SUMMARY:

• A career - oriented professional with proven 15 years of experience in information security management; responsible for information security awareness within the organization.
• A focused individual in-charge of information security policies and procedures; good interpersonal and organizational skills.
• Hands-on experience in IT Security, Risk Management, Compliance and Documentations.
• Good understanding of Security Risk assessment practices, and risk assessment techniques and methodologies.
• Ability to build Security in maturity model (BSIMM).
• A Subject Master Expert, Scrum Master, Product Owner and experienced Project Manager.
• Sound knowledge of various data mining and analytical tools.
• Excellent analytical and critical thinking-skills.
• Research new developments in IT security in order to recommend, develop and implement new security policies, standards, procedures and operating doctrines across a major global enterprise.
• Define, establish and manage security risk metrics and track effectiveness.
• Coordinate with third parties to perform vulnerability tests and create security authorization agreements and standards.
• Collaborate with business units to determine continuity requirements.
• Conduct business impact analysis for vital functions; document recovery priorities of the key processes, applications and data.
• Establish disaster-recovery testing methodology.
• Plan and coordinate the testing of recovery support and business resumption procedures while ensuring the recovery and restoration of key IT resources and data and the resumption of critical systems within the desired timeframe.
• Auditing using FFIEC booklets, & ISO/IEC 27002, Regulatory Compliance, Technology Architecture, Systems Integration, Information Assurance, Client Needs Analysis, Business Impact Analysis, Business Change Management, Business Development, Budgeting and Cost Control, Operations Management, Business Continuity, Privacy & Compliance, Productivity Improvement, Strategic / Tactical Planning, Identity & Access Management, Organizational development, e - Commerce, Strategy /Development, Risk Management, Client Management, IT Auditing, RAC, SAP, Oracle, PeopleSoft, SQL Server, Mainframe, Anti Money Laundry

TECHNICAL SKILLS:

Networking/Others/Tools: BSIMM, SOX, OWASP, WireShark, SQL, Data Guard, NIST, COBIT, COSO, ISO 27001/2, GLBA, FFIEC, HIPAA, FesRAMP, PCI.DSS, SOA, Safe Harbor, TCP/IP, COBIT, Microsoft Access, Microsoft Excel, BITS, AUP, SIG, EFT, RFQ, Contract Negotiation and SOX

PROFESSIONAL EXPERIENCE:

Confidential, New Castle, DE

Data and Risk Management Analyst

Responsibilities:

• Ensures appropriate NIST SP standards for Information Technology Service Continuity Management Plan.
• Leads Security Architect for Compliance projects and Major IT Governance Risk.
• Organization of programs for NIST, COBIT, PCI, COSO and ISO 27001.
• Evaluates COTS/GOTS security products and provide guidance as to their strengths and weaknesses as security tool candidates
• Performs security risk assessment and recommend measures to deal with identified risks across many differing aspects of IT systems.
• Coordinates SOX, Data loss prevention, COSO, Policies & Procedures.
• Solid knowledge of Wireshark, SQL analyzer, data guard, gateways, Active Session
• History and IBM Tivoli insight manager.
• Led the team that redesigned the security work activities with GUI applications, resulting in better performance.
• Designed, implemented, and monitored security systems and processes.
• Provided assistance in development of information security awareness .
• Provided assistance in development of content and communications for IT Security
• Provided assistance in addressing security issues.
• Designed security and controls for new technologies.
• Planned and managed security projects and activities.
• Managed logistics of information security awareness program.
• Enforced Policies and Standards related to IT Security using BSIMM.
• Monitored security system logs.

Environment: SOX, Archer, WireShark, SQL, Data Guard, Nmap, Nessus.

Confidential, Phoenix, Arizona

Information Security Audit/Compliance

Responsibilities:

• Prepared Audit/Compliance materials using FFIEC booklets and ISO/IEC 27002 on the followings:
• Audit
• Business Continuity Planning
• Development and Acquisition eBanking
• Information Security
• Operations
• Outsourcing Technology
• Retail Payment Systems
• Supervision of Technology
• Wholesale Payment Systems

Environment: Audit, ISO/IEC 27002, Archer, Microsoft Excel, Shared assessment with SIG, BITS, EFT, and AUP

Confidential, Newark, DE

Information Security and Risk Management Analyst

Responsibilities:

• Facilitates the confidentiality, integrity, and availability of information in the corporate systems
• Leads Security Architect for Compliance projects and Major IT Governance Risk.
• Organization of programs for NIST, COBIT, PCI, COSO and ISO 27001.
• Possesses organizational and Business Knowledge
• Understands organizational dynamics and leverages key decision makers within
• Global e-Commerce.
• Understands the e-Commerce industry in general and online threats and protection in particular.
• Cultivates an environment where associates respect and adhere to company standards of integrity and ethics
• Drives continuous process improvement and innovation
• Develops technical strategies for e-Commerce, applications and systems
• Responsible for the oversight of the Information Security policies, standards, and practices across Global e-Commerce.
• Ensures that product quality, assurance and risk reduction goals are met across all of Global e-Commerce business and functional units.

Environment: NIST, PCI, COBIT, COSO, ISO, BSIMM, OWASP, Archer, EFT, AUP, BITS & SIG

Confidential, Newark, DE

Application Security Consultant

Responsibilities:

• Ensured appropriate NIST SP standards for Information Technology Service
• Continuity Management Plan.
• Defined global information risk solutions and security, create information security management systems.
• Managed consultant teams and engineering security.
• Lead Security Architect for Compliance projects and Major IT Governance Risk.
• Organization of programs for NIST, COBIT, PCI, COSO and ISO 27001.
• Participated in private workshops for C-level management.
• Evaluated COTS/GOTS security products and provide guidance as to their strengths and weaknesses as security tool candidates
• Performed security risk assessment and recommend measures to deal with identified risks across many differing aspects of IT systems.
• Worked with the team that redesigned the security using BSIMM for better performance.

Environment: NIST, COBIT, PCI, IT Governance

Confidential, Newark, DE

Information Security Administrator

Responsibilities:

• Identity Access Management.
• Prepared information security evaluation for new projects using BSIMM.
• Project improvement documentation, delivered process documentation.
• Information Security Operations liaison for IT initiatives.
• Knowledge of international data protection laws
• Experienced in performing system and application vulnerability assessment
• Experienced with Information Security technologies, markets, and vendors (firewall, intrusion detection, assessment tools, encryption, authority, Web, and application development)
• Experienced in internal, external, and Sarbanes-Oxley audit assessment
• Familiarity with database technologies used to store enterprise information and directory services
• Knowledge of industry standards such as: ISO17799, SAS70, COBIT, etc
• Knowledge of and ability to use system security and controls including firewall and virus software, identity management, and computer control environments
• Knowledge of Information Security regulations such as: PCI, GLBA, SOA, Basel II, Safe Harbor, SB 1386, etc
• Experience with privacy legislation such as HIPAA, COPPA, FCRA, GLB and EU
• Proficient in networking protocols and standards especially TCP/IP and the OSI Model

Environment: PCI, GLBA, SOA, Safe Harbor, TCP/IP, COBIT, BSIMM