We provide IT Staff Augmentation Services!

Sr. Cyber Security Consultant Resume

3.00 Rating

Ny, NJ

CAREER SUMMARY:

Hands on Cyber Security Manager with 20 years of successful experience and background in managing IT security strategies; mitigate and resolve Security, Privacy and Compliance issues based on ISO 27Ks, SANS - 20, FFIEC, GLBA, HIPAA, SOX, PII, and industry best practices. Currently, hold a security clearance from Secure Worker Access Consortium (SWAC).

SOFTWARE/HARDWARE/STANDARDS/TOOLS:

Windows: 8, 10; UNIX, SunOS, Solaris, AIX, HP - UX

LAN/WAN, Intranets/Internets/Extranets/VPN, Client/Server/Cloud

RSA/McAfee DLP; McAfee Virus scan, Pen-Test/Ethical Hacking, AML

SOX, GLBA, FFIEC, BCP/DR, ISO 27001/2, NIST, HIPAA, PCI, NISPOM/FISMA

EMC- Archer eGRC 5, SharePoint, Remedy

EXPERIENCE:

Confidential, NY&NJ

Sr. Cyber Security Consultant

Responsibilities:

  • Coordinated Cyber security projects with various Line Departments and IT at Confidential .
  • Evaluated RFI/SOW from vendors in support of IT Asset management works program
  • Lead cyber security risk mitigation projects based on recommendations made by Confidential International and DHS; to enhance enterprise-wide security for the defense, detection and response to possible external cyber threats and internal threats at Confidential .
  • Implemented security policies and guidelines based on ISO 27001-2, NIST-53, and SANS-20
  • Developed and Enhanced policies and processes in support of end-user awareness training and education; worked with third parties to assist with IT Asset management processes

Confidential, NY

Sr. IT Security Consultant

Responsibilities:

  • Under the Bank & Brokerage Investor Communications division of Broadridge managed and supported ISO 27001 Attestation for 200 + client facing applications using Archer eGRC 5 platform to manage enterprise risk and GRC in support of confidential, sensitive and PII Data
  • Managed policies and procedures in support of Vendor Risk Management program for extranets to manage connectivity, IAM, on-off boarding of accounts and data movement
  • Conducted Interviews with vendor’s IT staff; assessed and managed SAS70/SSAE16 reports for VRM programs in support of secure network connectivity and access controls.
  • Coordinated/conducted meetings with sr. management to get their buy-back on new projects.
  • Evaluated, recommended and implemented Practice Management Billing system and EMR/EHR system for physician’s office via cloud - software and storage as a service.
  • Developed RFI/RFQ for ethical hacking (Pen-Test), tests were outsourced to third parties. Managed ethical hacking processes: identified risks, proposed plans to mitigated risks; presented findings to sr. management to mitigate risk and to enhance overall IT security posture, and compliance
  • Managed Information Security Programs & processes: IT Security, administration, architecture, risk management, documentation, and training.
  • Coordinated and conducted security awareness training for staff.
  • Developed security policies and procedures in support of HIPAA/HITECH
  • Developed BCP/DR program for backup and recovery of mission critical data
  • Assisted in the research and recommendation of a secure system for email: - content filtering and classification of data for outgoing emails - to meet ITAR and EAR compliance guidelines.
  • Managed security projects: defined scope, identified risk factors, documented, tested, implemented monitoring of systems and maintained for performance
  • Developed RFI/RFQ for ethical hacking (Pen Test), tests were outsourced to third parties. Managed ethical hacking processes: identified risks, proposed plans to mitigated risks; presented findings to sr. management and enhanced overall IT security posture

Confidential, New York, NY

Chief Information Security Officer/ First Vice President

Responsibilities:

