SUMMARY:

• IT Security professional with many years of experience in strong problem solving and program execution skills in security technologies - security architecture, data privacy, risk mgmt., operational risk, audit, laws & regulations, governance and compliance to secure and safeguard corporate data & Information systems.
• Strong track record of partnering with various corporate business units, IT, HR, Legal, Sr. management, and third parties to identify and resolve risks. Streamline IT operations, IAM, on/off boarding of accounts, enhance security, build better security culture and improve overall productivity.
• Evaluate security posture, enhance security policies and procedures; execute new security technologies; update and maintain infrastructure to ensure security
• Manage VendorRisk Management (VRM) via gathered documents: IAM access requests, questionnaires, other IT documents, desk top assessment, on-site visit, Ethical Hacking/Pen-test, and periodic monitoring of the vendor’s extranet network access. Evaluate and verify vendor’s SAS70/SSAE16 reports in support of compliance; and assist the vendor to improve vendor’s overall extranets security posture, if required.
• Develop IT security/privacy strategies to ensure that the infrastructure meets existing and future requirements based on corporate needs, cyber threats, laws, and regulations, governance and compliance - IT GRC
• Participate in RFI/RFQ proposals, research, selects security products, and services.
• Work with business units to develop an effective business risk control program.
• Projects: Security/Privacy, Risk Management, Audit, BCP/DR, Pen Test

TECHNICAL SKILLS:

IAM: Identity and Access Management - On-boarding/Off-boarding of IDs, SSOISO 27001/2, ISO 27005, ISO 9001, NIST, FISMA/NISPOM

IT Audits: Attestation & -- ISO 27001, SSAE16, SAS70, PII

Cyber Security: Incident Management, Risk Management, and risk Mitigation

Laws & Regulations: PCI, HITRUST, ITIL, COBIT, FFIEC, GLBA, EU Privacy

SOX: Application Security, Change management, Segregation of Duties

BCP/DR: Business Continuity Plan Management and Disaster Recovery, LDRPS

PMI: Project Plan & Management, Scope, work breakdowns, Technical Writing, RFI/RFQ

PROFESSIONAL EXPERIENCE:

ISO/Director/Sr. IT Security Consultant

Confidential

Responsibilities:

• Managed and supported ISO 27001 Attestation programs for 200 + client facing applications using Archer eGRC 5 platform to manage risk and compliance in support of confidential, sensitive and PII Data
• Policies and Procedures in support of Vendor Risk Management program for extranets to manage network connectivity, IAM, and data movement
• Conducted Interviews with vendor’s IT staff; assessed and managed SAS70/SSAE16 reports for Vendor Risk Management programs in support of secure network connectivity and access controls.
• Worked with various sr. level managers in support of user access - IAM verifications.
• Coordinated and conducted meetings with sr. management to get their buy-back
• Managed and executed Information Security Programs: IT Security, administration, architecture, risk management, pen test, documentation, and attestation.
• Managed security projects: defined scope, identified risk factors, documented, tested, implemented monitoring of systems and maintained for performance
• Developed RFI/RFQ for ethical hacking (Pen Test), tests were outsourced to third parties. Managed ethical hacking processes: identified risks, proposed plans to mitigated risks; presented findings to sr. management and enhanced overall IT security posture, and compliance
• Developed security policies and procedures in support of HIPAA/HITECH
• Evaluated, recommended and implemented Practice Management Billing system and EMR/EHR system for physician’s office via cloud - software and storage as a service.
• Trained staff with safe keeping of data records and HIPAA compliance
• Developed BCP/DR program for backup and recovery of mission critical data
• Assisted in the research and recommendation of a secure system for email: - content filtering and classification of data for outgoing emails - to meet ITAR and EAR compliance guidelines.
• Managed Information Security Programs: IT Security, administration, architecture, risk management, documentation, and .
• Developed and enhanced security/privacy policies, and procedures, conducted security awareness for staff.

Confidential, New York, NY

First Vice President / Chief Information Security Officer

Responsibilities:

