We provide IT Staff Augmentation Services!

Information Security Officer Resume

0/5 (Submit Your Rating)

Southlake, TX

Hire Now

SUMMARY:

  • InfoSec Security Officer and Architect in Transportation Security program whose qualifications include a college degree; a DOD Secret security clearance; CISSP and Security+ designations; and detailed knowledge of security tools and best practices, technologies, and privacy regulations. Seventeen years of experience initiating and managing security and compliance solutions to protect networks, systems and information assets for large, diverse organizations.
  • Security Policy Management
  • Asset & Vulnerability Management
  • GRC Management
  • Network & System Security
  • Audit Facilitation & Remediation
  • Product Integration Planning
  • Information Privacy
  • Architectures (PCI, SOA, Cloud)
  • Cyber Security Awareness
  • Planning
  • Participate in the development of the security strategy and roadmaps for the program.
  • Create achievable security goals and objectives consistent with the strategic plan.
  • Regularly participate in Governance, Risk & Compliance (GRC) initiatives.
  • Developing
  • Security policy authoring, publishing, assessing and enforcing across the program.
  • Write high - level, business and technical requirements and use cases.
  • Deliver and communicate relevant GRC content to clients as per agreement.
  • Managing
  • Single point of contact for security, privacy, audit and compliance related services and issues.
  • Participate in consultative selling as required.
  • Assess the facilitation and remediation of 3rd party and internal audits and assessments (i.e., network assessments, penetration testing, code analysis, PCI DSS and ISAE 3402).
  • Oversight
  • Validate and authorize role-based access control (RBAC) requests.
  • Review daily/weekly/monthly security reports and take necessary corrective actions.
  • Maintain and improve the risk posture of the environment by establishing continuous compliance efforts by adhering to existing security and privacy policies and standards, regulatory requirements, or best business practices.
  • Protecting
  • Safeguard the confidentiality, integrity and availability of the program’s critical data (i.e., cardholder data, PII) as per internal requirements and relevant privacy regulations including information sharing, data protection, trans-border data flow, etc.
  • Conduct security assessments, including framework (PCI DSS, NIST), best practice (ISO 27001/2), readiness (ISAE 3402), gap analysis, and architecture and design analysis.
  • Ensure compensating controls are implemented, documented and approved via established business processes.
  • Provide recommendations to management for the information security program.
  • Promote Information Security Awareness across the program.

TECHNICAL SKILLS:

Security: Vulnerability Scanners (Tenable Nessus, NMAP, McAfee Vulnerability Manager, Nexpose), HP ArcSight, Tripwire FIM, SharePoint, RSA Archer eGRC, Web Application Security Scanners (Portswigger Burp Suite, Netsparker, HP WebInspect), Penetration Testing (Backtrack, Kali Linux, Metasploit)

Methodology: Agile Methodologies and Project Management

Lifecycle: Rally Application Lifecycle Management, SDLC (CtP, SDR, Application Testing)

Systems: Unix-Based Systems (Linux, BSD), Windows

Networking: LANs, WANs, IDS, IPS, TCP/IP

Assurance: ISO/IEC 27001/2, PCI DSS 3.0, FedRAMP, SOX, CSA, FIPS 9, FISMA, ITAR, Privacy Regulations (EU, U.S.), NIST, OWASP Top 10, SANS CWE Top 25

Industry: Aerospace and Defense, Oil and Gas, US Public Sector, Finance, Transportation

Hire Now
Report an issue

We'd love your feedback!

Privacy Policy
Resume Categories
Client Services
Job Seekers
Visa Sponsorship