  • Managed, maintained and oversaw bank-wide IT security & privacy programs.
  • Manage incidents: using subjective and objective methods to evaluate, detect, report, contain and mitigate incidents that impaired adequate data and infrastructure security.
  • Trained and oversaw staff with significant information security duties as well as assisted TISOs and BISOs in various depts. On their IT security responsibilities.
  • Established BCP/DR; reviewed BCP plans annually, and conducted annual DR tests
  • Assisted internal/external auditors with security & privacy policies and compliance
  • Monitored transactions: FXPs, and high valued electronic money transfer programs
  • Evaluated existing security architecture, modified processes to safeguard security and privacy of data.
  • Assessed, and managed Vendor Risk Management programs in support of secure network connectivity and IAM controls based on SAS70 reports.
  • Managed IT risk and compliance issues: PCI DSS, GLBA, BSA/AML, CIP, OFAC, SAR, fraud solution programs. Coordinated and conducted Ethical hacking/Pen-Test.
  • Managed security incidents and developed anti-piracy (AP) and content protection (CP) policies and guidelines.
  • Chaired incident management team meetings to analyze post-incident events and to develop security controls to mitigate identified risks, if any.
  • Managed security budgets and security operations, evaluated staff training & performance

Sr. IT Security Consultant

Confidential

Responsibilities:

  • Evaluated SAS70 reports in support of vendor’s IAM, extranets and network connectivity.
  • Conducted Security audits. Managed enterprise-wide risk assessment and implemented adequacy of controls in support of client’s SOX initiatives
  • Coordinated and assisted in compliance with internal and external auditors in support of IT infrastructure security along with governance, risk reduction, and compliance
  • Coordinated and managed IT security projects and implemented training and documentations across the IT infrastructure
  • Managed and administered periodic BCP/DR tests to ensure mandated DR plans are in place and ready in the event of a disaster situation
  • Managed Authentication and Authorization user accounts and admin accounts: on-off boarding of user/system/network accounts
  • Managed security incidents and developed anti-piracy (AP) and content protection (CP) policies and guidelines. Coordinated and conducted Ethical hacking/Pen-Test.
  • Chaired incident management team meetings to analyze post-incident events and to develop security controls to mitigate identified risks

Confidential, New York, NY

Chief Information Security Officer/Vice President

Responsibilities:

  • Managed implementation of security process and instituted required security controls.
  • Developed, implemented and enforced policies, guidelines, and procedures in support of IT security, data privacy, and risk mitigation
  • Assessed Vendor Risk Management programs based on SAS70 reports.
  • Managed Security Operations and applications administration for IAM, AAA, AML, BSA and FX transactions
  • Managed security architecture, trained staff on security tools and procedures; and end-users on security awareness; managed budgets and security operations.
  • Evaluated products/vendors, sourcing, selected and managed - Proposals: RFIs/RFQs for ethical hacking. Managed ethical hacking and mitigated inherent security risks.
  • Developed, enhanced and implemented security policies and procedures, conducted security awareness sessions and trained end-users
  • Tested and implemented reduced sign-on via AD for various WIN applications
  • Managed various IT Security, Risk management, IT Policy, Risk, and Audit Assignments
  • Evaluated IT security audits: ISO 17799/27001 , SOX, HIPAA, FFIEC, GLBA, BCP/DR. Documented some of the security processes
  • Interfaced with internal/external audit teams on security posture, and gave briefings to sr. management on steps taken to minimize identified risks and vulnerabilities.
  • Assisted clients on SOX testing, risk mitigation, documentation and re-certification of SOX
  • Evaluated SAS70 reports in support of Vendor Risk Management programs
  • Developed BCP program, established BCP/DR processes, conducts periodic tests for various business units and departments based on BIA, and RTO.

Confidential, Bethpage, NY

Project Manager

Responsibilities:

  • Managed IT security projects; selected, coordinated and managed consultants & vendors and managed department budgets for Optimum IO products and services.
  • Analyzed security requirements for infrastructure, developed and implemented security and privacy policies in support of administration, technology, physical access controls, and data security requirements for various departments
  • Coordinated and managed distribution of SSL certificates; installed and configured

Confidential, Islandia, NY

Information Security Manager

Responsibilities:

  • Evaluated security architecture in support of tools for tracking DMZ events
  • Developed, enhanced, maintained, and implemented Data Privacy and IT Security Programs to minimize risk factors. Performed tests and evaluations on security products and services. Assisted and Participated in BCP/DR processes and tests
  • Tested, verified and implemented CA’s e-Trust SSO to ensure login interoperability between Legacy systems and various windows platforms via AD and SunOS.

We'd love your feedback!