TECHNICAL SKILLS:

Networking: VPN, SecureID, Linux, J2EE, Cisco PIX/ASA, Host Intrusion Protection, Data Loss Prevention

Database: SQL, Access, TMA Project Database, Quickbase, OnBase

Tools: MS Project, MS Office, Archer, ePO, Primavera, McAfee, VMWare, CDC Management Access System, nCircle, Nessus, Snort, SharePoint, IBM AppScan, IBM Guardium, Cisco Iron Port, Trend Micro Deep Security Manager, Symantec Network/Server Monitoring Tools, WireShark, BackTrack 5, Request Center, Lumension, BindView, BMC Remedy, MICP, Remote Desktop, SVN, Zimbra, Clarity

PROFESSIONAL EXPERIENCE:

Confidential

Lead IT Security Analyst

Responsibilities:

• Implemented PCI as a program
• Completed PCI DSS RoC
• Wrote and managed technical documentation including policy, procedures, standards, and baselines.
• Worked with Vendor Management Program including working with legal to obtain PCI compliant verbiage for all third party service provider agreements.
• Regarded as the company SME in PCI and Compliance and consulted with other teams to achieve shared vision.
• Provided Compliance guidance for Vulnerability Management Program
• Implemented and documented Compliance Program
• Trained junior associates in compliance process
• Worked closely with senior leadership to address remediation and give status reports ad hoc.

T eam Lead PCI and Compliance Specialist

Responsibilities:

• Managed Team of Security Analysts specializing in PCI
• Completed 4 PCI ROC including PA DSS and PCI DSS
• Wrote and managed technical documentation including policy, procedures, standards, and baselines.
• Managed Vendor Management Program including working with legal to obtain PCI compliant verbiage for all third party service provider agreements.
• Consulted on customer PCI compliance questions and security questionnaires.
• Worked with various teams across the organization to advise on PCI and collect necessary evidence.
• Created and conducted PCI awareness training.
• Worked Data Loss Prevention Team on various projects.
• Implemented Archer for PCI and Compliance GRC.

Team Lead i T Security and Compliance Analyst

Responsibilities:

• Performed risk management in order to implement compliance standards for SSAE16 SOC2, PCI, SOX, FISCAM.
• Managed Security Rick and Compliance Team
• Managed vulnerability scans using Tripwire and Qualys.
• Created and conducted Security Awareness Training and PCI Awareness Training.
• Utilized a PCI - approved third party for penetration testing.
• Created and managed vendor management program.
• Technical writing including policy, procedures, and published security content.
• Maintained security framework based on NIST 800-53.
• Developed forensics lab to research potential breaches and vulnerabilities.

Senior Enterprise S ecurity Analyst

Responsibilities:

• Technical writing including policy, procedures, standards, and work instructions
• Performed Risk Assessments.
• Responsible for all compliance including HIPAA/HITECH, SSAE16 SOC2, CMS, NIST, FISMA.
• Technical Project Planning
• Perform security guidance and training
• Vulnerability Management
• Application/Software Control
• Pre and Post audit compliance
• Incident Management

Security Analyst

Responsibilities:

• Support McKesson Pharmacy Systems and Automation(MPSA) business unit
• Responsible for all MPSA HIPAA/HITECH Assessment including scoping, control design testing, and maintain and update Archer.
• Managed and maintained PCI Certification for MPSA.
• Managed SSAE16 SOC2 audit for MPSA.
• Vulnerability Management including scanning, reporting, and monitoring remediation using Nessus.
• Managed DLP in ePO for MPSA
• IT Project Management including Archer administration
• Maintained Asset Management utilizing ePO and Archer
• Vendor Management including risk assessments and rapid risk profiles on all MPSA vendors
• Created Metrics reporting presented to senior leadership.
• Created formalized documentation to meet HIPAA, SSAE16, and PCI requirements
• Maintained SharePoint site for Information Security Risk Management.
• Participated in Disaster Recovery for MPSA.
• Participated in customer security presentations.

