SUMMARY:

Strong understanding of Information System Auditing/Security Engineer, IT controls concepts (i.e. COBIT) and Information System auditing Professional Standards (ISACA). Demonstrated high level of analytical ability and understanding of risk and control assessments. Develop audit plans and manage several concurrent audits of new and existing application systems and core IT infrastructure processes to provide management with fair, objective and technically accurate assessment of associated risk and internal controls. Knowledge and experience using NIST standards to assess management, operational and technical security controls per NIST SP 800 - 53.

TECHNICAL SKILLS:

Operating Systems: Windows NT/2000/2003/XP, UNIX, Linux, Cisco IOS and AS/400

Protocol/Services: TCP/IP, NetBEUI, DHCP, WINS, DNS, SMTP, HTML, FTP, Telnet, Frame Relay, VPN, and Active Directory.

Languages/Applications: Visual Basic, C++, Microsoft Office 2000, Exchange Server, AS/400, Lotus Notes, PC Anywhere, Citrix, Help, Tivoli, Peregrine, Remedy, Infoma Microsoft Outlook, GSM, JIRA.

PROFESSIONAL EXPERIENCE:

Confidential, Detroit, Michigan

Senior Security Engineer

Responsibilities:

• Verify and validate evidence of compliance for Requirements.
• Develop Process Flow Diagram to identify security control points
• Participate in Confidential cyber Asset Walk down process for Confidential validation
• Participate in Software/Application Evaluation (

Confidential, Fishers, Indiana

Information Security Tech Architect

Responsibilities:

• Developed Confidential boundary Modification by removing and, or adding a new functional component to an existing boundary.
• Documented application ID’s owners and application names to support Identity Access Management Solutions (IAM).
• Maintained IT security by monitoring and ensuring compliance to standards, policies, and procedures.
• Identified IT Security gaps and assisted in creation/support high-level Security Policy.
• Responded to FFIEC audit findings by tracking the application ID’s, their owners, and the associated applications to centralize Identity Access Management and Reporting.

Confidential, Memphis, Tennessee

Information Security Risk Analyst

Responsibilities:

• Responsible for assessing the risk policy adherence and potential risk vulnerabilities within the third-party (Vendor) applications and key processes.
• Experience with SOX, SOC, SSAE16, Confidential, GLBA and/or application assessments.
• Proficient technical skills, including: audit, IT Risk Assessment,, business analysis, change management, IT Risk Management, operation systems and data sources knowledge, performance metrics and reporting, technical problem resolution,, and vendor management..
• Proficient risk assessment, interpretation, and analytical skills.
• Identify opportunities for process improvements to deliver increasing efficiency within assessment framework.
• Participated in updating control requirements of Confidential DSS to version 3.0

Confidential, Columbus, Ohio

Information Security Risk Analyst

Responsibilities:

• Served as a liaison between the business and the access administration teams to ensure Compliance with Information Technology Risk policies and standards
• Responsible for running multiple projects, simultaneously,and Implement risk management strategies.
• Responsible for performing daily risk functions as they pertain to the access administration functions within the business in compliance with Confidential DSS. Requirements.
• Verify and Reconcile failed Safe accounts in both production and QA environments utilizing Cyber-Ark.
• Clean-up Safes and add accounts into Safes as requested by the Privileged users.
• Provide the missing Seal IDs to the Break Glass unmatched Records.

Confidential, O’fallon, MO

Sr. Security Analyst

Responsibilities:

• Set-up new access privileges and manage existing customer roles & entitlements.
• Administer internal roles & entitlements modifications.
• Analyze and define access needs.
• Coordinate access implementations in all environments.
• Provide back-up support for security help desk
• Conducted Network scans and Security Self Assessment in compliance with Confidential DSS requirents
• Review business and functional requirements and provide technical support/knowledge to identify impact to customer’s security configuration.
• Effectively deal with customer and internal user access difficulties by participating in the simulation and resolution of security issues.
• Interact with customers to provide information in response to inquiries about roles and entitlements or other security matters.

