SUMMARY:

• IT professional with over 30 years of experience in the Mainframe and Data Center space with Client Server applications in a production environment.
• Hands on Mainframe Security Manager with over 7 years of experience in managing a overseas team in various locations for business, financial and brokerage applications.
• Supported BCP and Operational Risk Control's on a 24x7 basis as well as working with Audit controls.
• Maintaining support for database systems and user interfaces using Z/OS,Ca Top Secret and IBM RACF.
• Worked on IT Risk and Audit projects helping evaluate issues and resolve them.
• Conducted walk through review of user entitlements and removed over entitled access.
• Setup privileged access for management and setup special forms to request and review access.
• Supported BU’s on Role base access for users and Segregation of duties.
• Good interpersonal skills combined with strong analytical skills and technical proficiency abilities along with solid team leadership background. Well organized, detail - oriented with a strong work ethic.
• Flexible, fast learning, dependable, hardworking, efficient and reliable.
• Excellent oral and written communication skills, worked on PowerPoint, Excel, VISIO, strong time management skills.

SKILLS:

Attended CA/Top Secret security seminars, Management Classes, JCL Catalogued Procedures, MVS JCL Troubleshooting, MVS JCL and Utilities class, MVS VSAM concepts and ICAMS class. SAS Programming, Technical Computer Seminars, Correlog, Splunk, Power-Point, EXCEL, VISIO, Vanguard, Office, TSO/REXX, TSO/CLIST, z/OS, JCL and Utilities, Cobol programming classes. Sharepoint, ServiceNow forms.

TECHNICAL SKILLS:

Hardware: IBM 43XX, 33XX, 3033, 3090 CPU’s and Related peripherals, IBM System/38 and peripheral system hardware. IBM PC’s, PS2, LAN communications equipment.

Software: OS and MVS and XA, OS and MVS and ESA, OS/390, COBOL and DB2,SAS, OS and JCL, OS UTILITIES, VSAM, TSO and ISPF, CHANGEMAN, MICROSOFT OUTLOOK, MICROSOFT WORD, MICROSOFT EXCEL, VISEO. CA-Top Secret, IBM/RACF, CA-Compliance Manager, CA- Examine/TASA, JES2, JES3, VM/CMS, TSO/ISPF, VTAM, TLMS

PROFESSIONAL EXPERIENCE:

Confidential

IT Security Engineer

Responsibilities:

• Provide senior level technical support for CA Top Secret in a large complex multiple Lpar environment using CPF, Top Secret for DB2 and CA Compliance manager.
• Lead work efforts involving internal and end user personal to define access and control needs, reporting notification and data gathering solutions as required.
• Provided written documentation for BRD(Business Requirements Definitions) and the FSD(Functional System Design) for All test cases
• Providing support for Correlog reporting system to gather data and send it to Splunk for evaluation of violations of High Privileged access.
• Wrote several reports for the Splunk application
• Independent contract work Nov
• Independent IT Contractor worked on many different Ca Top Secret systems projects.

Confidential

Hands on Security Manager

Responsibilities:

