SUMMARY

• Enterprise security architect with extensive experience leading strategic framework development, capability mapping, and operating model development projects, focused on providing guidance around Enterprise Security Architecture, Cybersecurity Governance, regulatory compliance and industry standards.
• Dedicated change agent constantly in search of faster and better ways of achieving reductions in development cycles and waste, and improved integration, cross functionality, and standardization of processes and services.

• Security Governance & Risk management
• SABSA, TOGAF & Zachman Frameworks
• Security Program Management
• Networking - TCP/IP and other protocols
• Network/Security metrics
• Security compliance regulations (HIPAA, Sarbanes, GLBA, PCI DSS, SOCs etc.)
• Stakeholder Management
• Member cybersecurity working group.
• LDAP & MS Active Directory administration
• Cyber Security Policies, frameworks, Standards
• Intrusion Detection & Prevention
• Data Loss Prevention (DLP)
• Encryption and PKI Infrastructure
• Log file analysis/correlationRisk and vulnerability assessment
• Secure SDLC, DevOps, NIST, ISO, COBIT, Access control models
• Security Incident & Event Management

TECHNICAL SKILLS

• Windows 2000, 2003
• XP
• Vista
• 2007
• Unix
• Solaris
• Linux
• HP Service Manager
• Splunk
• CUCM 10.5
• CUC 10.5
• CUCCX8.6
• Meeting Place 7.0
• RTMT
• LDAP
• PKI
• XML
• UML
• HTML
• HTML
• FTP
• XML
• VB Script
• SDLC
• BCLC
• RUP
• Waterfall
• Agile
• DevOps --- MGCP
• H323
• VOIP and SIP.TFTP
• IDS
• IPS
• Mega
• MS Visio
• WireShark
• Metasploit
• Nessus
• Aircrack
• Snort
• Backtrack
• Nmap

PROFESSIONAL EXPERIENCE

Confidential

Enterprise Security Architect

Responsibilities:

• Led a cross-divisional Enterprise Security Architecture Team Supporting Pre-Sales activities providing presentations/demos, RFP responses and recommended enhancements in security processes, standards and guidelines based upon a risk aligned prioritization.
• Established an iterative phased approach for building, maintaining and promoting target enterprise security architecture, performed gap analysis and created project-based roadmap to achieve the target state security architecture integrating TOGAF and SABSA architecture frameworks.
• Delivered a multi-disciplinary architecture to address cybersecurity, compliance, operational risk management, business resilience and addressing the stakeholders concerns with cross functional and technical perspectives.
• Involved in Prioritization and implementation of cybersecurity frameworks and standards including PCI-DSS, NIST, ISO, COBIT, NFPA and HIPPA as per client business requirements.
• Championed comprehensive security-oriented assessments for multiple client environments with differing mission requirements, handling conflict resolution and collaborating with team leads and clients to appropriately capture the desired business security requirements
• Engaged IT and security leadership, both technical and managerial specifically for continuous improvement in enterprise security strategy, architecture and standards based upon emerging threats, emerging security standards, privacy regulations and emerging regulatory impacts.
• Oversaw the enterprise architecture governance and ensured the integration of DevOps best practices in the Software Development Lifecycle (SDLC) and 3rd party vendor management and vulnerability testing processes
• Developed, maintained, and evolved enterprise security reference architecture, standard templates, design patterns adhering TOGAF and SABSA Frameworks to assist solution architects to develop solutions to business units' requirements

Confidential, Chicago, IL

Enterprise Security Architect

Responsibilities:

• Delivered target enterprise security architecture through iterative phased approach, performed gap analysis and created project-based roadmap to achieve the future state security architecture integrating TOGAF and SABSA architecture frameworks
• Delivered a multi-disciplinary architecture to address cybersecurity, compliance, operational risk management, business resilience and addressing the stakeholders concerns with cross functional and technical perspectives
• Delivered an Enterprise level architecture which established the capability to address Sarbanes-Oxley, PCI-DSS and SOCs report compliance
• Established functional area specific cyber risk-based prioritization, definition and implementation of cybersecurity strategy, policies, standards, procedures and guidelines
• Aided to develop and maintain enterprise security reference architecture, standard templates, design patterns implementing SABSA Framework to assist solution architects to develop solutions to business units' requirements
• Created and managed the security approval process framework in the Architecture Compliance Review for each phase in the development lifecycle for all future projects.
• Led the teams engaged in architecting governance models to organize roles and responsibilities of personal involved, to achieve better audit control and enhance the quality of documentation.
• Engaged IT and security leadership, both technical and managerial specifically for continuous improvement in enterprise security strategy, architecture and standards based upon emerging threats, emerging security standards, privacy regulations and emerging regulatory impacts.

