- Operational excellence champion. 20 - year information technology/security professional with increasingly-responsible experience. Meets security challenges calmly and effectively. Expert communicator with varied styles delivered based on audience. Adept at prioritizing cost savings in order to maximize revenue.
- Agile Project Lifecycle Management
- Application Security/SSDLC
- Corporate Learning & Development
- Cost Management (Budget, P&L)
- Cyber Risk Management
- Cyber Security Expertise
- Cyber Threat Management
- Data Management Strategy (Access Controls, DLP)
- Executive Communication
- Governance, Risk, Compliance (PCI, GDPR/CCPA, SOX)
- Information Security Consulting
- Incident Management
- Network Architecture/Data Flow
- NIST Cyber Security Framework
- Program/Project Management
- Relationship Management
- Risk Management Framework/Gap Analysis
- Security Assessment/Remediation
- Security Engineering
- Security Operations
- Vendor Management (Right To Audit/Pen Test, Cloud Security)
Vice President Information Security Consultant
- Coordinate with Project Managers and Technical teams to manage clients’ expectations and demands while maintaining good client relationships
- Ensure existing and new applications onboard & maintain minimum required information security control, manage any exceptions associated with remediation efforts
- Ability to operate independently to provide domain area functional and technology leadership
- Application and hardware network architecture consulting for internally/externally hosted applications, including but not limited to on-prem, multi-tenancy and/or cloud solutions (IaaS, SaaS, PaaS).
- Enterprise wide information security policy and procedure consultation and escalation.
- Recommend process improvement initiatives to reduce negative impacts to external and internal partners.
- Strong understanding of KPIs relevant to the role, suggest innovative solutions to increase metric resilience
- Understands and uses SDLC methodology, eg Agile, DAIC, Waterfall
- Work closely with internal/external auditors regarding the global application security review process.
- Liaise with internal stakeholders in partnership with external vendors to determine cybersecurity posture, anticipate required solutions pursuant to regulatory requirements.
- Create internal training program with governance routines, also focused on information security training for less experienced new joiners and stakeholders interested in receiving a virtual roadshow.
- Maintain training documentation and videos for self-service (sustainment).
Information Security Engineer
- Develop roadmaps and participate in the standards process for IAM solutions
- Serve as privileged access management (PAM) SME to identify gaps with Windows and Unix systems
- Integrate within various workstreams to promote out-of-band (OOB) IAM privileged account management solutions for Windows and Unix based systems.
- Drive RBAC initiatives and discussions as leadership delegate
- Assist with metric creation to effectively measure privileged access in the global environment in partnership with senior leaders
- Manage OOB privileged account remediation sustainment, & control standard efforts sourced from various senior infrastructure leadership members.
- Ability to lead large groups as primary facilitator
IT Business Analyst
- Manage third party product Symantec ESM/CCS through evaluation of scan data, tracking findings to remediation with support from senior leadership
- Provide support for OS/database/application related risk and compliance issues, assist with analysis and product security issues
- Maintain availability, integrity, and confidentiality of all Confidential computing environments, web, networks, systems, and information assets encompassing 100,000+ systems.
- Assist with application owner compliance scanning enrollment and web portal technical support.