Information Security Principal Resume

SUMMARY

Results - driven, customer-focused information technology professional offering expertise in architecting and integrating business operations into IT process audit, compliance, and remediation for logical access control, business continuity management, general risk assessment, security risk assessment, project management, and data analysis.
Efficiently collaborates with all corporate enterprise groups and remote locations.
Works well in multicultural environments and builds effective work relations with clients and colleagues.

TECHNICAL SKILLS

Compliance: IT SOX 404 302 SAS 70 SSAE 16 Service Organizations Control (SOC), PCI-DSS, FFIEC BCP, HIPAA, ARRA HITECH

Infrastructure: DB2, Oracle, MS-SQL, MySQL, Microsoft SharePoint, Apache, IIS, Cisco, Firewalls, Active Directory, Novell

Operating Systems: Windows servers, Linux - Mandrake/Red Hat, Solaris, AIX, z/OS (OS/390), OS/2

PROFESSIONAL EXPERIENCE

Confidential

Information Security Principal

Responsibilities:

Managed PCI-DSS & SSAE16 I.T. security and compliance for $80B/year transaction flow
Project managed remediation actions as needed
Wrote and Implemented policies, standards, processes and procedures as needed
Performed identity access management 100% audits across multiple types of systems and applications

Confidential

Information Security Principal

Responsibilities:

Confidential

Senior Consultant

Responsibilities:

Wrote Business Impact Analysis report (166 pages), Risk Assessment (70 pages, including an overall assessment to industry standards best practices) and FFIEC Gap Analysis (20 pages), after interviewing nearly 100 people across nearly 50 business functions in 5 cities, toward updating Business Continuity Plan and IT Disaster Recovery Plan.
Developed and documented (including 130 site photos) Business Continuity Local Physical Risk & Security analysis for 4 locations (180 pages total).
Researched and reviewed 50 business continuity management software solutions, presented 7 to senior management with a strong recommendation for one, and conducted an acceptance trial of the software to the client’s staff and management satisfaction.
Implemented and deployed business continuity management software product, customizing to FFIEC compliance with SharePoint 2010 Designer and SQL Server Reporting Services.

Confidential

Senior Consultant

Responsibilities:

Interviews and documentation for Business Impact Analysis reports with 70 business functions toward creating an IT Disaster Recovery Plan and then a Business Continuity Plan.
Addressed security change exceptions needed for business operations by managing process changes, integration with IT technical SMEs, vendor discussions, implementation of security controls and reviews.
Wrote security access control policies, processes and procedures. Edited social media policies, hardware inventory policies, network security policies, and IT procedures.
Worked on HIPAA/HITECH Breach Law compliance (access control and audit trail) and incident investigations. Monitored HITRUST Common Security Framework development.
Performed SOX compliance across multiple systems and applications
In-depth audit involving 10,000 security access rights involving 450 managers with 5,000 employees, and over 1,400 compliance evidence emails.
Initial PCI-DSS compliance design of network security and business processes.