• Covered all maintenance changes to the Z/OS systems and covered disaster recovery testing for Top Secret.
• Performed internal IT risk assessments, conducted gap analysis against industry standards, and provided recommendations on mitigation options.
• Defined and implemented IT operational practices and procedures and provided the practical background needed to successfully adopt the control environment that is required to comply with government regulations.
• Perform general control oversight and review to verify compliance with SOX standards and BCP practice
• Worked on Service Now forms for Requests, Incidents and Tasks that had to be processed. Worked with Service Now developers to establish new forms as needed
• Audited the security team in the area of general security practice. Identified and communicated potential security holes and risks and presented recommendations to senior management.
• Identified and evaluated risk during review and analysis of System Development Life Cycle (SDLC), testing/QA and implementation of systems upgrades
• Held meetings with Audit manager and Security manager to make sure audit requirements were met and security practices were changed on the security team
• Identified improper configuration and excess privileges for Security staff and suggested recommendations to resolve the privilege access.
• Tracked and recorded project progress, maintained issues, error logs, and arranged meeting agendas. Worked effectively on various department projects in a team centered environment.
• Worked with auditors and Bu’s to administer the system by using the security package of the firm to control all access right to data.
• Supported BU’s on Role base access for users and Segregation of duties by running Audit reports on entitlements
• Managed the mainframe security administration team in a highly pressured environment.
• Supported Operational Risk controls being on-call 24x7 and made necessary suggestions to improve those controls
• Worked with the IT Risk management, Governance, Risk and Compliance and Audit teams on all security issues.
• I Conducted walk through reviews of user entitlements and removed over-entitlements not needed
• Ensured escalations are addressed and hand-off is occurring between services and regions overseas.
• Good communication, written, oral and interpersonal skills. Wrote new process and procedures according to audit and security issues and assure they were completed in a timely manner.
• Wrote yearly strategy for AS400 Security Monitoring and Mainframe Security Operations.
• Developed documents and implemented security procedures, standards and guidelines to provide a clear understanding of expectations, requirements and common processes to ensure integrity and confidentiality.
• Reduced attributes and profile utilization from $1,000,000 to $200,000 which resulted in a savings of $1,000,000 in operational maintenance.
• Improved compliancy rate by 3% with Mainframe cleanup of redundant attributes on user Ids.
• Work independently and as a team member. Willingness to collaborate across the organization and work with all related teams involved.
• Simplification of 2 core services, which resulted in $100,000 savings and Improving value of the team.
• Used Vanguard for RACF processing of requests.
• Excel Analytics used for reports to get better metrics and understanding of reports.
• Managed projects for simplifications of process and met time requirements for completion of projects.
• Served as the Top Secret subject matter expert for the Administration team.
• Responded to SOX escalations requested by Audit and provide response to Audit manager.
• Supported change control team when new maintenance was added and covered rollback of system because of incidents.
• Reviewed and changed Top Secret parameters to ensure the best production for various resources across all Lpars.
• ITIL1 and ITIL2 certifications, working on CISM, CISSP and CISA Certification in progress.
• Represented the team during the Weekly Change Control Meeting and identify support activities for team and on-call support.
• Represented team during the Disaster recovery event or any changeover to other location and identify support activities for team and on-call support associate.

Confidential

Mainframe Security /Top Secret Administrator/Engineer

Responsibilities:

• Responsible for Data Security department to handle all technical and administrative duties reporting directly to senior management.
• Worked on disaster recovery procedures for continuity of business. Maintain 24-hour, on-site coverage during the dry-run of system testing for disaster recovery.
• Monitored all system access by generating CA-Top Secret audit, utility and violation reports and follow-up on violations by addressing the issues with management and staff.
• Provided 24-hour on-call coverage of security as scheduled by senior management.
• Reviewed all Top Secret parameters to ensure the best production for various resources.
• Added new users and delete old user ID’s as requested by the corporate and user community.
• Provided 98% processing efficiency of system access request forms, averaging 100 forms per day.
• Implemented Fail-Mode for all facilities under Top Secret for approximately 16 systems.
• Documented all security changes and new products being secured along with procedures which were implemented.
• Verified results and distributed reports; managed five gigabytes of dedicated DASD and 500 tapes to ensure the best performance possible for the department’s other programmers.
• Served as liaison to the Firm’s operations areas.
• Created and maintained documentation of system Data flows, requirements, and problem resolution procedures.
• On-call 24x7 for security group
• Participated in hardware selection for data center upgrades.
• Executed daily production runs and maintained on-line systems.
• Corrected hardware and software problems when necessary.

Confidential

Data Security Systems Officer

Responsibilities:

• Service Technician for the Confidential Group, responded to user problems, achieved a timely resolution and subsequently follow up until closure and Performed investigatory efforts to help find root causes.
• It was my responsibility to record all user problems in Info tract tracking system. Administrator for the building security system, set up access cards, and coded passwords and worked with users who had perpetual password, technical and PC problems.
• Maintained Dynamic Reconfigurations of the network, and administered Confidential -smart accounts for the Private Banking Group.
• Responsible for delivering outgoing information to the user community, including Daily/Weekly Confidential -mail messages, voice system status recordings and phone calls to key users in the event of system problems.
• Protected the company’s information using CA-Top Secret security.
• Addressed all Data Security issues and implement security via Top Secret.
• Reviewed all Top Secret parameters for all Lpars to ensure the best production for various resources and facilities. Add new users delete old user ID’s as requested by the corporate and user community.