SUMMARY:

• An experienced, highly educated, detail - oriented Project Manger, Security Auditor, Security Planner, and Solution Provider with strong problem solving and project management skills
• Over Twenty years of and increasing responsibility in leadership
• Over Fifteen years of IT Security, Project Management, Leadership, Security Controls, Governance, and Audits (Sarbanes-Oxley, HIPPA, PCI, SOC2, SSAE18, etc.)
• Providing data analytics to support the entire audit cycle, including risk assessment, planning, testing of controls, reporting and issue verification; develop and implement strategies, plans, and procedures that promote the use of data analytics in all core internal audit activities. Evaluates and implements advanced analytics methodology specific to particular project needs and steer analytics request in the most productive direction, leveraging internal resources and technologies.
• Deep knowledge and experience in Identity and Access Management
• Maintaining expertise and pursuing to keep abreast of new and proposed developments in the Security, Governance, Audit and Project Management fields
• Outstanding experience and knowledge in Cyber Security, Contemporary Project Management Practices (Agile/SCRUM), Information Security Standards and Practices (S-OX, HIPPA, HITECH, COBIT, ISO27001, HITRUST, NIST, etc.)
• Extensive experience in policy settings, Incident Management, compliance monitoring and enforcement.
• Skilled in building teams of diverse specialists in all areas into a harmonious, objective-driven and Result-Oriented teams.
• Proficient in adapting to varied environments, working with an ever-changing diverse group of personnel.
• Thorough experience, and in Project Management and Team Leading
• Experience in running vulnerability scanners like Qualys, Nessus etc,. Review vulnerability reports and identify false positives in the automated reports
• Internal Audit customers to ensure Serbanas-Oxley and HIPPA compliance, including Confidential, Confidential Company, Confidential Corp, Confidential / Confidential of MI.
• Audits included verifying business and financial activities through SAP reports, and other financial and HR applications like Peoplesoft, Oracle, etc.
• Managed technical teams in many advanced projects such as: Identity and Access Management, Network Security, Security Controls, Governance, Audit, Capacity Planning, Metrics, Methodology, Automation.
• Analyse and recommend the best strengthening techniques and strategies based on the latest cybersecurity theories, tools and findindings.
• Selected, Recommended and Implemented Various Security Tools and Measures (Firewalls, Virus Protection, Encryption, Intruder Detection, VPN, Backup strategies..)
• Specified, Selected, and Recommended enterprise-wide Hardware and Software

TECHNICAL SKILLS:

Programming Languages: R, Java, C++, HTML, Visual Basic, JavaScript, Jscript, Vbscript, XML, etc.

PROFESSIONAL EXPERIENCE:

Lead Risk/GRC Management and Audit

Progress, Canton, MI

Responsibilities:

• Conduct thorough due diligence reviews on external service providers and internal operations. Identify and assess various inernal and external risks. Design appropriate controls. Monitor and assess controls efficiency. Serve a Sarbanes Oxley (SOX) and HIPAA Compliance specialist. Evaluate Identity and Access Management protocols and procedures. Design, and document policies and procedures. Assess third parties and vendors access and risks. Conduct Risk-Based Audit for customers. Perform mitigation and remediation against various risks. Evaluate operations to identift Segragation of Duties violations. Perform other duties as assigned.

Audit and Compliance Manager

Confidential, Detroit, MI

Responsibilities:

• Managed a team of professionals to conduct internal audits and support external audits. Conduct Risk Assessment and Analysis, GRC, Process Improvement and Quality. Audits conducted: Separation of Duty, Least Priviledged, Need to know, Change control, 120 day non use, etc. Mainframe, Unix and Active Directory environments. Supported: SSAE16, NIAC/MAR, SOC2, and various clients’ audits.
• Evaluate IAM technolohgies, processes and logs. Conduct Risk Assessment, Gap Analysis, Vulnerability and threats monitoring and assessment. Reviewed policies, procedures and recommended changes when needed. Recommend, Plan and Manage the implementation of corrective measures including tools, procedures and audit processes. Create management presentations and user documentations.

