SUMMARY:

• Accomplished professional with experience in Information Technology, with 38 of those years in the Security/Auditing environment.
• Main experience in Confidential large - scale mainframes, as well as past experience in AS/400 systems, RS/6000 systems, Novell networks and Windows NT networks.
• Strong background in technical systems, audits and security protocols including operating systems (z/OS). Strong background in a variety of security systems, primarily RACF, with past experience in ACF2 and CA-Top Secret.
• Strong background in project planning and execution, particularly relating to controls, security, planning, testing and execution.
• Background in SDLC protocols, Sarbanes-Oxley requirements, FDIC/FFIEC/Comptroller regulations, UK Information Security Act, UK Privacy Act and ISO17799, GSD331, Role-Based Access Controls (RBAC), and DIACAP/NIACAP analysis and remediation.
• Strong verbal and written communication skills, having successfully conducted Security and Disaster Recovery seminars.
• Published author and speaker on the topics of Information Security, Physical Security IT Audit, Disaster Recovery and Year 2000 issues.
• Also, strong background in technical writing on RACF issues.

TECHNICAL SKILLS:

RACF, z/OS, MVS, OS/390, CA-Top Secret, z9, JCL, TSO, ISPF, AS400, RS/6000, Novell Networks, Windows NT Networks, Project Management, Project Planning, Security Consulting, Sarbanes-Oxley, SarbOx, SOX, GSD331, ISeC, FDIC, FFIEC, RBAC, DIACAP, DISA, NIACAP, Audit, Easytrieve, PanAudit, Security Analysis, Security Remediation, Mainframe Analysis, Mainframe Remediation, Risk Assessment, z/OS Assessment, z/OS Healthcheck, RACF Healthcheck

EMPLOYER HISTORY:

Confidential, Cleveland, Ohio

RACF Engineer

Responsibilities:

• Assisted Identity Management group constructing authorization controls, methods and procedures.
• Investigated and provided answers to questions regarding RACF violations, changes, and insufficient authorizations.
• Performed requested/scheduled RACF maintenance tasks
• Assisted with Digital management to install, renew and replace digital s.
• Provided 24-hour support for production RACF problems.
• Planned coordinated and implemented security measures to safeguard information against accidental or unauthorized modification, destruction, or disclosure.
• Conferred with computer user departments and programmers/developers to plan data security for new or modified software, discussing issues, e.g., employee data access needs, risk of data loss or disclosure.
• Reviewed plans to ensure compatibility of planned security measures with establishment security software.
• Discussed/requested needed system programming changes with systems programmers (including RACF database resize/restructure).

Confidential, Dubuque, Iowa

Information Security Technical Support

Responsibilities:

• Managed z/OS security system settings and assist technical support teams with system and subsystem security for mainframe computing environment.
• Developed new procedures or processes independently or through the team to complex problems, analyzed situations, implemented solutions as needed to remediate issues.
• Developed new procedures and standardized tools to resolve problems and provided input into the implementation of enhancements to prevent problems from recurring.
• Evaluated, assisted and provided direction to configure software product interfaces.
• Provided 24/7 on-call support for customer requests, emergencies, etc.
• Supported upgrades of Confidential -supported products.
• Tested new release and maintenance upgrades for the mainframe security system and make implementation recommendations.
• Developed new procedures or processes independently or through the team to resolve problems, analyze situations, and implement solutions as needed to remediate issues.
• Ensured account audit readiness as required by Confidential Corporate and commercial accounts standards.
• Effectively negotiated with technical peers, and occasionally with customers, to implement technical solutions.
• Mentored less experienced personnel on security requirements.

Confidential, Fort Wayne, Indiana

Senior Security Specialist

Responsibilities:

• Developed security infrastructures to comply with regulatory requirements (SOX, HIPAA, PCI, GLBA, and Banking regulations) and best business practices.
• Technical project design and direction including development of security task lists, work lists, schedules and assignment, staffing, and execution, security implementation and remediation.
• Performed an in-depth DIACAP analysis and remediation project for a large insurance concern, completing and clearing 157 issues on the mainframe system ahead of schedule and under budget.
• Directed the work of three colleagues, generated the Confidential -required documentation and evidentiary materials, kept schedules and updates, and communicated with the client and the assessment firm.
• Development of RBAC Documentation and Implementation for a large insurance concern.
• Performed detailed analysis of mainframe security settings.
• Developed/performed detailed audit process for z/OS security
• Developed/performed detailed remediation process for multiple mainframe system.