SUMMARY

• Seasoned information certified security professional with experience and expertise in the following areas: information security, incident management, infrastructure and operations, disaster recovery and business continuity, risk, threat and vulnerability/threat assessments, audit and project management.
• Highly motivated, results - oriented, self-starter with a solid background designing, integrating, securing and managing small to large scale information technology systems and projects. Strong experience leading and managing high performance teams, budgets, contract negotiations, vendor management/relations, departmental operations, regulatory requirements and industry standards (SOX, PCI-DSS, FISMA, NIST, FDA, HIPAA, SOC I/II Reports, Safe Harbor and EU Data Privacy Laws).
• Balanced background of technical managerial experience and education. Experienced on how to translate business strategy with GRC objectives. Clear identification of critical success factors for the business strategy, and developing a clear understanding of the organization’s key risks based. Project manager leader for many multi-billion dollar mergers, acquisitions and divestitures (Seagram’s, Allied Domecq, Absolut, Wild Turkey, Yoo-Hoo, Orangina and Schiff).

TECHNICAL SKILLS

• Extensive working experience procuring
• configuring
• implementing and administering the following products and technologies: Microsoft Systems (including Active Directory
• Exchange
• all versions of Windows Operating Systems
• Exchange
• SharePoint SQL and MS Office)
• Linux
• Cisco Products (including ASA
• routers
• switches and wireless access systems)
• SAN/NAS systems (EMC
• HP & NetApp)
• Checkpoint firewalls
• Nokia Security Appliances
• Bluecoat Proxies
• SolarWinds
• HP Openvew
• Tenable Products (Nessus)
• Zix
• Metasploit
• Backtrack
• Wireshark
• Guidance Software (Encase)
• RSA Envision
• Rapid 7
• Beyond Trust
• Nmap
• Nexpose
• IBM AppScan Web
• Burp
• Kismet
• Aircrack-ng
• Postgres
• Web scarab and some scripting
• packages (BASH
• Ruby on Rails and Perl)
• Websense
• Trend-Micro
• McAfee
• Symantec
• Hyena
• SekCheck
• Quest Security Explorer
• Active Administrator
• AD Info
• VPNs
• and IDS/IPS and SIEM systems
• Experience working with most Mobile Device Management software packages.
• UDP
• HTTPS
• SMTP
• DNS
• SSL/TLS
• IPSEC and PKI)
• encryption and cryptography standards
• network topologies
• ethical hacking
• sniffers and forensic analytical tools

PROFESSIONAL EXPERIENCE

Confidential, Parsippany, NJ

Information Security Officer

Responsibilities:

• Senior security manager in charge of protecting the assets of a $42 Billion global fast moving commercial goods (FMCG) manufacturer (17 on the UK FTSE).
• Develop, implement and monitor a strategic, comprehensive enterprise information security and risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization; maintain this corporate wide information security program to ensure that information assets and data are adequately protected and compliance is upheld.
• Project manager on all security aspects during the project lifecycle; provide guidance and advisement from project initiation to post implementation phases (worked to successfully implement over 50 projects.
• Manage security incidents, confidential matter and events to protect corporate IT assets, including intellectual property, fixed assets and the company's reputation;analyze trends and analysis and develop metrics and KPIs for executive reports (Manage 5 direct global security analysts). Utilize Threat modeling techniques and fundamentals (e.g. STRIDE, DREAD and FAIR); recommend countermeasures to management.
• Develop, communicate and ensure compliance with organizational security policies, procedures, standard operating procedures (SOPs) and standards; proactively work with individual business units to implement practices that meet defined policies and standards for information security.
• Work directly with the global infrastructure architects to develop, design and implement new technologies and solutions.
• Monitors, reviews, revises and improves the use of global policies, standards and guidelines for infrastructure and security platforms, tools, services, and frameworks.
• Works closely with peer infrastructure, application engineer and technical leads to define architecture, in the areas of integrations, information architecture,and applications.
• Collaborates and provides mentoring and advisement for infrastructure security architecture methodologies.
• Research and develops an overall infrastructures architecture strategic roadmap of improvements to the IT landscape (evaluation of new security technologies and new opportunities).
• Works closely with the infrastructureglobal team to improve system health monitoring capabilities and to providing performance tuning solutions.
• Actively contributes to the strategic systems planning process for new business initiatives.
• Drive all aspects of the vendor risk assessment process including vendor manager communications, report generation, and gap remediation tracking (substantial experience developing a secure architecture with cloud vendors including Saas, Iaas and Paas).
• Work closely with the IS teams to address vulnerabilities discovered from penetration testing activities.
• Create and manage information security and risk management awareness training programs for employees, contractors and approved system users.
• Work directly with business units to facilitate IT risk analysis and risk management processes; identify acceptable levels of risk, and establish roles and responsibilities with regard to information classification and protection.
• Provide subject matter expertise to executive management on a broad range of information security standards and best practices, such as ISO 27000, EU DPD and PCI-DSS.
• Coordinate the performance of internal and external network and systems vulnerability assessments.
• Overall responsibility for business continuity/business recovery planning and preparedness; work with business teams to ensure testing and compliance is completed.