Tools: /Technologies: Splunk, QRadar, Qualys, IBM ISIM, ActiveDirectory, LDAP, CyberArk, HITRUST, ISO270001, NIST, ACF2

Information Security Manager

Confidential, Dearborn, MI

Responsibilities:

• Managed diversed teams to work on customer assignments to Audit their internal networks, to make sure they are S-OX and HIPPA compliants. Assess threats, risks, logical and technical controls and vulnerabilities from emerging security issues. Draft enterprise security standards and guidelines for system configuration. Managed process and acted in the lead role for computer security incident response team. Perform and create procedures for system security audits, security controls, penetration-tests, and vulnerability assessments. Develop scripts to maintain and backup key security systems.
• Assist Clients in identifying and managing information technology risks, devise and recommend controls and governance measures
• Assess IT and security environments for several small and medium businesses. Review technical specifications and perform a third party audits (S-OX and HIPPA compliance Audits). Review, evaluate and re-write security policies. Appropriate Technology, Automation and Business tools evaluation and recommendation.
• Develop Technical Documentations and User Manuals pertaining to security and technical applications.
• Work with healthcare, acconting, financial, and retail clients to ensure secure computing and processing environments with necessary security controls, and the correct application od separation of duties. Some of my projects were 6 months to 2 years long, and some are ongoing of support and SLA nature. Worked with clients to collect control testing and threshold level requirements. Worked with clients to determine risks and document mitigation processes and control variables. Coordinated with business customer, management and vendor various aspects of control and security management.

Lead Systems Engineer

Confidential, Dearborn, MI

Responsibilities:

• Provide web portal engineering and support Using Plumtree, MS CMS and the different Microsoft applications and tools. Have played an important role in the Launch of Dealer Communication Portal, worldwide web portal to support the various Ford dealer Communities all over the world. Continue to support this environment on a 24/7 basis. Also support Confidential Company eportal, my.ford.com, another complex portal built with Plumtree and the various Microsoft technologies.
• Lead Security Engineer: Perform security audit functions on numerous servers to make sure they are in compliance with company security policy, specifically Sarbanes-Oxley's compliance.. Develop processes that enhance operations Security and Quality. Gather security requirements and provide guidance to comply with Corporate Security policies. Provide High level risk assessments, documentation of gaps, and mitigation controls. Disaster Recovery Plans. Scripting and automation of Support and Security functions.

Sr. Systems Engineer

Confidential, El Segundo, CA

Responsibilities:

• Team Leading of various advanced technical projects. Data Security, Disaster Recovery, Development of testing and QA criteria and Methodologies. Testing and Monitoring of Web and Network security using Webtrend’s Security Analyzer, AG Group’s Protocol Analyzer, Norton Internet Security and other Products pertaining to Data Security and Disaster Recovery (ex: Backup Product: Arcserve, Virus: McAfee NetShield, and VirusScan, Norton, Intel.., Firewall: Checkpoint ‘s Firewall-1, VPN: Alcatel, Intel. Web Sites Infrastructure Engineering and Support. Duties also include the Administration of Information
• Management Laboratory and LANs: Testing of new packages, Technical Recommendation of new technologies and software, Integrating new packages with existing. Managing Lab’s LAN/WAN resources, Daily activities, Daily operations of File, Database (Oracle, SQL) Servers, Web (IIS) Servers, Daily backups (Arcserve), Analyzing traffic to our Web Sites (Web Trend). Also Support and Integration of Web Portals (Plumtree, Viador). Other Packages/Software used: Oracle, MS SQL, Web Trend, ArcserveIT, MS Frontpage, MS InterDev, Viador, Plumtree, JDK, Javascript, ASP, Visio, Flash…

Chief Network Engineer

Confidential

Responsibilities:

• Lead a team of engineers in the Design, Implementation and Support of Client/Server, LANs/WANs environments. Provide complete computing solutions for our clients. Led several projects that involved the Design and Implementation of Security in existing and new Networks (Testing and Recommendation of various Security Products such as Firewalls, Security Analyzers, VPNs, Virus Protection,..) DataBase Design and support. Data Modeling. Projects included Financial Planning, Change Management, Disaster Recovery, Test Scripts, Configuration Management.

Advanced System Administrator

Confidential, El Segundo, CA

Responsibilities:

• Provided on-site support for Confidential /Information Management and other departments. Supported Client/Server-based Applications and Databases, provided technical consultation on diverse computational and automation needs. Developed and Defined Security Requirements and Policies for the different Customer Bases. Developed and Maintained different Configuration Templates. Daily Network Administration, Security and Performance Monitoring, Capacity Planning,…Managed Configuration Changes…

Sr. Network Technical Specialist

Confidential, Torrance, CA

Responsibilities:

• Duties included: LANs/WANs Design and Administration. Data Security. File Server/Database Server Setup and Configuration. Hardware/Software Testing, Design, Installation and Configuration. Project Leader functions. Process Conversion/Automation. Risk Management, QA, Disaster Recovery, Metrics…. Selected, Recommended, installed and supported various Security Monitoring, and Virus Protection Products. Users Support and HelpDesk Point of Escalation role and more…