Sr. Information Governance Architect
- Formulating information security policies across the enterprise.
- Ensuring compliance with IT SOX audits.
- Ensuring compliance with IT SOC1 audits.
- Working with third - party vendor to complete SOC2 Type II reports.
- Maintaining ownership of the development, compliance, and exceptions to information security policies, standards, and procedures.
- Working closely with IT to implement new security measures.
- Evaluating security measures against performance goals and drive any necessary changes.
- Evaluating new products before going into production.
- Performing risk analysis for corporate functional and technical areas relevant to information security.
- Formulating annual Business Continuity and Disaster Recovery Plans.
- Conducting annual Crisis Test.
- Responsible for CCPA/CPRA implementation.
- Ensuring security compliance with various government and financial regulatory bodies.
- Third-party risk management.
- Developing strategic and operation information security plans.
- Providing guidance on security architecture.
- Creating solutions to meet business requirements by evaluating emerging technologies and making strategic technology recommendations.
- Lead the design and recommend requirements for the overall security infrastructure by raising awareness of security concerns with business units.
- Planning, coordinating and implementing security measures to safeguard information systems across the enterprise.
Sr. Information Security Manager
- Managed an information security team that was responsible for information security operations. Tasks included running vulnerability scans and facilitating remediation of findings, conducting phishing campaigns, incident handling, financial and regulatory compliance, and third party risk management.
- Formulated new information security policies and procedures that were communicated and used across the enterprise. These policies and procedures include information security protocol, phishing campaigns and annual security awareness training.
- Implemented a new risk management program across the enterprise based on the NIST cybersecurity framework. This risk management program was used to identify areas of IT risk and once identified, a plan was put in place for the closure of the risk exposure or findings. These exposures or findings were put into a risk register to track and remediate.
- Formulated a plan to conduct third party risk management assessments of third party vendors. This program allowed the company to identify information security vendor weakness. If any material vendor weaknesses were identified, a plan would put in place to remediate these weaknesses.
- Responsible for conducting project reviews. During these project reviews, areas of risk were identified. If areas of concern were found, remediation recommendations were made to the project team.
- Prepared monthly information security reports for executive leadership and quarterly information security reports for the board of directors. These metric reports included areas of IT risk as well as areas where improvements can be made to close risk exposures.
- Responsible for formulating an annual budget for staffing, capital and operational expenditures during budget planning.
- Responsible for giving presentations at the company’s annual conference. These presentations included speaking to financial advisors about information security threats and vulnerabilities in their office environments.
Sr. Information Security Officer
- Provide technical expertise for the resolution of information security issues.
- Responsible for writing, developing and implementing information security policies, standards, methods, procedures, and monitors compliance across the enterprise.
- Responsible for performing procedures needed to ensure the safety of information and assets and to protect systems from intentional or inadvertent access or destruction.
- Responsible for investigating, documenting and resolution of security related incidents.
- Responsible for conducting complex security related third-party assessments as part of the Information Security programs and processes.
- Lead large complex initiatives and participates in large IT security initiatives across the enterprise.
- Proficient using the ARCHER risk management system.
- Solved large complex technical and operational security problems across the enterprise
- Formulated information security requirements for projects and clients.
- Handled business impact risk assessments for software applications and systems.
- Responsible for documenting findings and formulating remediation plans for non-compliant security related issues.
- Responsible for formulating web application assessments and formulating on-line security policies.
- Worked with the Security Operations Team to remediate scan vulnerabilities.
- Ensured that the enterprise complies with appropriate security regulatory requirements.
Sr. Network & Security Engineer - Team Lead
- Explosive growth within the IBM e-business Services inbound delivery model, necessitated the implementation of a highly specialized support organization with the primary focus of reducing or eliminating downtime due to failures at the server and network level.
- Growing from 30 employees to over 500 in the space of two years, made it necessary to provide technical support, I/T integration development, project management, of Centers for e-business Innovation.
- Responsible for the day to day management of 20 network and security engineers in various countries.
- Worked with network security team to install, connect, and operate firewall hardware and software in a lab environment.
- Daily activity includes troubleshooting of Cisco devices such as Switches, Routers, and Hubs.
- Maintained the LAN/WAN connectivity, monitor and provide necessary security on Cisco and Juniper routers and switches.
- Installed and managed DNS, DHCP, LAN/WAN, Print Service, Web and mail Server and performed remote administration.
- Responsible for designing, installing, configuring, implementing and trouble-shooting Cisco Identity Services Engine (ISE).
- Worked on implementing the IBM Cloud in various data centers around the world.
- Lead role in ensuring network security and penetration testing for our global organization.
- Worked with load balancer products such as Alteon, F5 LTM and GTM, and Bluecoat SG900.
- Responsible for global network monitoring (SNMP) and global troubleshooting using such products as Wireshark. Routers, (Cisco 2600, 2800, 7200 and 3800 series), Firewalls, F5 Load balancers, etc.
- Responsible for service request tickets generated by the helpdesk in all phases such astrouble-shooting, maintenance, upgrades, patches, fixes, and all around technical support.
- Perform penetration testing and ethical hacking with hands-on experience of 6 years.
- Perform Site Surveys, and provide documentation for Cable Company.
- Responsible for running vulnerability scans using Qualys and NMAP.
- Settings of the networking devices (Cisco Router, switches) co-coordinating with the system/network administrator during any major changes and implementation.
- Involved in L2/L3 Switching Technology Administration including creating and managing VLANs, Port security, Trunking, 802.1Q, STP, InterVlan routing, LAN security.
Environment: Routing Protocols (EIGRP, OSPF, BGP), Switching protocols (VTP, RSTP), Site to Site VPN, Remote Access VPN.