• Managed, administered and maintained ongoing security projects, and instituted appropriate governance for the security functions. Developed, implemented, enforced policies, guidelines, and procedures in support of security, data privacy, risk reduction, and compliance.
• Evaluated existing security architecture, modified architecture to safeguard security and privacy of data.
• Implemented security policies, standards, and procedures. Reviewed existing policies in support of laws regulations, revamped, developed, and instituted new policies.
• Assessed, and managed Vendor Risk Management programs in support of secure network connectivity based on SAS70 reports. Reviewed SAS70 reports, developed memos and presentation materials on findings; reported finding with Sr. IT management and C- levels management team for further action.
• Managed IT risk, compliance issues: PCI DSS, GLBA, BSA/AML, CIP, OFAC, SAR, etc.; fraud solution programs. Managed, and administered mission critical applications for Foreign Exchange and coordinated security architecture
• Reviewed and resolved audit findings - MOU from FDIC/NY State Banking, in support of risk mitigation and IT Security / privacy compliance.
• Managed, tracked and resolved remediation projects under IT Security, Ethical hacking, BCP/DR, Application Administration, and Incident management.
• Worked with internal, and external auditors in support of risk, and compliance
• Reviewed pre-audit findings from Internal auditors, and mitigated issues
• Managed BCM/DR plans, processes with LDRPS, and conducted annual DR tests and manual reviews with status reports to auditors and to sr. management. DR test process consisted of people, processes, services, networks and technologies required to support the advancement of the overall bank security infrastructure based on BIA
• Led key IT projects, streamlined information security initiatives. Chaired Incident Management Control meetings: evaluated and managed security requirements
• Led incident identification, management and mitigation of security events; gathered internal and external intelligence; coordinated the incident response with technical support groups - SOC/NOC, businesses units, risk management, HR, legal and IT
• Chaired IT Security Operational Team meetings to address enterprise-wide risk management issues and concerns.
• Managed the maintenance, evaluation and testing of bank’s IT infrastructure. Developed and executed RFI/FRQ for ethical hacking. Coordinated annual vulnerability assessment and pen-test to enhance overall security posture. Managed implementation of the Pen-Test recommendations with status reports to senior management.
• Managed and coordinated departmental budget; managed the third party sourced projects, staff, and vendors. Hired, managed and trained staff; conducted technical ; supervised and performed staff evaluations
• Implemented and administered reduced sign-on for mission critical applications using AD, with Password Reset to enhance overall Identity and Access Management (IAM) with the ease of on/off boarding of end-users.

IT Security Consultant

Confidential

Responsibilities:

• Evaluated SAS70 reports in support of third-party vendor’s extranets and network connectivity.
• Assessed and managed Vendor Risk Management programs in support of secure network connectivity and vendor’s request for access (login) management.
• Conducted Security audits. Managed enterprise-wide risk assessment and implemented adequacy of controls in support of client’s SOX initiatives
• Worked with internal and external auditors in support of IT infrastructure security along with governance, risk reduction, and compliance
• Coordinated and managed IT security projects and implemented and documentations across the IT infrastructure
• Managed and administered periodic BCP/DR tests to ensure mandated DR plans are in place and ready in the event of DR situation
• Managed security Authentication and Authorization for onboarding and off boarding of end-user accounts and network accounts
• Managed security incidents and developed anti-piracy (AP) and content protection (CP) polices and guidelines. Coordinated and conducted Ethical hacking/Pen-Test.
• Chaired incident management team meetings to analyze post-incident events and to develop security controls to mitigate identified risks

Confidential, New York, NY

Vice President / Information Security Officer

Responsibilities:

• Managed implementation of an ongoing security process and instituted required security tools. Developed, implemented and enforced policies, guidelines and procedures in support of IT security, data privacy and risk mitigation
• Assessed Vendor Risk Management programs in support of network connectivity based on SAS70 reports.
• Managed Securify /Ektasis and managed IT Security Operations and applications administration for IAM, AAA, AML, BSA and FX transactions
• Managed security architecture, trained staff on security tools and procedures; and end-users on security awareness; managed budgets and security operations.
• Evaluated products/vendors, sourcing, selected and managed - Proposals: RFIs/RFQs for ethical hacking. Managed ethical hacking and mitigated inherent security risks.
• Developed/enhanced security policies and procedures, conducted security awareness sessions and trained users
• Tested and implemented reduced sign-on via AD for various WIN applications

IT Security Consultant

Confidential

Responsibilities:

• Various IT Security, Risk management, IT Policy, Risk, and Audit Assignments
• Managed IT security audits: ISO 17799/27001 and 27002, SOX, HIPAA, FFIEC, GLBA, BCP/DR. Documented some of the security processes
• Evaluated SAS70 reports in support of Vendor Risk Management programs for network connectivity based on mutual agreements between the companies.
• Interfaced with internal/external audit teams on security posture, and gave briefings to sr. management on steps taken to minimize identified risks and vulnerabilities.
• Assisted clients on SOX testing, risk mitigation, documentation and re- of ongoing SOX efforts
• Developed BCP program, established BCP/DR processes and tests for various business units and departments based on BIA, and RTO.

Confidential, Bethpage, NY

Senior Data Security Analyst/Project Manager

Responsibilities:

• Analyzed security requirements for infrastructure, developed and implemented security and privacy policies in support of administration, technology, physical access controls, and data security requirements for various departments: BUs, HR, eMedia, Legal, Compliance, NOC, SOC, Engineering, Optimum iO / DSTB products.
• Coordinated and managed distribution of SSL s; installed and configured SSL s for servers
• Managed IT security projects; selected, coordinated and managed consultants & vendors and managed department budgets for Optimum IO products and services.

Confidential, Islandia, NY

Information Security Manager

Responsibilities:

• Developed security architecture in support of tools for tracking DMZ events
• Developed, enhanced, maintained, and implemented Data Privacy and IT Security Programs to minimize risk factors. Performed tests and evaluations on security products and services. Assisted and Participated in BCP/DR processes and tests
• Tested, verified and implemented CA’s e-Trust SSO to ensure login interoperability between Legacy systems and various windows platforms via AD and SunOS.