- Solution - oriented Certified Information Security Professional, with extensive experience working on a broad range of corporate IT initiatives. Participating in designing, managing, planning, auditing and implementation of Information security and data protection solutions in direct support of business objectives.
Confidential, Lake Worth, FL
Senior Managing Principal
- Developed security guidelines and methodology for classifying sensitive data, lead projects to integrating IT governance and regulatory controls within cloud base architecture. Worked with management to define, deploy and monitor risk management, compliance, and information security programs while functioning as a primary IT Data Security SME. Established and revises policies and procedures for the general operation of the Compliance and Security Program to prevent illegal, unethical, or improper usage of corporate assets.
- Identifying potential areas of vulnerability and risk; developed/implemented corrective action plans for resolution of problematic issues and provides general guidance on how to avoid or deal with future threats. Manage tracked and remediation of threats and weakness by leveraging agreed upon action plans and responsible technology including BigFix Patch Management, IBM Qradar Security Intelligence Platform, Nessus Vulnerability Scanning tools in collaboration with cross-functional teams to bring IBM Cloud Infrastructure into compliance with FISMA, PCI-DSS, NIST, HIPAA, and ISO 27001 regulatory requirements. In order to proactively assess and investigate existing as well as emerging vulnerabilities and their potential impact to IBM Cloud Network Infrastructure.
- Prior primary SME focal for EMC Storage, Enterprise Messaging, Business Continuity/Disaster Recovery, Data Security and Privacy practice, overseeing Application redundancy and availability across multiple datacenters, successfully executed HA between sites with zero data lost. Lead the EMC SourceOne Application Team as a Subject Matter Expert in executing business continuity requirements to protect critical customer data, allowing their Financial Banking client the ability to effectively respond to Litigations and eDiscovery request. Recruited by EMC Corporation to architect and deploy the largest implementation of SourceOne Email Management and Archive, eDiscovery solution for Citi Bank, across different geographical locations within EMEA, APAC and North America.
- Prior to my engagement at EMC, I Lead SourceOne Email Management & eDiscovery migrations efforts at Hartford Insurance Group. Implementing technology changes with minimal end-user impact, demonstrating a comprehensive understanding of the impact of technology changes on business users, appropriate planning, executing and communicating change management requirement to affected departments. Adheres to proper escalation and change control procedures.
- Worked with the City of West Palm Beach, Florida to redesign their e-Discovery/Legal Hold architecture, deploying EMC SourceOne Email Management 7.2 SP2 with Discovery Manager solutions, enabling the city management team to respond to litigation and eDiscovery request from external counsel and third parties.
- Participate and provide leadership on various committee’s councils and process improvement teams acting in an advisory capacity, interprets security laws regulations and contract requirements; directs subordinates in enforcing compliance; and maintains relationships with law enforcement regulatory agencies and other issuers of security requirements.
Confidential, Miami Florida
Manager I.T Security & Data Integrity/HIPAA Security Officer
- Responsible for developing and monitoring practices to ensure that JHS’s information technology is secure from unauthorized access, protected from inappropriate alteration, physically secure, and available to authorized users in a timely fashion. Additional coordination, oversight and management of all activities related to the development, implementation, maintenance of, and compliance with the entity’s policies, procedures, and standards governing the privacy, confidentiality, and security of all individually identifiable health information in compliance with HIPAA, the Department of Health and Human Services (“DHHS”) regulations implementing HIPAA particularly the HIPAA privacy regulations, and other state and federal laws, professional ethics, and accreditation standards protecting the confidentiality and privacy of individuals and their health and other information, such as financial information.
- Assists management in the strategic planning of information security policies and procedures, as head of the HIPAA Security Office I’m tasked with overall responsibilities for maintaining the confidentiality, integrity and availability of Jackson Health network information System and patient’s Medical Records according to HIPAA regulations and standards. In addition, work with Executive management and department heads to ensure compliance with data security policies and standards.
- Act as a liaison to both the JHS Chief Compliance Officer and the Director of Internal Audit to ensure appropriate coordination between the facility’s security, privacy and internal audit programs. Revise the security program as necessary to comply with changes in the law, regulations, professional ethics, and accreditation requirements and as necessary because of changes information technology operations, and the overall health care climate.
- Developed and implementing HIPAA Security Rule policies and procedures, and built, maintained, and ran a complete Data Security program, performing application profiling assessments through dependency mapping and analysis for meeting business objectives and regulatory and industry compliance requirements, for controls based on (i.e. ISO 27001, PCI DSS 1.1 and 1.2, HIPAA). Conducting enterprise risk assessments, developed remediation plan that address vulnerability within key applications that host ePHI and other sensitive information.
- Takes appropriate action to minimize and mitigate harm, investigate breaches, and makes recommendations to management for corrective action. Maintains awareness of changes in security risks, security measures, and impact to corporate computer systems; through the establishment of the JHS Security Awareness Training Program and Procedures.
- Act as an intermediary between HIPAA and organization if legal suit or claims are brought against Jackson Health System. Additional oversight for responding to OCR (Office of Civil Rights) the governing body that regulates and administers the DOH HIPAA program, this includes our current IT Risk based Assessment of Jackson Health System Clinical and Financial Systems that contains patients ePHI and PHI. Worked with the state and government agencies to investigate Fraud, Security Breaches and other incidents affecting the covered entity.
