PROFESSIONAL SUMMARY:

Results - driven, analytical problem-solver with extensive experience in identifying Information Security Risks and developing cost-effective solutions to meet business requirements. Skilled at defining security metrics and KPIs to track team performance against optimal targets. Established track record of working effectively across multiple business cultures, including Mexico, Colombia, and Europe. Natural communicator and team leader skilled in motivating and leading interdisciplinary project teams to systematically address business risk challenges.

CORE COMPETENCIES:

• Experience in conducting IT risk assessments based on Information Security Risks and compliance with requirements associated within a broad range of information technology platforms. Demonstrated ability to reconcile technical recommendations with specific business needs, within agreed budgetary framework.
• Experience in auditing requirements of Payment Card Industry (PCI) standards and of regulatory associated with Sarbanes Oxley (SOX) 404/GLBA, SSAE 16/18, BASEL II, HIPAA and related privacy and security standards.
• Experience in the design and implementation of IS policies and governance improvement programs.
• Proven ability to effectively engage, influence, negotiate with, and lead stakeholders at both technical and business levels into making effective security decisions throughout the lifecycle of high profile technology projects.

PROFESSIONAL EXPERIENCE:

Confidential, Miami

Responsibilities:

• Performed Governance, Risk, and Compliance assessments.
• Managed IT compliance control activities, violations, and identified IT Audit findings to ensure their timely resolution.
• Implemented and managed the IT and cybersecurity incident response plan.
• Managed monitoring/DLP, device control, vulnerability scans, SIEM (Security Incident Event Management) initiatives to avoid data leakage (DLP) and improved reporting and alerts.
• Managed GLBA Assessments.
• Performed cybersecurity risk assessments using the Cybersecurity Assessment Tool (CAT).
• Managed vulnerability risk assessments of Information Technology.
• Interfaced extensively with stakeholders to ensure compliance of IS policies, developing and maintaining information Security Architecture, Corporate IS Standards, Entity IS Procedures, Guidelines, and monitor the development of the Information Security Program based on COBIT, NIST, SSAE 16/18, PCI, ISO 27001/27002 , SOX, and GLBA/FFIEC regulatory requirements.
• Managed and implemented Project Security solutions to satisfy privacy, monitoring (SIEM/SOC) and DLP requirements following the established Project Management Framework to ensure projects stay on budget, on target dates, and defined scope including project risk management.

Corporate and Information Security Officer

Confidential, Coral Gables

Responsibilities:

• Interfaced extensively with stakeholders and IT leadership to ensure compliance of IS policies and monitor the development of the Information Security Program based on COBIT, NIST, PCI, SSAE 16, ISO 27001/27002 , and instituting corrective actions where necessary to ensure compliance of GLBA/FFIEC regulatory requirements.
• Created and delivered presentations to technical and business stakeholders to communicate project objectives and milestones, including defined metrics to report successes and progress of the security program.
• Managed IT compliance control activities and violations to ensure their timely resolution.
• Conducted cybersecurity risk assessments.
• Performed third/fourth party vendor risk assessments.
• Managed vulnerability risk assessments of Information Technology.
• Prepared and developed the Information Security Awareness Program.
• Participated in initiatives addressed to improve the methodology and procedures to prevent data leakage (DLP), avoid and improve fraud detection.

IT Audit Manager (CISA, CISM, CISSP)

Confidential, Coral Springs

Responsibilities:

• Managed auditing projects on Premises and Cloud (AWS) for compliance of the Banking Industry regulatory requirements and Information Security Standards based on COBIT, NIST, SSAE 16, PCI, and ISO 27001/27002 to ensure success of IS policies and adequacy and effectiveness of the applied Information Security and ITGC including Identity and Access Management (IAM), Program Change & Development, and Computer Operations.
• Managed and conducted the audit planning, execution, follow up, closing and reporting of IT Audit findings and concise recommendations during the fieldwork and wrap up to the leadership team.
• Participated in initiatives addressed to improve the methodology and procedures of the Integrated Risk Based Approach Audits to avoid fraud and improve detection.

