SUMMARY:

Certified Information Systems Security Professional (PCI - ISA, PCI-P, CISSP-ISSEP, CISA) with broad information security and risk management background. Experienced in auditing, secure networking, communications, computer security, and physical/industrial security. Excellent leadership, team management and mentoring, briefing, and writing skills. Experienced in defining and managing security requirements, as well as in planning, conducting, and assessing the results of security testing and evaluations. Successful team manager and leader. Experienced professional delivering quality IT security and management support.

KEY SKILLS:

Regulatory Compliance - PCI, FISMA, SOX, PCI, GLBA, HIPAA, ISO 27001

Audit Management

Risk Assessment and Mitigation

Information Assurance design & verification

System Security Architecture and Requirements Development

Security and Compliance Management

EMPLOYMENT

Confidential, Austin, TX

Senior IT Security and Compliance Manager

Responsibilities:

• IT security lead for a billion dollar international public financial and retail business.
• Responsible for managing SOX and PCI compliance and developing and managing the organization’s first comprehensive information security management system.
• Over initial twelve months, remediated more than 60 SOX findings and successfully passed an annual SOX audits without any deficiencies.
• Conducted PCI self-audits for multiple applications and directed network re-design to reduce PCI scope and improve compliance.
• Implemented formal change control for the IT infrastructure. Established formal security policies and procedures an built secure O/S and application baseline configurations.
• Managed the implementation of a successful service provided disaster recovery program.
• Developed secure point of sale device configurations.
• Designed in store customer support wireless and supported wireless customer tracking cameras for marketing analysis.
• Conducted planning for implementation of tokenization for PCI and for updating customer payment terminals.
• Managed a four person team of security and compliance professionals.

Confidential, Houston, TX

Information Security Consulting Support

Responsibilities:

• Contract employment to Confidential through ESP providing expert advice and assisting in the preparation of multiple information systems for successful IT security audits under FISMA.
• Activities included documentation preparation, system owner and administrator, and system testing.

Confidential, San Antonio, TX

Cyber Security Consultant

Responsibilities:

• Senior information security consultant providing support to federal and commercial customers.
• Conducted multiple FISMA security assessments for numerous federal information systems.
• Conducted analysis and developed remediation plans for 250,000 security findings for a major federal agency.
• Developed role base information security programs for the Confidential and Human services.
• Developed recommendations and decision briefings for the Veterans Administration for adopting standardized security configuration guidelines.

Confidential, San Antonio, TX

Senior Information Assurance Lead

Responsibilities:

• Senior team lead for Confidential & Confidential GSA’s Information Assurance Center of Excellence.
• Successfully led multiple audit evaluations under FISMA including the primary Federal Reserve information backbone, multiple Federal Reserve information systems, the GSA
• Trusted Internet Connection, and several Confidential systems
• . Developed system security documentation and guided system engineers developing the primary telecommunications backbone for Confidential .
• Wrote and supported multiple successful proposal efforts.
• Led teams conducting system testing to include penetration testing of systems.

Confidential, Charlotte, NC

Information Security Project Manager

Responsibilities:

• Project Manager for Information Systems Residual Risk Remediation Program to gain SOX compliance.
• Lead two teams implementing all Windows Desktop risk remediation projects for all workstations within the company.
• Planned and developed sustainment procedures and documentation.
• Planned and implemented laptop encryption for 11,000 laptops containing sensitive NPI.
• Managed the effort to implement desktop IDF/IPF security suite for 50,000 desktop stations across the company.

Confidential, Austin, TX

Enterprise Information Security Manager

Responsibilities:

• Managed IT security architecture and administration for a Fortune 500 manufacturing and financial corporation with 15,000 users across the US and internationally.
• Managed a six person IT security team.
• Developed and managed transition to SOX compliant user provisioning and role based access control.
• Managed boundary protection upgrades, led Security User Group activities.
• Developed strategic corporate information security goals. Managed day-to-day information security monitoring and control including incident response, security application and device management, integration and planning with system network, server, and desktop managers.
• Interfaced with Auditors and OTS regulators for information security issues.

Confidential, Austin, TX

Information Security Consultant

Responsibilities:

• Provided HIPAA compliance packages and statewide to small public hospitals and independent health care providers.
• Developed and sold company information security risk analysis and security management plans, disaster recovery and business continuity plans, system hardening, and security management plans.
• Implemented secure system architectures for commercial hosting and small-medium sized businesses.