and Nessus.
• Developed and maintained security policies, procedures and standards.
• Developed a security baseline (based on CIS and Confidential standards) for the following operating system platforms; Windows XP, Windows 2003, Windows 7, Server 2008 & Red Hat Linux.
• Developed a security baseline (based on the CIS standard) for the following application layer technologies; IIS 6, Oracle, SQL 2005 and My SQL.

Confidential, San Antonio, TX

IT Security Analyst

Responsibilities:

• Monitored and responded to internal and external threats to protect Confidential information assets.
• Ensured the protection of member, employee and corporate non-public information for operational and development efforts.
• Subject matter expert for the interpretation of Confidential Information Security Policy, Standards and Guidelines.
• Conducted security risk assessments to ensure compliance with industry published security guidance (ISO, FFIEC, HIPAA, PCI, etc.)
• Evaluated proposed control mechanisms for systems, infrastructure and processes throughout the life cycle of enterprise projects.
• Facilitated security awareness and .
• Monitored security event logs of critical systems using NetIQ Security Manager.
• Configured authentication for VPN clients using RSA SecurID and the RSA ACE/Server.
• Performed risk analysis based on ISO17799 & ISO27001 security standards.
• Developed a security baseline (based on Microsoft standards and industry best practices) for the following operating system platforms; Windows XP, Windows 2003 and Solaris.

Confidential, San Antonio, TX

Senior Systems Administrator

Responsibilities:

• Planned and implemented project to rollout Lotus Domino mail server as a hub in the U.S. to reduce network traffic.
• Responsible for supporting and of local IT staff Confidential U.S. companies.
• Established and maintained a framework to provide assurance that information security strategies are aligned with business objectives.
• Implemented, securely configured and maintained Cisco routers and switches, Checkpoint firewall, and antivirus.