SUMMARY

• Proactive, Analytical, Seasoned Professional with an extensive & broad background in IT which includes over 12 years hands on experience in Information Security Governance, System Risk Assessment, User Account Governance, Security Architecture, Business Continuity, Incident Response and Vendor Risk Assessment.
• Service Oriented, Solution Provider and Expert Problem Solver with a specialty in Operations and Process Improvement.
• Innovative Strategic Thinker with a working knowledge of multiple IT domains including Change Management, Disaster Recovery, Database Design, Network Security, Desktop Support, Cyber Security, Compliance & Risk Management.

PROFESSIONAL EXPERIENCE

Confidential

Information Security Officer

Responsibilities:

• Perform (HIPAA, System & 3rd Party) Risk Assessments and SOX Compliance testing and reviews. Manage all matters related to Information Security within department including reporting of security exceptions, incidents & violations as well as implementing security awareness programs. Create departmental security policies and procedures for systems, processes and operations in conformance to corporate policies and practices. Oversee all departmental Information Security Operations & System Account Governance matters.
• Strategic Planning: Participate in Strategic Planning meetings as Subject Matter Expert for security related dept. operations and improvement activities.
• Security Liaison: Security Liaison between department’s 75 third party partners & vendors and Corporate IS.
• Coordinator: Coordinate all aspects of 3rd Party Security Reviews and action item remediation. Work in cooperation with NYL's CISO and Information Security Department to review and ensure proper 3rd Party controls and a secure operating environment for the BU. Coordinated, triaged and participated in over 150 Third Party and System based Security Reviews.
• Consultant: Advise and educate both internal users & external partners on IT Security Best Practices. Write articles for publication on the Intranet and in Departmental Newsletters raising awareness around IS Security matters.
• Create and Institute security policies, procedures and guidelines for the Business Unit / Division in accordance with Corporate policies and requirements. Knowledge of PCI DSS, ISO 27001, SSAE 16, HIPAA, SOX, HITRUST, NIST, FISMA, SIG regulations, standards, frameworks, assessments and/or audit reports and/or tools.
• Penetration Testing: Review Pen Test results and work with vendors and partners to remedy critical issues. Conduct Penetration Testing of Web - based applications using IBM's AppScan when needed.
• Manage all hardware & software inventory and related budgets for the division.
• Webmaster: Manage department’s intranet website. Create content, write copy, post updates, determine site structure and report metrics. Manage and Oversee Intranet site development team (of 6) consisting of writers/bloggers, editors, QA testers, photographers, graphic artists and web developers. Train team in use of Vignette and Jive CMS Platforms.
• SharePoint Site Administrator: Develop and manage department’s SharePoint Site. Train users on SharePoint platform.
• Solution Provider: Use new and existing technology to provide solutions for more efficient business processes & operations. Identify and provide solutions tocomplex business and technical problems.
• Investigate, Diagnose, Resolve and/or Escalate IT related issues for users (~115 employees). Work with the Help Desk, Desktop Support team and all other IT department to resolve production issues. Provide backup Production Support for department’s mission critical production applications.

Confidential

Senior Network Engineer

Responsibilities:

• Managed & maintained LAN/WAN (NT/Novell/Cisco), Nokia/Sun/Checkpoint Firewall and Citrix's MetaFrame Servers in a PeopleSoft environment. Performed router configuration, troubleshooting and maintenance.
• Researched and evaluated emerging technologies for implementation in present environment.
• Designed, Developed and Implemented corporate network infrastructure. Configured DNS, File, Web & Exchange Servers. Disaster Recovery team member.
• Provided 2nd level tech support to the User Support/HelpDesk department & Jr level department members for escalated issues. Troubleshoot network connectivity issues and LAN application problems.
• Web Developer / Webmaster: Developed/Designed company’s first intranet site using DreamWeaver MX. Determined layout, platform and design for website. Wrote copy, developed tag lines and produced corporate intranet site. Managed & maintained company's web servers (IIS and OAS) and intranet/internet websites. Designed & Developed company directory database and web-based people search application using Oracle 9i, DreamWeaver and JSP technologies.
• Security Administrator: Designed Web Server and LAN Security Policy and Procedures. Managed, maintained, updated firewall configuration policy using Checkpoint NG and Nokia IPSO
• Corporate Trainer: Trained employees & HelpDesk staff on use of business applications and in networking & LAN admin concepts.

Confidential

MIS Manager / Systems Administrator

Responsibilities:

• Installed, managed and maintained multi-server 75 node Netware 4.x/Windows NT LAN.
• Recommended, evaluated and purchased all server & PC based hardware, software, & peripheral devices.
• Provided technical support for all employees (~125). Designed & implemented LAN to Internet access for company using ISDN & DSL. Set up Internet Proxy/Email Server. Developed and deployed company’s first intranet & internet websites on IIS.
• Corporate Trainer: Trained all employees (shop floor, executive & middle management) in desktop applications.
• Program Coordinator: Started company's Student Intern Program in cooperation with SUNY at Stony Brook, College of Engineering. Supervised / trained 25 student interns in repair & upgrade of PCs, help desk support, network cabling and administration.
• Business Analyst / Applications Developer: Worked with management to develop proprietary business applications using MS Access 97 for the Sales & Accounting depts. Composed requirements, developed specifications and designed a sales quoting application.
• Project Manager: Developed, coordinated & managed company's Y2K Program. Performed short & long range department planning. Created network infrastructure design, policies and procedures.
• Evaluation/Selection and Implementation project team member for company's new ERP system (Visual Manufacturing).
• DBA: Database administrator for company's ERP system using Centura's SQLBase database engine. Created reports using Seagate Crystal Reports.

Confidential 

Software Quality Assurance Engineer

Responsibilities:

• Monitored, reviewed and audited the software development process for all projects within the division.
• Reviewed & validated software products and documentation to ensure compliance to contract and specifications.
• Prepared bids in response to RFPs and tracked labor cost accounting information. Participated in design reviews.
• Received Secret Government Security Clearance.