Confidential, Fort Lauderdale, FL
Senior Storage & Messaging Engineer
- Lead technology architect for the design and deployment of the Varian Trilogy & Accuray Cyber knife medical Solutions for Confidential, Manage Radiation Oncology IT infrastructure, collaborating with vendors, management and network engineers, to develop and design system and security requirements for the hospital's $34 million-dollar Radiation Oncology project. Work with external vendors to architect procedures for application redundancy, and recoverability of cancer patient medical data. Budgetary and financial responsibilities, covering: enterprise Storage, messaging and business continuity spending at Confidential .
- Worked with external vendor’s Zix corp & Symantec MessageLabs to design and developed data security solutions to ensure confidential, privacy, integrity and authenticity of patient’s data as clinicians and non-clinicians utilize our messaging system while providing healthcare services to the community we serve. These Data Security and Encryptions solutions allow the business to realized cost savings of $50K annually over the next three years.
- Work with Varonis DLP team to Scope, Design, and Architect the implementation of their Data Advantage and Data Privilege security suite of tools that allow the business to better classify data. Establishment of automated Data Access auditing reports that allow senior management to see changes made to targeted documents. The Data Access Control Management portion of the tool allowed us to audit access privilege to our EMC NS702 file system.
- Worked with Microsoft and EMC to Design, Architect and Deploy current exchange 2010 environment (10, 000 user mailboxes) implementing best practices for DAG (Database Availability Group) Disaster Recover, system and storage redundancy. Responsible for the present design and deployed Zix Corp Encryption and Security Appliance, which protects corporate email messages as there traverse our corporate network. Leading the Messaging teams to manage and support messaging services for 10th largest Healthcare System in the US, troubleshooting and resolving Exchange 2003 & 2010 related problems that affect the flow of data to our end users. Lead the upgrade of existing EMC EmailXtender application to SourceOne Email Messaging & Archiving Solutions 6.8 SP2, designed and architected Good Messaging solution to extend the corporate email network to mobile users utilizing IPhone, Android, and other Mobile Sync devices.
- Re-architected Enterprise Disaster Recovery and Business Continuity environment, enabling us to better classify data based on; criticality, retention period, and recoverability. In doing so, saving the business more than $150K over the last three years by renegotiating contracts with backup and Storage vendors. Designing disaster recovery solutions for critical environments application running on over 400+ VMware servers supported by 50+ HP/DELL Blade System covering over 200TB of archive data on EMC Virtual Disk Library (EDL 4000 Series SAN backup Solution, Establishment of recovery processes that enables the business to protect critical department data utilizing EMC’s CLARIION SnapView, Celerra Replicator, and Replication Manager).
- Develop scalable, maintainable, consistent, highly available storage architectures that meet business objectives. In addition to the management of VMware ESX Virtual Center, VMotion, Distributed Resource Scheduler (DRS), High Availability (HA), VMware File System (VMFS), virtual switches/networking, and failover/fallback processes. I also Setup and configure Fabric Zoning on Cisco MDS 9509 Fabric Switch. Perform capacity planning analysis and other needs assessments to inform storage architecture strategy. Establish strategies for storage consolidation, centralization, and optimization to reduce downtime and costs while improving security, performance and data protection. Design redundant systems and policies for disaster recovery and archiving to ensure effective protection and integrity of storage appliances and stored data assets.
Senior Storage & System Engineer
- Lead Business Continuity & Disaster Recover Engineer overseeing our corporate bi-annual disaster recovery exercises at SUN GURD in Philadelphia, PA. Configuration and deployment of EMC CLARiiON DL720 (CDL), StorageTEK SL8500, L180 and 9940/9840 storage units into existing backup infrastructure comprising of over 1 PB of data on EMC CX3, CX4 and NS Storage Arrays. Schedule and deployment of new client applications for daily/weekly backup rotations.
- Strong experience in providing primary support for installation, configuration and maintenance of Windows 2000/2003 servers including Server Builds, Deployment, Patch Management, Backups, and Business Continuity/Disaster Recovery Planning. Additional responsibilities include performance tuning, strong security measures, managed Active Directory (including TCP/IP, DHCP, DNS, IIS) within a mixed 2000/2003 Windows environment for over 1500+ Servers in our Charlotte & Delray Data Center plus 80+ Domain Controllers at remote offices through the US and Canada.
- Worked with ODs field support engineering teams troubleshooting both critical and non-critical issues affecting remote site’s operations and productivity. Member of the Business Continuity & Disaster Recovery First Response team, task with planning, testing and executing procedures for protecting critical HR, Financial Systems running PeopleSoft and other applications, utilizing Symantec (VERITAS) NetBackup 5.0/6. In preparation for Hurricanes and other events that impacted our ability to support both internal and external customers.
- Engineered, upgraded and supported the Backup infrastructure at Confidential ’s 60 remote offices all running Symantec Backup Exec 9.0, 9.1/10D/12D designing recover procedures to mitigate system failure or natural disaster. Setup administered and maintenance of Microsoft Exchange 2003 Server with over 10,000+ user’s mailboxes. Establish and managed all (SFTP) Secure File Transfers between Confidential, Inc and its corporate clients deploying and managing our corporate PGP and other encryption data transfer methodologies to safeguard data exchanges with external vendors