Information Security Analyst

Responsibilities:

• Technical Writer for all security documentation such as policy and procedures and business continuity plan
• SharePoint Administration including setup, training, maintenance and access control
• Create dashboards and pivot tables for senior management
• Point of contact for all security audit inquiries
• IT project management
• Maintain security documentation according to PCI and SOX compliance
• Recommend best security products
• Review current products for improvement, replacement, and cost effectiveness
• Implement best security practices for networking and applications
• Review customer audits for any identified risks and ensure remediation is completed
• Perform root cause analysis for any identified risk
• Create and maintain SharePoint portal to house security policies and procedures
• Negotiate security contracts
• Identify security gaps and make recommendations for improvement

Senior Security Analyst

Responsibilities:

• SharePoint administration including but not limited to, assisting with rollout, training and usage, presentations, and access control
• Assist Information Security Officer with maintaining vulnerability assessments reporting using IBM AppScan and Guardium for compliance according to NIST and FISMA
• Negotiate contracts and process renewal
• Monitored Intrusion Detection Systems
• Create PowerPoint presentations and Excel pivot tables for senior management meetings
• Incident management using various tools.
• Assign and close tickets for remediation of identified security violations.
• Provide input to written reports describing detailed findings that result from security evaluations. Issue McAfee encrypted drives for support of CDC security policies..
• Respond to security audit requests for division

Security Analyst Lead

Responsibilities:

• IT Project Management for Security Division monitor and maintain all security related projects.
• Performed forensics on desktops and servers
• SharePoint administration included creating and maintaining security repository and intranet channel, user training, and access control
• Point of contact for security audit related inquiries and client scans
• Worked with external auditors to fulfill SSAE16 SOC2
• Utilized Data Loss Prevention tools such as McAfee and Symantec
• Used Snort and Cisco Intrusion Detection systems for Unix/Windows
• Created and maintained complex pivot table reports for departmental use and presented information to senior management
• Vendor Management including contract negotiation
• Reporting using PowerPoint for presentation to senior managers and security training
• Utilized Microsoft Project to track milestones, deadlines and resources
• Utilized pivot table reports to track risk and audit information
• Trend Micro Deep Security Manager and Agent using VMware’s Vshield Endpoint platform
• Conduct vulnerability assessments and monitor all remediation efforts for PCI Compliance
• Troubleshoot internet VPN connectivity issues with TCP/IP
• Set configurations for Cisco firewalls to install vulnerability appliances
• Review Enterprise hardware environments including Linux, Windows XP, and Windows 7
• Reviewed access logs and physical access logs for unusual security events
• Conducted security audits for PCI and SOX compliance
• Control and monitor vendor physical and system access
• First point of contact for security questions and audit response
• Vendor management included conducting vendor risk assessment and controlling vendor system access.
• Fulfill firewall request according to change management
• Monitor and maintain Access Log with proper audit trail
• Incident response and root cause analysis
• Day to day monitoring, analysis, decision-making, and response to firewall rule events, intrusion prevention system events, data loss prevention system events, antivirus events, and host based security events.
• Technical writing included creating and maintaining all security policies and procedures

Information Security Analyst II, Information Technology

Responsibilities:

• Research and gather information related with each project.
• Maintained SharePoint portal for department and trained users.
• Created content pages for SharePoint sites and controlled access to portal.
• Created pivot table report for audit tracking purposes.
• Facilitate IT related projects from original concept to completion in accordance with project plans that vary from simple to complex using Microsoft Project and Primavera
• Created reports on activity of Cisco Routers/Switches
• Symantec Anti-Virus Administration
• Coordinate and manage resources/project team and assign tasks.
• Conducted security audits for SOX compliance
• Vulnerability Assessments/ Risk Assessment
• PCI Compliance and contract negotiations to support PCI
• Create documentation for each project according to standards and templates.
• Finalize documents and oversee projects for all requirements and specifications.
• Maintain proper documentation of internal and external verbal and written communications.
• Manage multiple assignments of various complexities at one time and understand dependencies between assignments and overall project

Technical Subject Matter Specialist

Responsibilities:

• Coordinate and manage resources/project team and assign tasks.
• Create documentation for each project according to standards and templates.
• Create statistical and feasibility data reports.
• Provided support to Emergency Operations Center gathering information and technical documentation
• Manned Emergency Operation Center call center to collect data from state and local agencies
• Performed day-to-day general administration functions such as record and file maintenance, travel administration and timekeeping functions.