We provide IT Staff Augmentation Services!

Director, It Security Resume

San Jose, CA

SUMMARY

  • My skill set in Information/Cyber Security includes creation of Security Policies, Procedures and Plans, auditing, risk assessment, hands - on network routing and switching, troubleshooting, monitoring, management activities and working with a variety of security software tools in Windows and NIX environments with two factor authentication (PKI - CACs - smartcards).
  • My work has involved reviewing, updating and creating Security Policies, Procedures, Standards and Plans. Work included active directory security policy and auditing, vulnerability audits/assessments, Pen-Tests, HIPAA/HITRUST/HSR and network infrastructure.
  • Used security tools such as IDS/IPS, SEIM (Symantec Endpoint Protection), AlienVault, FTK (Forensics Tool Kit), Tripwire and inter-connections. Played a key role in assisting with the security education and training of process/control owners for their understanding of ISO 27000 series and NIST 800-53 security controls by conducting detailed analysis and presenting results to information security management teams. Coordinated SOC and SSAE compliance/reports.
  • Designed and conducted user Security Privacy and Awareness Training.
  • As a CyberSecurity Manager, I led an incident handling team and worked with incident analysis/remediation/forensics on a daily basis, coordinating with Network Operations, DataCenter and the Helpdesk. Coordinated with Project Managers, Network Operations, Data Center Operations and Information Assurance Teams using ISO 27000 principles, standards for PCI/SOX/DSS, etc. and guidelines on risk management/analysis (Risk Assessment) for the identification, assessment, and prioritization of risks (ISO 31000) followed by application of resources to minimize, monitor, and deal with the impact of security events.
  • Provided oversight for vulnerability scans (Retina and Nessus) and worked with security tools such as Symantec Endpoint Protection, AlienVault, McAfee, InMon, FortiAnalyzer, etc. for security information, event management and IDS/IPS.
  • Responsibilities included managing, monitoring, analyzing, improving and troubleshooting security systems.
  • Created and worked with Disaster Recovery and Business Continuity Plans.
  • Managed virus protection program for prevention, detection and elimination of viruses.
  • Participated in Compliance and Risk Assessment programs.
  • I meet requirements of the National Information Assurance Training Standard for Senior Systems Managers (CNSSI 4012) certification and the standards for the National Training Standard for Information Systems Security (INFOSEC) Professionals and System Certifiers (NSTISSI 4011 and 4015 certifications). DoD IAT/IAM Level III. CNDSP Analyst/Incident Responder/Auditor/Support.

PROFESSIONAL EXPERIENCE

Director, IT Security

Confidential

Responsibilities:

  • Designed Security Program including creation of over 100 Security Policies for HIPAA/NIST Compliance.
  • Conducted Security, HIPAA/HSR, HITECH internal risk assessments and audits.
  • Created Security Privacy and Awareness Training Policy and slide sets.
  • Created SDLC document to include security and mobile application considerations.
  • Developed Risk Management Policy including Risk Assessment checklists.
  • Assisted research for HITRUST CSF Certification.
  • Worked with Vendor security checklists and created Vendor Security Policy.

Confidential, San Jose, CA

Network Security Analyst

Responsibilities:

  • Created and built the Security Architecture including a Corporate Information Security Program including all Policies, Procedures and Plans to include HITRUST and HIPPA regulations/standards.
  • Conducted Security, HIPAA/HSR, HITECH internal risk assessments and audits.
  • Developed HR Policy and Procedure.
  • Created Security Privacy and Awareness Training Policy and slide sets.
  • Created SDLC document to include security and mobile application considerations.
  • Developed Risk Management Policy including Risk Assessment checklists.
  • Assisted research for HITRUST CSF Certification.
  • Worked with Vendor security checklists and created Vendor Security Policy.
  • Created over 90 Policies and Procedures including Remote Access (VPN) Policy.
  • Assisted with Vulnerability scans and Pen-Tests.
  • Assisted with AlienVault.
  • Worked with SOC/SSAE compliance and reports.

Confidential, Pleasanton, CA

Cyber Security Analyst

Responsibilities:

  • Reviewed audit findings and worked on testing/remediation. Used Tenable Security Center to run Nessus vulnerability scans against network devices and servers.
  • Involved with PCI, NIST, HIPPA & ISO security controls. Conducted a Major Policy Review/Update Project. Conducted Audit Finding Pre-Tests for remediation.
  • Engaged in Business Continuity Plan/Disaster Recovery Plan updates and simulations.
  • Coordinated with LAN Engineers for network security.

Confidential, Santa Clara

Sr. Information Security Officer

Responsibilities:

  • Provided Information Security Program oversight and technical reviews (security technical writing). Processed security vulnerability scans from Homeland Security and the FBI.
  • Updated and provided information security guidance, reviewed and monitored security plans/bulletins, and communication to CIO on Information Security Project activities.
  • Used Zscaler and SEPP. Conducted CSET NIST 800-53/ISO 2700x Compliance Assessments/Audits. Created City Information Security Plan, CIRP and Auditing Policy. Updated Security Policy and Procedure documents.
  • Worked with Network Engineers on CISCO ASA, etc.

Confidential, Pleasanton, CA

IT Information/Network Security Consultant

Responsibilities:

  • Worked with Druva, WinMagic, Symantec ESM, McAfee, CA PIM and other security tools.
  • Created Corporate Security standards and authored Policy/Standards review/updates (security technical writing).
  • Assisted with security incidents, information security training and knowledge transfer to employees.

Confidential, Monterey, CA

CyberSecurity Manager

Responsibilities:

  • Completed DIACAP/RMF processes for ATO. Created Security Policy and review/updates.
  • Used FortiClient, InMon, Symantec (DLP), FTK, Project Management, Incident Handling (FortiAnalyzer), Retina and ACAS Scanning. Managed four Security Incident Handlers.

Confidential, Columbus, OH

IA Security Analyst/Incident Handler

Responsibilities:

  • Responsibilities included detecting, opening and closing incidents.
  • Utilized 15 secure accounts for IS/CND defense in depth such as ArcSight Logger, HP ESM, McAfee (HBSS, ePO, etc.), Websense, IBM WebSphere, Symantec, Juniper, & CheckPoint.

Confidential

Information Systems Security Engineer

Responsibilities:

  • Responsible for technical/security information for DIACAP, participated in all lifecycle processes, site & system security assessments, DRP, BCP, Security Test and Evaluation (ST&E), IA and C&A Validations.
  • Worked with DOD 8500 series, NIST 800-53, ISO 2700x and others.

Hire Now