SUMMARY:

IT Compliance and Information Security whose qualifications include a degree in Information Security & Assurance, and strong quality experience implementing IT Governance, Risk Management, and Compliance (GRC), creating information technology programs that are parallel with organization’s need. Able to provide leadership, mentor, and meet business needs across the organization and recommend IT and cybersecurity improvements on a wide variety of area in order to meet regulatory requirements. Highly experienced in the field of Information Technology.

TECHNICAL SKILLS:

Information Technologies: Windows 7,8 and 10 OS, Penetration testing, PCI Vulnerability Mgmt., Endpoint protection, Enterprise MDM Solution, Web Application Security

Systems: Windows, Linux, Mac OS X

Networking: LANs, WANs, VPNs, Routers, Firewalls, TCP/IP, VOIP

Software: Archer, MS Office 365/2016, MS Visio, CISCO VPN, Citrix, Virtual Machines/VMware, Metasploit, Pen Test (Back - Track), Active Directory, Splunk SIEM, Varonis, CyberArk, Qualys, Rapid7

KEY SKILLS:

• IT Business Continuity Planning
• Risk/Vulnerability Management
• IT Policies & Procedures
• Incident Response Planning
• HIPAA Compliance
• Leadership and Strategic Planning
• IT Project Management
• NIST 800-53/ISO27000/COBIT
• SOC 1/SOC 2 Compliance
• SOX and PCI DSS Compliance

IT EXPERIENCE:

Confidential

Senior Information Security Assurance Specialist, Atlanta, GA

Responsibilities:

• Address security risk management & mitigation strategies on various IT projects backed by business units.
• Communicate and collaborate with internal audits and show proof of risk remediation actions put in place.
• Lead in pen testing project coordination to identify risk by working with IT, Legal, TPO, and Audit Team.
• Lead in conducting vulnerability management and remediation efforts.
• Applying the concepts of enterprise risk management to help with key control identification, assess, mitigate, and proactively consider emerging IT risks during SDR calls.
• Change Management approval function, reviewing/approving IT change control tickets.
• Research industry trends, identify ongoing IT and security requirements, analyze new security administration tools, and provide recommendations on the need and usefulness of services and/or products.
• Research IT patch-levels/software updates to provide risk analysis and recommend stakeholders to address vulnerabilities and improve security.
• Apply frameworks and standards such as FFIEC, NIST, SOX, ISO, GLBA, HIPAA, SB1386, COBIT, SEC, OCC, etc.

Confidential

Information Security Analyst, Atlanta, GA

Responsibilities:

• Conducting overall cyber-risk assessment for the hospital and development of information security.
• Developing, implementing, and monitoring strategic comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality and availability of PII/PHI.
• Responsible for developing, reviewing information security policies, procedures and standards.
• Perform oversight on all aspects of information security systems, and implement technologies to ensure compliance with relevant and applicable security and privacy regulations.
• Lead in communicating risk and security issues in business context across organization for PCI DSS and HIPAA compliance.
• Monitor IT environment for emerging threats, and advise relevant stakeholders on the appropriate risk management and course of action by working with the Managed Security Service Provider/SOC dept.
• Lead in conducting vulnerability management, web application security, performing IT gap analysis, reviewing vulnerability and PCI compliance reports with the technical and executive team, keeping up with state and federal cyber laws, rules, and regulations.
• Perform IT audits, vulnerability analysis, and recommend IT best practices across organization.
• Conduct vendor security risk assessment and compliance to provide alignment with the hospital’s security and privacy practices.
• Build a strong information security program that is parallel with organization’s business need along with constructing a long-term business customer focused and creating a positive change within the organization.

