SUMMARY

• Security Engineer with extensive experience as a third - party Information Security assessor
• Performed many Internal / External security assessment and audit for Federal Government and Private industry
• Over 15 years of experience in the Information Technology
• Over five years experiences performing third party Assessment
• Eight years of IT Experience including 6 years of IT Security, Risk Assessment and/or Compliance Experience.
• Worked with IT department to implement multi-layer security including hardened OS that meet GLBA requirements.
• In the past five years performing Risk Assessments for Federal and Private Industries
• In the past three years conducted risk assessments utilizing the GRC tool Archer both as a user and Administrator
• Created Dashboard reports to allow managers to get high-level overview of the business processes
• Performed SAS16 SOC1 IT risk that focus on the internal control for AIG Corporation
• In the past eight years using Best Practices such as NIST, ISO 2701/2702, PCI, HIPAA, CMS, SOX, FEDRAMP, COBIT and DIACAP

PROFESSIONAL EXPERIENCE

Confidential, Richardson TX

Sr. Bank Technical Analyst

Responsibilities:

• Acted as an independent review to ensure that compliance issues are resolved.
• Provided reports on a regular basis to senior management on the progress of the compliance efforts
• Identified potential areas of compliance vulnerability and risk and implements corrective action plans
• Collaborated with IT departments to remediate compliance findings
• Participating in early risk identification meetings
• Assisting with stakeholder identification and conducting a stakeholder engagement meeting
• When leveraging Enterprise Risk Management (ERM) risk assessment methodology, coordinate, schedule, and facilitate risk assessment meetings
• Ensuring risks are documented in the appropriate Archer Solution (e.g., Enterprise Risk Identification Solution (ERIS), Enterprise Risk Assessment Solution (ERAS), and ISPRB Process, etc.)
• Ensuring appropriate due diligence (e.g. Bank CRCR, Privacy Impact Assessment, Vendor Risk Assessment) activities have been completed
• Ensuring risk assessment documentation is escalated and reviewed by the appropriate risk review group (i.e. ISPG/RB)

Confidential, Oakland CA

HIPAA Consultant

Responsibilities:

• Acted as an independent review to ensure that compliance issues are resolved.
• Provided reports on a regular basis to senior management on the progress of the compliance efforts
• Identified potential areas of compliance vulnerability and risk and implements corrective action plans
• Collaborated with IT departments to remediate compliance findings

Confidential

Security Analyst

Responsibilities:

• Used RSA Archer GRC tool to create and update Control Baseline
• Assisted technology platform owners to develop IT control baselines
• Collaborated with IT department to draft, review, and approval additional controls implemented in support of Regulation System Compliance and Integrity (Reg SCI)
• Periodic review and updates existing IT control baselines with IT department groups
• Performed execution of Control Self-Assessments (CSA), to reduce or eliminate risk
• Used best practices such as NIST 800-53 Rev 4, ISO 27001/27002 , COBIT and Center for Internet Security (CIS) Website to help reduce risk
• Used SAP to monitor who has access to what data and processes to ensure that there is sufficient segregation of duties.

Confidential, Owings Mills MD

Security / Business Analyst II

Responsibilities:

• Worked in close collaboration with business partners and developers to ensure consistent understanding of business processes and requirements.
• Established effective relationships with other departments; builds and maintains effective business partner relationships.
• Assisted with tasks and deliverables related to System Development Life Cycle phases for package and custom solutions
• Attended and participates in user and project meetings and teams to expand knowledge as a participant and not in a lead capacity; facilitates project status meetings; tracks project status.
• Used industry best practices such as ISO 27001/27002 , PCI, NIST, COBIT & HIPAA

Confidential, Irving TX

Security Engineer

Responsibilities:

• Responsible for supporting the architecture, design and assurance of information security mechanisms and services throughout the enterprise.
• Developed and implementation key security initiatives
• Provided internal risk and security assessment to prepare for external audits
• Performed risk assessment for new and existing medical clinics
• Operated scan assessment tools (Nessus, Acunetix, QRadar (view firewall logs)
• Used Archer Governance, Risk and Compliance (GRC) Tools and Tivoli Endpoint Manager (TEM) IT asset management tool)
• Received track open and close tickets through Service Now enterprise service management ticketing tool.
• Recommending new security policies and modifications to current security policies
• Used industry best practices such as PCI, NIST, & HIPAA,
• Reviewed scan assessment report of IT assets and business processes for payment card processing and analyzing them for vulnerabilities.
• Performed continuously monitor and worked with team to remediate and enforce the use of controls specified in the PCI Data Security Standard.

