Technology Security Risk Management

Creating Secured Environments/Reducing Total Cost of Ownership

• A solution oriented Information Technology Security Professional with strategic and technical project leadership experience optimizing productivity in multi-vendor platform/application environments. Diverse technical and policy expertise encompasses strong security, VPN, intrusion detection and network administration, risk management, mitigation, and problem resolution skills.
• Technology Development Relationship Cultivation Customer Service
• IT Strategy Development Business Analysis Resource Development

Confidential

Regional Manager/ Lead Regulatory, Risk Controls

• Responsible for the execution of risk and control initiatives and processes including operational risk programs and legal/regulatory programs. Provides data and analysis to measure the effectiveness of operational control across a set of COO products and services. Identifies and evaluates potential areas of non-compliance or risk, assessing impact, probability and defined risk tolerance and presents findings and proposals for risk mitigation measures. Develops remediation projects, monitors and assesses the quality of project execution and outcomes. Liaise with other central functions regularly, including Group Audit, to support the integration of risk initiatives and projects.
• People Management Actively supports the bank's strategy, plans and values, contributing to the achievement of a high performance culture. Personally contributes in an environment where people development is the number one priority for the team. Takes ownership for own career management, seeking opportunities for continuous development of personal capability and improved performance contribution. Acts as a role model for new employees, providing help and support to facilitate early integration and assimilation of their new environment Highlights performance issues within the team, where appropriate, to drive for high performance

Confidential

IT Security Technology Risk Management

• Local Information Security Officer responsible for supporting local IT management as well as the IT Risk governance team through mandating the implementation of IT Risk and Security controls as defined through global, regional and local policies and standards. Responsible for gathering information necessary for risk assessments. Gather information concerning third-party vulnerability and penetration testing. Receipt of metrics and reporting requests. Receipt of formalized query associated to a given project. Reviewing initial submissions for exceptions to Information Security policies and standards. Working with legal and compliance representatives to identify and comply with legal regulatory compliance needs related to IT risk and security. Receiving requests for information by the internal audit divisions. Conducting and assisting America's branch office representatives in performing security assessments and remediation activities travel includes North, Central, and South America regions. Also serving as the Americas contact on the Global Information Practice Group Board. Responsibilities also include risk management of all US branches and
• Local Information Security Officers including Canada, Mexico, South America and the Caribbean.
• Risk database tracking include Archer and RSAM.

Confidential

IT Security Consultant

• Served as the SME to assist in identifying and implementing required policies and procedures in an
• pharmaceutical IS organization for SOX compliance. Tasks include change control, configuration management, security management, auditing technical controls, identity management, and implementation of Sarbanes Oxley. Hands on experience with the following technologies:
• Windows 2003, Frontbridge, Bluecoat Proxy, Checkpoint, F5 Firepass, Cyfin Reporter, VPN, Nagios, Nessus, Ntop, Wireshark, Netterrogator, Active Directory, Postini, LogLogix, Elcomsoft Audit Software, Sawmill, Qualysguard.

Confidential

Network Engineer Stf/Project Manager/Senior Security Engineer-Security Clearance

• Under Lockheed Martin, managed and troubleshooted technologies such as site to site VPN. Served
• as the Lead Engineer/Project Manager for the SSL VPN and Cisco Clean Access project, which involved overseeing, coordinating, and implementing a security solution to meet the customer's needs. Also performed configuration and testing of the network design for accuracy and scalability. Designed a and planned network communications systems. Provided specifications and detailed schematics for network architecture. Provided specific detailed information for hardware and software selection, implementation techniques and tools for the most efficient solution to meet business needs, including present and future capacity requirements. Under Northrop Grumman, managed firewall technologies such as Cisco Pix, Juniper SSL VPN, Whale Communications SSL VPN and Radius. Managed and designed architecture such as Radius, PKI, Cisco VPN, and wireless architecture. Performed risk assessments/risk management, project management and testing on new technology. Well versed in network security and writing technical documentation. Served as top tier of support for USPS VPN. Adhered to the technical and audit controls enforced by the Office of Inspector General.
• Windows, Pix Firewalls, Microsoft Exchange, ACS, Microsoft Radius,
• Microsoft PPTP, Proxy, Juniper Netscreen, PKI, Cisco ACS, Cisco ASA, Cisco
• Concentrators, Sun Solaris, Cisco SSL VPN,

Confidential

Information Security Administrator/Project Manager

• Managed highly responsive security/network/system administration environment. Installed, configured, implemented, deployed and monitored intrusion detection/security/ancillary hardware and software in production environment. Migrated, installed, and secured application programs adhering to established and published security policies and audit guidelines enabling rapid productivity. Resolved time-critical situations utilizing extensive trouble-shooting experience/skills providing a baseline for customer service/satisfaction targets. Developed and implemented security policies to help the organization conform to standards. Implemented technical, administrative, and physical controls. Performed ISO risk analysis and management on controls.
• IIS 5, Sarbanes-Oxley, Hipaa, Windows 2000, Exchange 2000, Network Appliance NAS Solution, Design Exchange 2000, Windows 2000 Certificate Server, Thawte Certificates, PIX Firewall, Cisco Routers and Switches, Internet Security Systems ISS , Snort, Nessus, Remedy, and Dual-Boot Windows 2000/Linux, Secured applications using various technical controls.

Confidential

• Established support systems to monitor and manage network alarms, system performance, and traffic issues to ensure effective communication maintained between in-flight aircraft and the FAA radio control tower. Successfully resolved critical issues through responsive monitoring, reporting, researching and documenting of critical alarm conditions. Escalated issues, as appropriate, insuring field personnel were dispatched.
• Fiber Optic, FM Single Side-Band, Digital Radio, Environmental Alarms in accordance with FAANCC Operational Procedures and Guidelines.
• Technologies include: Microsoft Word, Windows 95/98, NT 4.0, X.25, TCP/IP, Sun Solaris, Novell, Newbridge, Switches, T1's, OC3's, DS0's, DS3's, Channel Banks, Unix, SONET, and Routers.

Confidential

Chemist/SAP Database Operator

Developed, implemented and approved formulas adhering to project timelines/requirements. Project technical management and online support for customer account requests utilizing SAP. Created, implemented and managed SAP database maintenance.