SUMMARY:

• More than 15 - years in Information Technology, Information Security, and I.T Internal Audit.
• Infrastructure Security Architecture Analyst working in the Security Architecture - CISO group at Fiat
• Responsible for analyzing new and existing Information Technology for secure architectures.
• Responsible for implementing a secure architecture for the Advanced Driving Assistance Systems project.
• Associate Director in the Business Security and Automation group with responsibilities for the Development Operations (DevOPs), Network Operations Center (NOC), Enterprise Logging and Monitoring (ELM), and Incident Management teams.
• Worked with large companies in the educational, energy, financial, banking, transportation, educational and retail sectors and possess experience in PCI and ISO 27001/2 assessments.

SKILL:

Privacy

ISO 27001/2

PCI Compliance

Project governance

Incident management

Vulnerability Assessments

Retail IT Security Services

Third Party Risk Assessments

Compliance and Risk Assessments

Information Technology Internal Audit

Mobile Device Management Assessment

Governance, Risk, and Compliance (GRC)

Business Continuity & Disaster Recovery Planning

WORK HISTORY:

Confidential, Auburn Hills, MI

Infrastructure Security Architecture Analyst

Responsibilities:

• Analyzed new and existing Information Technology for secure architectures using the SWIFT methodology.
• Implemented a secure architecture for the Advanced Driving Assistance Systems project.
• Advised on new security architecture initiatives whether on-premise or in the cloud.
• Recommended secure configurations for Google Cloud IAM.
• Recommended tools for Extract, Transform, and Load services.
• Assessed Google Cloud StackDriver and Cloud Audit log settings.
• Advised on the use of Customer Supplied Encryption Keys (CSEK), Customer Managed Encryption Keys (CMEK), and client-side encryption based on requirements.
• Analyzed Anthos hybrid-cloud, Cloud VPN, VPC Network Peering, Shared VPC, Partner Interconnect, Carrier Peering, and Direct Peering environments for security issues.
• Recommended the correct database based on business requirements for analytical, data-warehouse, time-series data, mobile data, strongly consistent database, and global Spanning databases.
• Recommended Google Cloud managed alternatives for Apache Spark, Apache Hadoop, PostgreSQL, Apache Kafka, Rabbit MQ, Redis, Apache Hive, Mongo DB, Apache Flink, Apache PIG, Apache Cassandra, Apache Hbase, Apache AirFlow, Apache Beam, and Java.
• Determined the correct database or storage implementation according to the business requirements of NoSQL, un-structured data, semi-structured data, structured data, relational, SQL, document database, catalog database, time-series, analytical, mobile, IoT data, transactional, or date-warehouse data.
• Assessed whether AutoML, SparkML, Cloud ML and BigQueryML should be used for Machine Learning implementations.
• Recommended Cloud Loadbalancing to distribute workload within and across regions. Recommended Cloud Content Delivery Networks (CDN) to distribute static data globally and reduce latency.
• Prevented SQL injection attacks and cross-site scripting attacks through the use of Cloud Armor.
• Determined the implementation of App Engine Standard, App Engine Flexible, or Kubernetes Engine based on custom container and language specific sandbox business requirements.
• Recommended the storage of data in Multi-regional, Cold-line, or Near-line storage based on business requirements.
• Recommended the use of AutoML Vision Object Detection, Vision Edge - Image Classification, Vision Edge - Object Detection, Video Intelligence Classification, and Video Intelligence Object tracking based on the business requirements to analyze images and/or video of autonomous driving vehicles.
• Optimized databases by preventing hot-spotting issues due to the use of timestamps early in keys, use of sensor ID first, use of Key Visualizer heatmap, use of a row key-design that adequately distributes read/write loads for a given query pattern, keeping the data of the natural key in the table but using a hash of the natural key as the primary key, avoiding the use of auto-incrementing primary keys, avoiding the use of sequential names/time-stamps, and the use of read replicas to reduce the load.
• Eased cloud migrations by recommending the use of the Google Cloud Transfer Appliance, gsutil, or Google Storage Transfer Service based on business requirements.
• Recommending the use of Cloud Dataprep to analyze the quality of raw data and understand the distribution of data in a data lake.
• Recommended the use of Cloud Dataflow to transform and perform stream and batch processing of late-arriving data.
• Recommending the use of CloudPubSub Connector and Kafka Connect to share data from on-premises pipelines that use Kafka with GCP data pipelines.
• Utilized Confluence to collaborate on Autonomous Driving project document
• Performed daily Agile Scrum stand-ups to review any blockers to the projects and update the status in Atlassian Jira

Confidential, West Des Moines, IA

Associate Director (Security and IT Project Manager)

Responsibilities:

• Management of the Development Operations (DevOPS), Enterprise Logging and Monitoring (ELM), Network Operations Center (NOC), and Incident Management teams.
• Led Change Advisory Board (CAB) meetings and a Member of the Change Advisory Board.
• Created 24*7*365 NOC team.
• Created ELM team.
• Centralized logging and monitoring throughout the Enterprise.
• Customized dashboards for Executives and various stakeholders.
• Automated jobs and application development.
• Centralized tools such as Paessler Routing and Tracing Grapher (PRTG), SolarWinds, GrayLog, Grafana, Kibana, Pingdom, etc.
• Conducted morning stand-ups in a Scrum manner that reviewed the existing backlog on Atlassian Jira.