Confidential, Dallas TX

Information Assurance Engineer

Responsibilities:

• Provided Information System Security Engineering and Certification and Accreditation (C&A) expertise in accordance with DIACAP
• Assisted in preparing Certification & Accreditation (C&A) documentation for submission to the Designated Approving Authority (DAA)
• Utilized standard software tools to conduct vulnerability scans of all equipment on the network for vulnerabilities to ensure sound security configurations
• Created McAfee ePO vulnerability reports work with system owners to mitigate finding.
• Supported systems administrators in implementing corrective actions required because of vulnerabilities uncovered during internal risk assessment
• Utilized SAP to monitor administrator usage to ensure segregation of duties.

Confidential

IT Auditor

Responsibilities:

• Wrote audit reports to communicate findings, recommendations, agreed-upon actions, and targeted completion dates to management and the Audit Committee.
• Identified opportunities to automate business process controls and reduce reliance on manual controls.
• Recommended best practice corrective actions to policies and procedures, where necessary.
• Tracked audit deficiencies and perform follow-up to ensure appropriate controls have been implemented and are operating effectively
• Used industry best practices such as Center for Medicare/Medicaid Services (CMS), FISMA, NIST, & ISO 27001

Confidential, Fort Worth TX

Senior Security Analyst

Responsibilities:

• Provided guidance on implementation strategies for new security technologies on network
• Tested & evaluate the effectiveness of the Company’s IT SSAE-16 controls
• Identified and assess risks, controls, and SSAE- 16 related business issues
• Created and update SSAE-16 Excel spread sheet Checklist with IT department groups
• Worked with the Oracle Database, Windows, Middleware and AS400 team to setup plan of action to mitigate controls that has a critical or high and medium risk level
• Conducted company wide data classification assessment and security audits and manage remediation plans.
• Interfaced with IT department to provide audit support for both internal and external audits and reviews
• Assisted IT department with mitigate security related risks by providing alternative recommendation and guidance
• Used industry best practice such as NIST, FEDRAMP, & SOX

Confidential, Austin, TX

Senior Security Analyst

Responsibilities:

• Provided third-party auditing support
• Acted as interface with customer to provide audit support for both internal and external audits and reviews
• Met with Contracting Officer and PM on an as-needed basis to discuss problems and concerns, status of work, changes in assignments or other contract related issues
• Guided clients in defining and implementing overall security strategy, policies, and procedures
• Coordinated security assessments, risk analysis, and vulnerability testing and reviews
• Used GRC Tool Xacta to create and update procedures and as a repository to be compliance

Confidential, Dallas TX

Information Security Administrator

Responsibilities:

• Responsible for ensuring the confidentiality, integrity, and availability of data and information systems for Health Net Federal Services for DIACAP
• Provide security administration for all IT Security applications and associated accounts participate in designing and managing IT Security strategy including both infrastructure and applications for Health Net Federal Services/DIACAP

Confidential, MD

Information Security Analyst

Responsibilities:

• Responsible for information security policy development and maintenance; design of security policy education, training, and awareness activities; monitoring compliance with IT security policy and applicable law; coordinate investigation and reporting of security incidents
• Work with the Information Technology Services (ITS) Systems Support team to monitor, and fine-tune the business continuity and disaster recovery program
• Perform network vulnerability assessment scans and risk assessment reviews
• Collaborate on solutions to mitigate risks and enhance system security
• Used Tenable (Nessus) assessment Tool to scan the network for any vulnerability performed risk assessment

Confidential, Carrollton, TX

IT Specialist

Responsibilities:

• Responsible for network connectivity and installation and repair of Confidential products
• Installed software at customer locations; Design, document, and install custom software required by customers to use Technifax office equipment
• Provided systems analysis, modifications and testing to user applications
• Managed time, IT inventory, and customer relationships
• Diagnose and solve customer-initiated IT service calls

Confidential, Falls Church, VA

Senior Security Engineer

Responsibilities:

