Technology Risk Manager Resume
5.00/5 (Submit Your Rating)
SUMMARY:
I am a diligent, reliable and responsible individual who takes prides on setting and exceeding goals set by the firm and myself. With Confidential I have refined my skills in application security. With Confidential I have honed the Compliance and Risk applications inherent in IT Security and vendor relations. I am well rounded with IT risk, IT compliance, IT security consulting, incident response and vulnerability mitigation
CORE COMPENTENCES:
Web Application Security
Communication/implementation of OWASP controls
Application and Vendor Risk Assessments
SDLC Security Consulting
Proficient with Burp Suite Proxy Tool
Application Penetration Testing
Security Training/Coaching
Implementation of Incident Response life cycle
Vulnerability Remediation Management
PROFESSIONAL EXPERIENCE:
Confidential
Technology Risk Manager
Responsibilities:
- I am responsible for implementing the risk control framework and for identifying, evaluating and managing overall information technology related risks throughout a designated portion of Confidential Digital and Distribution.
- Managing relationship between IT Security, IT Compliance, and IT services for the 6 Confidential Distribution partners.
- Developed and instilled proper Secure Coding Strategy - Created a cultural change with all business partners for secure application development.
- This included evangelizing security from the architecture phase of the SDLC to the production release as well as emphasizing continued vulnerability scanning and secure code releases for production applications.
Confidential
Responsibilities:
- The Information Security Analyst leads information security objectives and processes for the Confidential Consumer organization; including liaising, advising, advocating, and facilitating to identify and reduce information security risk.
- Developed manual testing methodology which was adopted by multiple areas of the company and resulted in the remediation of hundreds vulnerabilities that were missed by an automated scan and avoided negative financial, operational and reputational impact to the firm. This includes an emphasis on business logic testing, framework specific vulnerabilities, XSS (reflective, persistent, DOM), SQL injection (error based, blind and second order injection), information leakage, insufficient anti - automation, Insufficient authentication, insufficient authorization, etc.
- Organically took on the role of trainer for all new hires within the Consumer ITSRC team. This involved weeks of in-depth training in risk vendor/software assessments (ISO 27001/NIST), and performed continued coaching for the analyst.
- Identified a failure in data processing and transmission which could have led to reputational damage and possible data breaches among other consequences. However, I worked with multiple functions within IT and the business to help architect a solution that both protected customer data and allowed the firm to maintain profitability.
- Led the Coordination of multiple teams to implement all phases of the Incident Response (IR) Life cycle (Detection, Analysis, Containment, Eradication/Recovery, and post-mortem analysis) with multiple types of IT incidents. These included data loss investigation/prevention, virus quarantine, application breaches in progress, unauthorized network device removal, etc. This also involved the evangelism of IT Security best practices, employee education and training for the preparation phase of the IR life cycle.
Confidential
Application Security Specialist
Responsibilities:
- Finding and verifying vulnerabilities in all types of web applications. This requires an intimate knowledge of threats including but not limited to Cross Site Scripting, SQL injections, Cross Site Request Forgery and Brute Forcing of web applications.
- Performed over 150 Manual Penetration test on Internal/External web applications including applications within the Banking, Energy, Hospitality, Retail and Financial Services industries.
- Worked with client s developers to understand, identify and remediate poor develop practices.
Privacy Policy
Resume Categories
- .NET Developers/Architects Resumes
- Java Developers/Architects Resumes
- Informatica Developers/Architects Resumes
- Business Analyst (BA) Resumes
- Quality Assurance (QA) Resumes
- Network and Systems Administrators Resumes
- Help Desk and Support specialists Resumes
- Oracle Developers Resumes
- SAP Resumes
- Web Developer Resumes
- Datawarehousing, ETL, Informatica Resumes
- Business Intelligence, Business Object Resumes
- MainFrame Resumes
- Network Admin Resumes
- Oracle Resumes
- ORACLE DBA Resumes
- Other Resumes
- Peoplesoft Resumes
- Project Manager Resumes
- Quality Assurance Resumes
- Recruiter Resumes
- SAS Resumes
- Sharepoint Resumes
- SQL Developers Resumes
- Technical Writers Resumes
- WebSphere Resumes
- Hot Resumes