Confidential, Bloomington, IL

Information Security Architect

Responsibilities:

• Championed the efforts to develop an Enterprise Information Security Architecture, aligned with the strategic goals and addressing the security risks under the governance of the information security management system.
• Developed, maintained, and evolved enterprise security reference architecture, standard templates, design patterns adhering TOGAF and SABSA Frameworks to assist solution architects to develop solutions to business units' requirements
• Delivered target enterprise security architecture through iterative phased approach, performed gap analysis and created project-based roadmap to achieve the future state security architecture integrating TOGAF and SABSA architecture frameworks
• Established and maintained a cybersecurity training and awareness program to include content development, delivery, and knowledge assessment.
• Lead implementation meetings, workshops, and create training materials for architecture team
• Monitor, measure, and refine the execution of the security architecture plans against the security strategy and metrics: Key Risk Indicators (KRIs) & Key Performance Indicators (KPIs)
• Created the future state architecture for implementation of SSO/SAML, identity and access management (IAM).
• Served as Data Loss Prevention (DLP) for the Information Technology group by reviewing potential data breach incidents and escalating to fraud group as necessary
• Created a risk assessment process with templates and conducted system design reviews as lead security representative on the Enterprise Architecture Review Board.
• Planned, designed and implemented enterprise-wide Data Loss Prevention (DLP), Security Information and Event Management (SIEM) and vulnerability management services.

Confidential, Indianapolis, IN

Cybersecurity Governance & Compliance Analyst

Responsibilities:

• Responsible for the Sarbanes-Oxley, PCI-DSS and SOCs report compliance management program
• Lead a cross-divisional security team using a multi-disciplinary focused approach to cyber and information security and compliance, operational risk management, client security management, workforce protection, and business resilience.
• Responsible for cyber risk Management and managed the process of defining, implementing, and enforcing cybersecurity strategy, policies, standards, procedures and guidelines.
• Determined appropriate tools and techniques, planed & scheduled IT Risk assessment, conducted scans, reported findings with recommendations and solicited the feedback from the customer and workforce to achieve all project objectives.
• Ensured enterprise-wide security, privacy, and compliance standards are maintained and processes for defining, implementing, and enforcing cybersecurity policies, standards, procedures and guidelines are in place/observed.
• Leading the IT & Cyber risk Management effort, performed IT risk Assessment by applying the IT/Cyber risk Management Strategy
• Established audit policy and reporting mechanisms for ensuring compliance with IA/IS standards by keeping current with IA/IS requirements.
• Occasionally Analyzed identified security strategies by assessing them against the organization’s needs and compliance guidelines and selected the best approach or practice for the enterprise.
• Lead the development of risk management by creating plans, procedures, protocols, and evaluation measures and ensuring there are desired levels of enterprise-wide IA/IS.

Confidential, Hartford, CT

Cyber Security Policy Analyst

Responsibilities:

• Responsible for developing, promulgating, and maintaining LOB cybersecurity policies and standards; developing and providing guidance on the Overseas Security Policy Board (OSPB) information systems security policy and standards; and providing guidance on existing policies and standards for the LOB.
• Performed the cyber/IT risk analysis, documented and communicated the results to the stakeholders.
• Responsible for contributing to IT Security Governance company security Policies and Standards adhered to by the global company
• Established a process to respond to user questions and inquiries about policy received via emails and phone calls.
• Created and managed the security approval process framework in the Architecture Compliance Review for each phase in the development lifecycle for all future projects.
• Researched, recommended, developed, maintained, and updated cybersecurity policies, to include use of new and emerging technology (e.g. WiFi, cloud, mobile devices), software, hardware, and other IT-related systems (e.g. VoIP, Building Automation Systems).
• Examined incoming requests for exceptions to policy and draft recommended decision memorandum to include requisite mitigation strategies
• Coordinated clearances of all draft cybersecurity policies and memorandum with DoS stakeholders
• Participated in intra-agency policy working groups (e.g. WiFi) and provide cybersecurity policy subject matter expertise
• Provided support for the review and coordination cyber and communications security policies and guidelines