Confidential, Springfield, VA

Security Analyst

Responsibilities:

• Conduct operating system, application, and database vulnerability assessments (to include system configuration checks) on various Information Systems using Nessus scanning tools.
• Analyze vulnerability assessment results, and provide subsequent reports.
• Work alongside Information Systems Security Officers (ISSOs) and system administrators to validate and remediate identified vulnerabilities.
• Conduct vulnerability scan using Tenable Security Center - Nesssus
• Conduct regular research on current vulnerabilities and exploits using publicly available, trusted resources.
• Author information security notifications based on vulnerabilities applicable to the environment and track compliance for notifications requiring corrective action.
• Brief management on current vulnerabilities and provide countermeasure recommendations.
• Calculate and assess risk based on threats, vulnerabilities, and mitigating factors

Confidential, Washington, DC

Security Engineer

Responsibilities:

• Provide risk management assessments, security practices and procedures and solutions
• Implement solutions addressing vulnerabilities and developed plan to mitigate risks associated with the systems’ vulnerabilities.
• Performed user and access administration on designated systems and applications, in accordance with the defined policies, standards and procedures.
• Performed system security administration on designated technology platforms, including operating systems, applications, and network security devices, in accordance with the defined policies, standards and procedures, as well as with industry best practices and vendor guidelines.
• Applied Symantec SEP Antivirus/ Encryption solutions
• Enforce strong security controls to safeguard the integrity and confidentiality of the organization's data
• Perform risk assessment surveys to identify security requirements
• Conduct system vulnerability scan using Retina Tools
• Conduct baseline scan using CIS-CAT Tools
• Assess SystemTechnical controls as defined by NIST 800-53
• Perform System Security Self Asseessment, Contingency Plan, and Security Test and Evaluation
• Perform Business Impact Assessment in support of System Certification and Accreditation
• Provide documentation support for developing and updating system documentation for C&A efforts.
• Document Plan of Action and Milestone (POAM)
• Monitor and test Security Controls to ensure that the security design is implemented correctly.
• Prepare weekly vulnerability report for the client
• Define system security requirements.

Confidential, Cincinnati, Ohio

Lead Information Security Analyst /Sox Compliance Advisor

Responsibilities:

• Security Event Monitoring Team
• Documented procedures, best practices, and proposals .Developed and updated Process Control Manuals.
• Configured and monitores Cisco ASA firewalls.
• Participated in the review of internal controls for Confidential DSS
• Monitored security events in SQL, Oracle databases, Teradata, LT Auditor, BokS and eTrust
• Followed up on security event infractions escalations to resolution in a timely manner.
• Proactively disclose and remedy actual or potential breaches and risks to the confidentiality, integrity and availability of Corporate Data and Systems
• Monitored security events within eTrust Access Controls.
• Experience in security events Monitoring tool - ArcSight
• Performed risk assessment surveys to identify security requirements.
• Monitored systems and conducted reviews of logs, reports, system settings and/or user permissions to ensure compliance with security policies and standards

Confidential, Columbus, Ohio

Senior IT Auditor

Responsibilities:

• Identified and evaluated controls over user connectivity and user accounts based on Active Directory.
• Assessed clients’ IT risks using key controls and objectives to determine the scope of testing.
• Documented the audit findings and recommendations in accordance with standard business format.
• Provided recommendations to management in connection with IS audit work performed.
• Participated in the review of internal controls for Sarbanes-Oxley compliance.
• Attended entrance conference and various audit meetings
• Participated in audit planning processes and developing internal audit guidelines and procedures.
• Tested compliance and conformity with company standards, policies, and procedures that are supposed to meet industry standard like COBIT and COSO.
• Reviewed system internal controls, its documentation and operations, to ensure that appropriate level of control exists for regulatory compliance (e.g.HIPAA, Confidential, SOX) using COBIT and COSO frameworks.
• Prepared detailed audit reports and made meaningful recommendations to all levels of management.
• Analyzed needs, submit recommendations, and implement cost-effective programs encompassing public relations, and target relationship marketing.
• Proactively identified and responded to security events in accordance with set policies and practices
• Prepared written audit reports and presented them to management
• Conducted vulnerability assessment and intrusion detection, and supported security policy development
• Drafted clear and concise audit report .
• Analyzed security controls for Windows Systems to ensure that they meet set standards
• Participated in closing conferences, effectively communicated with internal clients, audit teams and external auditors.
• Collaborated with external audit firms in monitoring and conducting audits.
• Performed follow-up on reported findings and documented results.
• Demonstrated thoroughness, and ability to work independently.
• Performed post-audit reviews to determine compliance with audit recommendations
• Performed work in accordance with IIA Professional Standards and Audit Department guidelines
• Identified user access levels to ensure need-to-know and segregation of duties are met.

