SUMMARY

• Insightful, results - driven and self-motivated IT professional with natural leadership skillset - Excel at team-building, process improvement resolution and customer-business relationship -with core focus in bridging customer business and Information technology partnership.
• I have challenged myself to maintain a go-getter-attitude using balanced strategic thought process - I have utilized industry’s best-practices and accumulated diverse level of knowledge and experiences to complement and support my decision-makings to champion Information Cybersecurity challenges.
• Provide support to various teams on Corporate Information Security Governance to ensure compliance with various vendor applications to meet Information Security Standards, industry best practices, and various regulatory controls.
• Key contributor while participated in the development of Security Awareness Program, Event Management and Disaster Recovery Program, Vulnerability Management System and Identity Access Management Projects review of new technologies, designs, and remediation planning efforts.

AREA OF EXPERTISE

• Identity Access Management - IAM - Sail Point /IBM
• Project Management - JIRA/SCRUM
• RSA Authentication Manager
• Network and Security Systems
• IT Governance / Regulatory Compliance
• Internal Policy Development/Implementation
• Information Technology System Audits
• Risk Assessment / Varonis (UBA)
• Team and Project Leadership
• Active Directory (AD)
• Regulatory Bodies/ NERC-CIP/SOX/HIPPA
• IT Service Management - ITSM
• Data Integrity
• RACF/ACF/Top-Secret
• Disaster Recovery(DR)
• Business Continuity Plan(BCP)

TECHNICAL SKILLS

Tools: IAM Administrator - Access Provisioning Management

Platforms: Windows 7, 8, 10, Windows Server 2012, UNIX (Solaris, HP-UX), IBM (AIX), OS/390ZSeries/Enterprise Servers

Networking: LAN / WAN Administration, VPN, TCP/IPCisco Routers & Switches

Languages: C, C++, HTML, JavaScript Visual Basic

PROFESSIONAL EXPERIENCE

Cyber Security Technical Project Lead

Confidential - Stamford - Connecticut

Responsibilities:

• Attend project meetings to determination details and deadlines for project requirements.
• Work closely with Director and PM to develop project proposals, Documentation, SOW, budgets, project schedule, technical training vendor’s meeting schedules and weekly project status updates.
• Develop new technical procedures, Visio technical diagrams and PowerPoint Presentation for various project requirements.
• Manage and track the progress and quality of work being performed by development and implementation team, vendor support and other cross function teams within various business units.
• SCRUM Master for the development, fine-tuning and operationalization of SPLUNK Alerts (Use Cases).
• Manage project plans, resources and schedules, using MS Project tools -Monitor projects plans, work hours, budgets and expenditures
• Effectively communicate relevant project information to internal clients, director and project team
• Assist the PM in the review of Contractor quotations to ensure that only fair and reasonable pricing is recommended for approval
• Maintain high sensitive data regarding the project status and issues that may impact project internally and externally.

Sr. IT Security Specialist

Confidential

Responsibilities:

• Provide infrastructure administration experience supporting various UNIX with a hybrid network system.
• Provide technical administration support various technologies in authentication, authorization and access control domain, RSA Authentication Manager, Active Directory and TPAM and Tivoli Access Manager.
• Develop and maintain documentation procedures that aligns with internal policies and standards on an annually basis to effectively managed DR functions regarding risk management controls and mitigation for DR activities.
• SME for developing and executing testing steps necessary for a successful DR exercise, performed semi-yearly for Information Cyber Security Operations department.
• Serve as a Subject Matter Expert (SME) for the Cyber Security Operations team during DR exercises.
• Provide ongoing feedback for risk management, mitigation, and prevention, including reporting Disaster Recovery activities to management.
• Participated in the annual Disaster Recovery Mock-Audit Process Readiness.
• Coordinate with other support teams to ensure issues impacting tools and systems are resolved quickly and effectively.
• Participate in assessment for IT internal IAM programs and initiatives resulting in a roadmap for remediation
• Server as a consultant for internal business units to identity security gaps and weakness for technical and process gaps in client IAM programs based on best practices, industry process and technical standards, and regulatory/compliance requirements
• Partner with internal security teams to Identify and assess potential threats and weaknesses in existing IAM processes and procedures
• SME in providing solutions for governance of the identity lifecycle processes around roles/rules, monitoring access control processes to ensure they are effective, efficient, and in compliance with standards and control objectives
• Developing and documenting IAM standards and controls and implementing procedures to ensure defined standards and controls are operating effectively
• Developing support and sustainability procedures for ongoing operations related to Security Operations
• Primary contributor in administering department SharePoint - SharePoint content, and documentation associated with IT Policy for execution of the information security program.
• Provisioning support and Access Reconciliation using Sail Point Identity Manager Management Tool.
• The liaison between business and technology including, translating the business IAM technical requirements relating to -Role-Based Access Control RBAC.
• Ambassador in working with various departments on compliance controls matters for evaluations of audits and reports based on IAM lifecycle management.
• Participates in quarterly, yearly Access Reviews to adhere to NERC-CIP and SOX regulatory policies.
• SME in mapping IAM Business Role, Technical Roles to manage access to Bulk Energy System Assets highly sensitive data.
• SME in managing and maintaining Active Directory, IBM platform, IAM SailPoint (RACF/ACF/Top Secret resources.
• Maintain and manage permission for email security groups and distribution lists for MS Exchange.
• Monitor and ensure that all access administration systems and process are followed as per company internal policy and process.
• Exposure working with Federation and SAML for-Single-Sign management -Identity and authentication process within a Federation and SAMLinfrastructure.
• Perform annual SERC - NERC compliance duties for access privileges and authorization based on SOX and NER-CIP policies associated with audit requirements.
• Determines security violations and inefficiencies by conducting periodic audits.
• Participate in system upgrades by implementing and maintaining security controls.
• Maintains technical knowledge by attending educational workshops; reviewing publications
• Worked closely with cross-functional IT and Business units to analyze gaps and determine security risk levels to effectively manage remediation process within Enterprise and Critical infrastructure environment.
• Succeeds departmental objectives by providing feedback and recommendations for strategic plans, new system implementation, and customer service support internally and externally while resolving problems; identifying trends; determining system improvements and implementing change.
• Develop and publish information security policies, procedure, standards and guidelines based on knowledge of best practices, compliance requirements and industry standards.
• Provide support to resolve operational functions while tracking and delivering accurate and efficient results within deadline and a new-age cyber technological environment.
• Utilize extensive and high level of technical troubshooting skillset to quickly resolve issues minimizing high level isolated problems to secure network infrastructure.
• The ability to motivate team members to facilitate workflow to meet organizational goals and deadlines.
• Trained staff on network and enterprise information security procedures, enterprise security work best practices and policies reacted to SOX, FERC and NERC governance.
• Served as a consultant to corporate business units, application developers, subsidiaries, and acquired entities to ensure full understanding and compliance of the company's published IT Security Standards and Policies.
• Experience with Information Security risk, regulatory, or compliance responsibilities
• Experience reviewing vendors documented security standard, policy, and procedures associated with third party providers risk assessment services
• Experience reviewing guideline and policies, such as, user authentication rules, security breach resolution procedures, security auditing procedures, management and closure of any information security gaps
• Worked collaboratively with areas of IT security and management, to ensure that all IT technology solutions are appropriately implemented and supported.
• Assisted with review of policy, security alerts, guidance, regulations and technical advances in IT Security Management
• Provide windows active directory administration support, group policy configuration of file system sharing, including NTFS permissions and security groups.