Confidential, West Des Moines, IA

Security Project Manager

Responsibilities:

• Project management of more than 40 projects for the DevOPs, Security Operations (SecOPs), Business Continuity, Disaster Recovery, System Access, and Identity Access Management groups for the Business Security and Automation team.
• Led CAB Meetings and a member of the CAB. Wrote policies based on ISO 27001/2.
• Developed the Business Security Automation roadmap.
• Created project score cards that includes Gantt charts, overall project rating, scope rating, schedule rating, milestones completed, next immediate milestone, prior week’s activities, and plans for the week, blockers, backlog items, and budget rating.
• Worked with BCP and DR Manager and Leads to strengthen BCP and DR testing plans, post-mortem analysis, BCP and DR process flows, strengthen the process flows with Incident and Crisis management and assisted in BCP and DR table-top exercises.

Confidential, Chicago, IL

Senior Associate, Cybersecurity and Privacy, Risk Assurance

Responsibilities:

• Worked with large institutions in the educational financial, banking, transportation, energy, and retail sectors.
• Performed Cybersecurity and Risk Assessments.
• Led Mobile Device Management Assessments; participated in ISO 27001/2 assessment; assessed the ISO 27001 posture of a Fortune 500 company.
• Analyzed IT Security architectures; managed Third Party Risk Assessments.
• Performed NIST Cybersecurity Maturity, Gap and Risk Assessments.
• Audited management of Network Devices.
• Managed Threat and Vulnerability Management Assessments.
• Assessed project governance.
• Audited the management of Mobile Devices.
• Assessed Privacy programs.
• Performed compliance and risk assessments.
• Assessed developed and created Privacy programs.
• Analyzed incident management.
• Assessed business continuity and disaster recovery planning; knowledge of SOX, HIPAA, HITRUST, GLBA, and other compliance regulations; assessed Governance, Risk and Compliance.
• Created information security policies and procedures.
• Worked with large companies in the retail, financial, transportation, energy, non-profit, utility, banking, and executive recruiting sectors.
• Worked with various clients in the creation of BCP and DR strategies, BCP and DR roadmaps, Enterprise risk registries, Incident Response Policies, Incident Response Plans, Incident Response procedures, emergency service lists for vendors, vendors risk profiles, BCP and DR metrics, BCP and DR table top discussions, detailed outage plans, post-mortem BCP and DR test analysis, BCP and DR process flow diagrams, Root cause analysis procedures, and incident management escalation process flows.

Confidential, Hoffman Estates, IL

Information Security Technologist

Responsibilities:

• Wrote and routed policies.
• Worked with vendors to secure the infrastructure.
• Reviewed and re-wrote policies, approved information security policy exceptions.
• Worked with Senior Management to review policies; reviewed Business Requirements Documents; reviewed Architectural Design Documents.
• Created Management action Plans.
• Created security procedural document created security requirements documents;
• Led Information Security Initiatives through the Corporate Infrastructure.
• Promoted Information Security awareness; supported the Information Security roadmap.
• Led critical Information Security initiatives throughout the Enterprise.
• Provided leadership in project delivery and critical communication to stakeholders for key programs and initiatives.
• Assisted in any possible remediable for all audits or investigations performed for or affecting Information Technology.
• Researched and recommended security tools and techniques needed to protect information assets and infrastructure.
• Provided functional support for Enterprise projects in areas of security design.
• Developed strategic security policies and made strategic decisions regarding the area of Information Security that utilized guidelines from ISACA, ISC2, CERT, SANS, ISO, and NIST.
• Developed Information Security Strategy and manage relationships with Information Systems Management, Business Unit leadership, operational teams, and steering groups.
• Worked with project managers and support teams to ensure proper project definition, execution and support exists.
• Served as Enterprise-wide Information Security consultant.
• Monitored advancements in Information Security technologies.
• Monitored changes in legislation and accreditation standards that affect Information Security and Privacy.
• Initiated, facilitated, and promoted activities to foster Information Security awareness globally within the company.
• Worked with Executive Management to finalized policies.

Confidential, Seattle, WA

Information Technology Audit Principal, Internal Audit

Responsibilities:

• Participated in 2012 SOX audit.
• Assessed the Nordstrom Infrastructure from an ISO 27001 perspective.
• Examined Human Resources Information Security, Organization of Information Security, Physical and Environment Security, and Information Security Policies for Nordstrom Inc., Nordstrom Federal Savings Bank, Hautelook (Nordstrom owned), and Jeffrey (Nordstrom owned).
• Assessed the HSM PIN Pad devices for PCI compliance.
• Participated in the 2013 and 2014 PCI audit.
• Participated in Off Line Off Price (OLOP) audit.
• Completed and reviewed work papers, signoff on work papers.
• Created audit plans, created detailed testing steps, recorded observations, tracked management action plans in TeamMate software.
• Participated in the Business Intelligence program.
• Created visually compelling audit reports for Executive Management.
• Acted as the Information Security consultant for the I.T. audit team.
• Performed risk assessments for Information Security audits.
• Participated in Enterprise Risk Management activities from an Information Security perspective.
• Performed ISO 27001 audits surrounding Structured and Un-structured data, PCI, Penetration testing, Communications and Operations Management, Information Systems Acquisition and Business Continuity Planning.
• Provided Quarterly Information Security audit updates to Executive team.

Confidential, IL

Systems Administrator

Responsibilities:

• Maintained smooth operation of multi-user computer systems.
• Administered Lotus Notes and Exchange email servers and standard application software products; interacted with users.
• Coordinated installation with vendors and/or technicians; train internal users; troubleshot Lotus Notes, Exchange, and email migration issues.