Confidential, Columbus, OH

Helpdesk Coordinator/Technology Analyst/ Network Systems Support Analyst

Responsibilities:

• Responsible for troubleshooting and fault finding computers and network connectivity problems and providing resolutions
• Conducted Network vulnerability scan using Nessus and Nmap tools.
• Ran in-house connectivity for LAN/WAN Provision T1 end-to-end dedicated lines to clients.
• Configure WAN connections. Design and implementation of ATM, QOS, Frame Relay, ISDN, CSU/DSU configuration T1, T3, OC3.
• Install and manage Cisco VPN Concentrator- Experience with VPN technology, including remote user access, branch office connectivity, monitoring, and fault isolation.
• Monitored communication lines, Network devices and servers using HP Openview, and Netview.
• Created and maintained user connectivity and created users account based on Active Directory.
• Participated in Disaster Recovery tests and operations
• Provided direction and participated in identification, diagnosis, documentation, communication, and resolution of problems with computer equipment, software, and peripherals.
• Coordinated network problem resolution activities in a multi-platform environment.
• Administered and managed network server hardware and software.
• Controlled all hardware/software functions in a multi-system batch and online environment, ensuring that all devices, components, and subsystems are functioning normally
• Troubleshot and debugged connections to peers, customers, vendors, and internal network connections.
• Administered Windows NT/2000and Citrix servers
• Monitored and analyzed computer performance by means of the systems console and software performance tools.
• Communicated outage notification for major system outages to customers and management
• Controlled daily batch jobs consisting of multiple interfacing applications in a batch/online environment to successfully meet pre-defined Service Level Agreement (SLA) for data center user.
• Maintained constant review of critical scheduling requirements to avoid or minimize lost time and dollars.
• Responded to the technical needs and questions of customers concerning their applications, equipment and access.
• Administered Windows security with logon rights and NTFS access control list, and managed domains, add user/group accounts for sharing of resources in Active Directory.
• Configuring, Installing and Monitoring Cisco IDS, and IPS
• Setup, configured, and gave support on the use of local area networks.
• Provided in-depth front line technical support to diagnose, analyze, research and resolve computer problems for internal and external Enterprise customers,
• Provided responsive on-site computing support, including desktop, server, network and telecommunications to diagnose, analyze, research and resolve problems for Internal Enterprise customers
• Created targeted orders as necessary to deliver a complete product.
• Followed -up on targeted orders. Contact suppliers directly to identify targeted orders, assess status, and resolve issues.
• Scheduled midday communications and recommended appropriate solutions to any systems that failed midday communications.
• Troubleshooting agents’ servers and workstations. and provided solutions for Wintel server environments including DNS, DHCP, and Active Directory .
• Assisted in maintaining, configuring, installing, and testing network hardware and software, this include but not limited to routers, switches, hubs and firewalls.
• Installed, and loaded software over the network to the agents’ systems
• Responsible for providing support to users on network.
• Performed necessary tests and diagnostics to isolate and correct network and members problems. Escalated network problems to appropriate personnel in accordance to departmental and corporate procedure.
• Monitored systems infrastructure through available network monitoring tools and monitored incoming issues through trouble tickets to assist in the identification, escalation, and resolution of problems.