Senior Information Technology Security Specialist

Confidential

Responsibilities:

• Experienced and skilled with more than fifteen years of solid IT background supporting identity access management, audit, compliance, risk management and data center analysis.
• A current a member of the information security team with core functions performing identity access management, auditing, compliance, risk management and project management.
• An articulate, self-motivated individual and a team player who readily welcomes any type of challenge or change known by her peers.
• A role model, who demonstrates excellent leadership and communication skills.
• Provide windows active directory administration support, group policy configuration of file system sharing, including NTFS permissions and security groups.
• Provide consulting services to various business units to ensure that processes, procedures and work-practices are in-line with NIST and various regulatory bodies including: SOX, FERC and NERC-CIP.
• Develop and publish information security policies, procedure, standards and guidelines based on knowledge of best practices and compliance requirements.
• Provide support to resolve operational functions while tracking and delivering accurate and efficient results within deadline and a new-age cyber technological environment.
• Utilize extensive and high level of technical troubshooting skillset to quickly resolve issues minimizing high level isolated problems to secure network infrastructure.
• The ability to motivate team members to facilitate workflow to meet organizational goals and deadlines.
• Trained staff on network and enterprise information security procedures, enterprise security work best practices and policies reacted to SOX, FERC and NERC governance.
• Administrator for the enterprises RSA SecureID token environment supporting end users.

Senior Lead Infrastructure System Analyst

Confidential

Responsibilities:

• Managed the entire Data Center directing Team-Lead: Responsible for the managing and administering service restoration of the corporate Information Management infrastructure consisting of Windows NT/2000, UNIX, and IBM Enterprise Mainframe Servers.
• Oversee daily operational function and performance of junior analyst to meet department goals and operational deadlines.
• Leader in performing determination of events on server infrastructure taking corrective measures to restore system availability to minimize business risks.
• Key contributor in the design and implementation of the corporate Disaster Recovery Center.
• Responsible for all employees, vendors and contractor accessing the entirety of the Confidential Energy IT Infrastructure: network resources: This includes corporate headquarters fossil-fuel, hydro, nuclear power generation plants and regional offices.
• Corrected network performance problems as needed to ensure consistent system availability.
• Coordinated and provide training to new employees and junior employees on departmental technical procedures, process, policies and work tools.
• Managed daily technical and non-technical requests by providing written or verbal communication to customers, vendors, employees and various levels of managers as necessary.
• Provided feedback for improvement on tools, processes that affects the network infrastructure resources, system availability and data and disaster recovery.
• Served as second level support for the Confidential Energy Enterprise Help-desk department resolving high level isolated network problems.
• Perform high level communication during emergency system unavailability on events affecting Confidential Energy's server infrastructure utilizing internal emergency communication tools.
• Demonstrated ability to logically analyze problems on isolating or failing components within the mainframe environment.
• Performed resolution for subsystems such as DB2, CICS, ADABAS, VATAM
• Performed all daily routine tasks in a timely and consistent manner updating team members and or management staff.