Confidential, Middletown, NY

Director, Information Security

Responsibilities:

• Information Security Department Manager in charge of developing the foundation of information security policies, procedures and implementing the appropriate systems and tools to address security issues.
• Performed ongoing vulnerability assessments of all healthcare systems and worked closely with the infrastructure and application departments to develop remediation strategies.

Confidential, Stamford CT

Senior Security Engineer

Responsibilities:

• Conduct extensive internal and external penetration/vulnerability testing on infrastructure, application and wireless security, and risk assessments on distributed networks.
• Analyze, create, review and update issues related to information technology policy, procedures; perform technical and legal research, and report findings.

Confidential, Stamford CT

Information Security Manager

Responsibilities:

• Oversees the overall network security of the enterprise and develop, maintain, and advance the security posture of the company.
• Apply, change, revoke and periodic review of end user access to all applications (healthcare and financial), file servers, VPN access, Internet, and Active Directory.

Confidential, Purchase NY

Senior IT Security Manager

Responsibilities:

• Primary responsibilities are to provide effective leadership, management and oversight of the following functions: information security policies and procedures, operations, infrastructure and application change management, disaster recovery, business continuity and project management.
• Assess existing and potential risk and determine consistency with directives of corporate information security policies and industry best practices.
• Identify and evaluate information security risks and communicate findings to senior management; develop and implement security standards, procedures, and guidelines for diverse platforms and systems.
• Monitor and respond to security alerts and incidents; devise and implement mitigation techniques and strategies.
• Review the development, testing, and implementation of security plans, products, and control techniques; evaluate the effectiveness of information technology systems controls. Provide security and project management services on highly complex information security projects and issues.
• Identify security risks to the organization and ensure that appropriate data security procedures and products are implemented. Review security controls to ensure compliance with policies, standards, procedures, and other regulatory and legal guidelines.Primary lead for all E-Discovery initiatives; work closely with internal and external legal business partners.
• Educate employees on security-related best practices and awareness

Senior Network Administrator

Confidential

Responsibilities:

• Designed, configured, and administered the US based network infrastructure for a multi-billion dollar 1500 node international company.
• Responsibilities included direct management: LAN, WAN, server farms (NAS/SAN), firewalls, switches, access points, datacenters and communication systems. Researched, pilot-tested, upgraded and implemented Active Directory infrastructure (forests and trees) and clustered messaging systems. Implemented highly available network systems; Service level agreements increased to 99% within a 3 year period.
• Project Leader for 5 major mergers, acquisitions and divestitures: Seagram’s, Yoo-Hoo, Allied Domecq, Absolut (V&S Spirits) and Wild Turkey. Improved external and internal auditing results for all network-related systems within a 2 year period; external and internal audits performed bi-annually.
• Project leader for major network migrations and large scale projects; manage all aspects of projects including developing charter, requirements, budgets, project plan, execution and close out.
• Managed the company’s network disaster recovery projects; developed and authored the company’s business continuity procedure manual.

Confidential, NY, NY

Senior Network Engineer

Responsibilities:

• IT Project leader for major merger between Confidential, St Luke's and Roosevelt Hospitals.
• Researched, designed, and managed a multi-million dollar Novell ZENWorks and Y2K project.

Confidential, NY, NY

Senior Security Analyst

Responsibilities:

• Administered and regularly audited network and security systems for the $10 billion company in a multi-server environment with 1,000 employees.
• Prepared policies, procedures, and detailed reports on network security auditing.