• Completed reports meeting Department of Defense, DIACAP, and DISA standards for Certification and Accreditation
• Provided solutions for Defense Health Systems TRICARE Management Activity risk assessment teams on technical questions and issues
• Assisted clients mitigate security related risks by providing alternative recommendation and guidance
• Guide clients in defining and implementing overall security strategy, policies, and procedures
• Perform security assessments, risk analysis, and vulnerability testing and reviews
• Performed security risk assessments, risk analysis, and vulnerability testing and reviews
• Implemented policies and procedures regarding how problems are identified, received, documented, distributed and corrected
• Used assessment to scan the network with the following tools, Retina, Gold Disk, App Detective, HP Web Inspect and STIG’s Checklists

Confidential, MD

Senior Security Analyst

Responsibilities:

• Implemented and manage IT security solutions
• Participated in disaster recovery planning, implementation, testing and readiness for the organizations data center systems
• Provided third-party auditing support
• Develop table top exercise scenario for disaster recovery.
• Participated in disaster recovery planning, implementation, testing and readiness for the organizations data center systems

Confidential, Plano, TX

Customer Engineer

Responsibilities:

• Performed installations and maintenance of Confidential data storage equipment at customer locations
• Showed professionalism and customer’s satisfaction at each account
• Prepared clarify case reports for each event
• Prepared accurate expense reports and daily time sheets
• Performed part replacements as directed by PSE lab.

Confidential, Westlake Village, CA

Field Service Technician

Responsibilities:

• Installing, troubleshooting maintaining and coordinating the use and proper operation of network environments and desktop and server operating systems/environments (Windows 2000/XP/2003) for Car Dealership subscriber locations
• Conducted pre-installation onsite surveys with the customer to explain and demonstrate the functionality of the equipment and software. Install network cabling systems including CAT5e, CAT6, multimode and single mode, coax
• Termination of RJ-45, RJ-11 (4/6-pin), BNC (coax)
• Installed modems, terminate cables, connect terminals, install peripheral interface boards, configured hardware, install software, perform network conversions, bring up LAN, conduct onsite customer training demonstrating the software, performed equipment audits as required, responded expeditiously to requests as necessary
• Performed multiple tasks within established time frames and criteria. Perform POST installation quality checks or calls, if requested
• Worked independently using experience and judgment to accomplish assigned tasks

Confidential, Southlake, TX

Desktop Support / Field Comms / Service Tech

Responsibilities:

• Provide and manage installation with Sabre hardware/software on Compaq, Dell Windows 2000, XP workstations and Windows 2000, 2003 Servers including restaging and troubleshooting hardware/software problems on Win95, 98, 00, XP and NT, Novell NetWare Operating Systems, Cisco router and switches configuration, LAN and Hardware Diagnostics, Gateway, File Server, LAN & WAN connectivity, PC installation/troubleshooting and LAN design/installation troubleshooting
• Ensured all OS systems and software tools utilized in the data center are kept up-to-date and do not allow any to fall behind more than one version from latest general release
• Data center equipment rack planning and installation/racking of equipment into telecommunication racks
• Performed layer three (3) configurations, implementing, monitoring and troubleshooting Cisco 7600 series router and Catalyst 2900, 3500, 3700, 4500, 4900 and 6500 series switches. Performed hardware/software installations for Confidential /Eagle airport and travel agency locations on Win 2000/2003/NT workstations and servers; Administered TCP/IP network running Windows NT 4.0 and Windows 2000 with over 500 users in support of operational exercises
• Provided end-user support and technical assistance; new installations and upgrade file servers, PCs, printers, print servers, OS2 operating systems; loading the operating system for Novell servers; Configure UNIX databases. Independently perform tasks in a rapid pace environment with tight schedules. Respond to telephone calls, emails and Remedy action request system trouble tickets for technical support. Installed Enhanced Gate Reader, IER 557 Printers, loaded TCP/IP for the Intranet, Remote Group Wise, installed routers, MUXSABRE Gateway, File Servers, and Printers
• Conduct maintenance, analysis, troubleshooting and repair of computer systems, hardware and computer peripherals; Documenting, performing upgrades or replaces hardware and software systems
• Provide support and maintenance of user account information, including rights, security and systems groups