Chief Information Security Officer Resume
4.00/5 (Submit Your Rating)
SUMMARY:
- me is a certified information security professional with a background in systems and network engineering.
- My experiences are diverse; ranging from creating and leading an information security program for a high performance computing center and statewide research network
- Managing operational security for an international retailer, and designing security architecture for cloud based medical applications.
PROFESSIONAL EXPERIENCE:
Confidential
Chief Information Security Officer
Responsibilities:
- Lead strategic direction and build program for information security.
- Reduced high and critical vulnerabilities by 40%.
- Implemented Risk Assessment program for HIPAA/HITECH.
- Develop metrics and improve compliance status for Payment Card Industry (PCI) requirements.
- Implemented Vendor Risk Management processes.
- Prepare presentations for the Board of Directors.
- Function as an advisor on risk for the executive leadership team.
Confidential
Associate Director Cloud Security Architecture
Responsibilities:
- Created security architecture for CTS Healthcare solutions in the cloud.
- Engaged with clients to design approved architecture for cloud services.
- Met HIPAA compliance objectives, performed Governance, Risk, and Compliance (GRC) fucntions.
- Build out and test security controls.
- Scan for and work with teams for remediation of vulnerabilities.
Confidential
Manager, Information Security
Responsibilities:
- Responsible for approximately $5 Million operational budget plus additional budget related to capital projects.
- Lead information security team to complete security operations portfolio.
- Lead Vulnerability management process and remediation efforts with cross functional teams.
- Communicate with business stakeholders for information security matters.
- Conduct and lead penetration tests
- Mentor staff interested in information security for staff mobility.
- Work with external and internal council for response plans and privacy concerns
- Update and maintain information security tactical plan and roadmap.
- Implemented network segmentation for cardholder data environment.
Confidential
Sr Security Analyst - Security Operations Lead
Responsibilities:
- Evaluated, selected, and implemented vendor for Managed Security Services.
- Investigate and respond to information security incidents.
- Supervise consultants, interns, and direct reports.
- Create custom searches and dashboards in log management and aggregation platform for information security team.
- Create project justification forms for annual capital expenditure projects in information security
- Implemented Active Directory Services for implementation into Voice over IP environment.
- Provide assistance, advice, and architectures to achieve PCI compliance.
Confidential
Security Analyst
Responsibilities:
- Implemented enterprise PKI for internal applications for ease of management and increased security.
- Transitioned and updated vulnerability management tools and processes.
- Reviewed, selected, and implemented vendor for endpoint security solutions for the entire enterprise (Data Loss Prevention, Encryption, Antivirus).
- Analyze and review firewall logs and with brand protection and loss prevention to secure Ecommerce environment.
- Updated security policies and risk assessment for PCI and SOX compliance.
- Performed wireless penetration test for stores wireless environment and routine vulnerability scans.
- Implemented Data Loss Prevention for network stored data at rest.
Confidential
Information Security Officer
Responsibilities:
- Built an information security program.
- Worked with General Counsel for the Ohio Board of Regents with regards to information security matters.
- Built relationships with other Ohio based Higher Institutes.
- Consulted for other State of Ohio Agencies on matters of information security.
- Served as a member of the State of Ohio Data Protection Subcommittee for implementation and guidance for Ohio Revised Code relating to privacy and security.
- Reduced internally and externally facing vulnerabilities through vulnerability scans, penetration testing, and team remediation meetings.
- Conducted operational risk assessment to enumerate assets and threats to the assets.
- Utilized intrusion detection systems for awareness of internal security threats.
- Managed the transition of multiple state organizations to a unified network and security platform creating a more manageable and efficient service.
- Communicate and train employees in security policy and security awareness.
Confidential
Systems Developer/Engineer
Responsibilities:
- Setup and administrated management system for Ohio’s Third Frontier Network. Negotiated pricing from vendors and obtained a 50% matching grant from Sun Microsystems for hardware and maintenance.
- Assisted with management and design of OARnet co-location facilities.
- Provided systems administration consulting services for OARnet customers.
- Administrated and responsible for day-to-day maintenance of UNIX machines, reduced service related trouble tickets.
- Installation and support of IP Telephony and VPN solutions.