Confidential

IT Security Consultant/Information Security Manager, Atlanta, GA

Responsibilities:

• Address risk management associated with business clients and applying IT best practices when it comes to PCI, HIPAA, and SOX Compliance.
• Conducting monthly vulnerability management scan and communicate IT risk to business owners.
• Responsible for mentoring and managing security analyst within the Information Security Office.
• Leading and starting the IT security posture from ground up for many different clients.
• Providing general information technology consulting and project management services for customers.
• Managing IT security annual budget, conducting POC along with vendor security assessments.
• Providing security guidelines to IT application developers and managers for properly securing web applications via OWASP Top 10 application security verification and risk management.
• Lead and managing IT information security forensic investigation for business partners.
• Providing guidance, leadership, in assessing and evaluating information security risk assessment while making sure the organization is compliant with state and federal rules and regulations.
• Hiring, training, and managing high performance team while supervising multiple projects.
• Leading and developing and updating company’s information security policies, standards, and procedures.
• Lead the task on collaborating with business partners, IT directors/managers to meet audit and compliance deliverables on timely manner.

Confidential

Compliance and Information Security Analyst, Merrillville, IN

Responsibilities:

• Senior member of IT department who worked closely with departments leaders to develop and implement a comprehensive IT and information security program throughout the organization.
• Report directly to CIO concerning IT governance, risk management, and governance.
• Primary person responsible for company’s PCI compliance.
• Ensure PCI and IT compliance across 72 corporate and franchise clubs stores in U.S. and Canada.
• Lead in penetration testing and vulnerability management remediation effort as a project manager.
• Served as a liaison between IT, HR, Legal authority, and Finance department.
• Develop and maintain security policies and procedures across the corporate office and all franchise stores.
• Served as an IT incident response coordinator and advisor across corporate office to protect the business.
• Created and updated Business Continuity Planning (BCP) and Disaster Recovery strategy (DR) planning.
• Lead in implementing IT Mobile Device Management (MDM) via Microsoft Azure.
• Lead in managing company-wide mandatory IT security awareness and PCI training.
• Researching on IT Cost Benefit (CB) and Return of Investment (ROI) from 3rd party solutions.
• Lead IT investigations and compliance reviews, as requested by internal or external auditors and vendors.
• Budgeting and negotiating prices for IT security projects and design with business vendors.
• Develop IT processes and procedures, and supports service-level agreements (SLAs) to ensure that security controls are maintained across the organization.
• Perform control and vulnerability assessments of information technology to identify control weaknesses and assess the effectiveness of existing controls, and recommends remediation action.
• Primary individual responsible for the execution of risk assessment activities, analyzing the results of audits to produce recommendations of acceptable risk and risk mitigation strategies.
• Ensure documentation such as information security and IT policies, and certifications are up to date.

Confidential

IT System Support Professional, Kennesaw, GA

Responsibilities:

• Assist in creating and managing the organization’s IT policies, standards, guidelines.
• Works directly with the campus departments to manage IT risk assessment and risk management processes.
• Creating and updating the department’s annual IT best practices.
• Assist with information security awareness training across campus.
• Establishing Service Level Agreement (SLA) between business and IT department.
• Identify, evaluate, and report on information technology risks in a manner that meets compliance and regulatory requirements, and aligns within the risk posture of the institution.
• Updated IT best practices for disaster recovery (DR), incident response (IR), audit practices.
• Re-imaging laptops/desktops via SCCM and malware identification and elimination.
• Develop and handle information technology project management methods and techniques.
• Maintaining and updating Confidential department websites.
• Supervise technology students within the college, maintain documentation of projects and service tickets, and IT equipment within the college.
• Knowledge and understanding of relevant legal and regulatory requirements such as FERPA.

Confidential

Desktop Support Technician/OIT Help Desk, Clarkston, GA

Responsibilities:

• Ensured all IT equipment containing sensitive information are properly scanned with security tools.
• Diagnose computer hardware, software issues and perform basic IT network troubleshooting.
• Interviewing and training new IT lab assistants.
• Responsible for the ongoing support of technology in use for students, staff/faculties.
• Provide Windows remote assistance via Altiris, add or remove PC software.
• Facilitate parts replacement and maintain proper inventory controls and equipment transfer.
• Providing technical support dealing with PC, scanners, printers, wireless networking and technology.
• Providing monthly reports/work orders including IR, Change and Configuration Management.
• Updating IT Asset Management and assisted with internal audits.