IT Risk and Information Security Officer (CISM, CISA, CISSP)

Confidential, MIAMI

Responsibilities:

• Managed, implemented and supported SAP Identity and Access Management (IAM) with User Access Control of GRC SAP following the defined project management (PMI) framework.
• Interfaced extensively with stakeholders and IT leadership to ensure compliance of IS policies.
• Managed Auditing Projects for compliance of GLBA/FFIEC regulatory requirements and Information Security Standards based on COBIT, NIST, SSAE 16, and ISO 27001/27002 to ensure success of IS policies.
• Managed and support of the Endpoint Security Solution to update the existing Network Security Platform including policy definition, network visibility, advance analysis, DLP and forensics, device control, vulnerability scans, system and user behavior and improved reporting and alerts.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Implemented and regularly reviewed Infrastructure and Servers Security Guidelines.
• Created and delivered presentations to technical and business stakeholders to communicate project objectives and milestones.
• Managed the Computer Security Incident Response Team (CSIRT) and owned the Information Security Incident Response Plan.
• Performed third/fourth party vendor risk assessments.
• Managed IT compliance control activities and violations to ensure their timely resolution.
• Managed vulnerability risk assessments of Information Technology

Information Security Manager

Confidential

Responsibilities:

• Conducted risk assessments of Information Technology business processes highlighting risk areas that required additional controls.
• Implemented and managed the IT security incident response plan.
• Interfaced extensively with stakeholders and IT leadership to ensure success of IS policies.
• Developed methodology and conducted risk evaluation of IT infrastructure and business applications including third/fourth party vendor risk assessments.
• Prepared and conducted the Information Security Awareness Program.
• Implemented Business Continuity Management (BCP/DRP) based on COBIT, SAS 70, ISO 27001/27002 , ITIL, and CMMI.
• Increased Information security awareness from 45% to 85%, satisfying key target of Disaster Recovery project.

Information Security Manager (CISM, CISA)

Confidential

Responsibilities:

• Managed the development, monitoring, and sustainability of the information security and compliance management program (including Sarbanes & Oxley requirements) to protect the privacy and confidentiality of information and assets of the corporation.
• Implemented Group Information Security Standards based on NIST, PCI, SOX COBIT, ISO17799/ 27001/27002 , ITIL, and CMMI.
• Implemented and regularly reviewed Infrastructure and Servers Security Guidelines.
• Interfaced comprehensively across the organization to monitor the development and maintenance of Information Security Architecture, IT Policy Management processes, and instituting corrective actions where necessary.
• Managed and implemented project security solutions to satisfy monitoring (SIEM/SOC) requirements following the established Project Management Framework (PMI) to ensure projects stay on budget, on time, and scope.
• Conducted applications and infrastructure risk assessments using CITICUS ONE (based on FIRM- a research-based methodology for measuring and managing information risk across enterprises of all types and sizes).
• Conducted third party vendor risk assessments.
• Managed the IT security incident response plan.
• Managed Compliance and IT Audit findings to ensure their timely resolution.
• Consulted with IT technical services staff to evaluate, select, install, and configure hardware and software systems with appropriate security functionality.
• Prepared and Developed Information Security Awareness Program.
• Increased Information security awareness from 35% to 55% (2009 AXA World-wide Staff Evaluation).

Information Security Systems Auditor

Confidential

Responsibilities:

• Managed the risk based Audit Information Systems Program using COBIT, ISO17799, ITIL, and CMMI.
• Reported regularly on individual project milestones via formal presentations to business and technical leads.
• Performed risk assessments using well known frameworks and methodologies such as COBIT and OCTAVE.
• Managed IT Auditing Projects for compliance of Information Security Standards.
• Contributed to improved ITIL and ISO17799 compliance of Information security systems from 60% to 75% based on annual audit process.

Information Security and IT Manager

Confidential

Responsibilities:

• Conducted annual risk assessment across all information technology processes to isolate and address critical system vulnerabilities.
• Monitored remediation programs to ensure resolution of all identified threats including DLP and compliance violations.
• Managed the development, monitoring, and sustainability of the information security and compliance management program (including SOX/SAS 70 requirements) to insure the privacy and confidentiality of information and assets of the corporation.
• Implemented and supported Windows 2000/2003 servers according to Windows Servers Security Guidelines and regularly reviewed Windows 2000/2003 security logs to identify any potential lapses and/or diagnose root causes.
• Managed development, testing, implementation, support of Agency's requirements and documentation following the project management framework (PMI) in line to Corporate Worldwide Information Security Architecture and SAP project implementation including IT security incident response plan and BCP/DRP.
• Contributed to improved ITIL and ISO17799 compliance of Information security systems from 85% to 93% based on annual Corporate Evaluation process.

IT Service Center Manager

Confidential

Responsibilities:

• Supported sales and developed the Continuous Sales Technical Program.
• Implemented complete IT Networked Based Solutions including Servers, Routers, and Switches.
• Managed and supported Microsoft Win NT and Unix Servers, 3com, Novell solutions for different customers.
• Contributed to increased company Sales revenue of 400% based on new IT solutions portfolio.