Seeking an Information Security Management or Consultant position that allows me to build on my experience and skill set, grow as a professional and add significant value to the organization
SUMMARY OF QUALIFICATIONS:
- Over 15 years of experience includes expertise and focus in Information Security complementing an extensive background in software engineering and technologies
- Diversified Information Security experience in various lead and hands - on technical roles including architecture, security process development/roll-out and implementation of security solutions
- Experienced in leading the development of security processes and executing in highly regulated Financial and Telecommunication environments. Well-versed in industry best practices, standards and frameworks like ISO27001, NIST 800-30
- Driven to learn and research, take courses, obtain certifications to better support business needs and stay current on market trends like cloud technologies, agile development, DevOps, predictive analytics, mobile apps
- Consistently recognized by management for stepping up, taking charge and adding value and improvement on many occasions. Promoted to more senior roles. Nominated for & completed leadership development program.
- Solid presentation & communication skills, customer and executive facing experience, demonstrated leadership qualities. Strong analytical and human relation skills
- Thought leader, self-motivated, driven to accomplish goals and meet deadlines and a collaborative team player
Confidential, Chicago, IL
Information Security, GE CapitalResponsibilities:
- Provide technical security architecture expertise on about 500 GE Capital’s business applications and infrastructure supporting a $100B lending and leasing business serving middle-markets
- Significantly improved the IT application security posture by threat modeling high risk applications. Managed team of consultants (penetration testers) on the end-to-end effort and worked with application teams on fixes
- Lead engagements with various counterparts to develop, implement and simplify processes. Work closely with Enterprise Architecture team within the business, corporate and headquarter Security Architecture and Operations teams.
- Support application teams deliver cleaner, secure code when vulnerabilities would be identified in continuous security scans during application development from IBM AppScan, HP Fortify & WebInspect
- Drive various initiatives around securing IT infrastructure like 100% remediation/resolution of high risk findings on servers from Qualys scans and create & present metrics to SLT to demonstrate progress
- Simplified team’s risk assessment review process by eliminating steps improving cycle time by 38%
- Supervise offshore team. Interview and hire staff and interns onshore. Coach, mentor and manage team performance.
- Lead POC and evaluate security technologies like DB Activity Monitoring, Web app firewall, malware prevention software on endpoints. Compile recommendations for SLT based on research from Gartner/Forrester.
Confidential, Lake Forest, IL
Information Security & Risk
- Responsible for security architecture of the Unix/Linux server environment of the bank’s critical applications.
- Provided level-4 support on Solaris, AIX, SLES, Red Hat server environment (3000+ physical & virtual servers).
- Managed environment security and vulnerability remediation with various processes and tools like Qualys, BMC Control-SA, CA Access Control, HP Server Automation (HPSA), RSA enVision of server.
- Go-to person on the team for Python/Perl/Shell scripting and automation.
- Collaborated with other enterprise architects globally to review and maintain technology roadmaps and stacks.
- Analyze & remediate security findings and generate monthly metrics for SLT to highlight security KRIs.
- Managed and trained Unix/Linux security onshore and offshore Level 2 and Level 3 staff.
- Functional lead on identity and access management effort for high risk (SOX/Operational Risk) application and annually certify application user access and sensitive business transactions access.
Confidential, Schaumburg, IL
Security Analyst / Engineer
Information Protection ServicesResponsibilities:
- Developed a risk assessment process for the team using NIST SP 800-30 guidelines and Six-Sigma tools
- Drove risk mitigation practices by identifying, evaluating & deploying vulnerability management tools/software applications (Foundstone, AppDetective, Webinspect) to secure critical databases and servers.
- Engaged with IT teams to put in place technology and process controls around Oracle database and apps.
- Participated in review and development of corporate security policies and IT security standards.
- Interfaced with internal/external auditors/management to meet SOX and SAS-70 control objectives.
Finance IT ProjectsResponsibilities:
- Led awareness/training presentations and workshops to help users migrate to the use of secure tools like ssh, sftp. Installed and configured tools to enable encryption of PII data in automated processes/scripts. Enabled SSL on Finance IT web-based applications.
- Scripted & automated business process to parse/transform corporate financial data using Perl and set up and ETL (Extract, Transform, Load) framework and automation (cron/batch) on Unix/Windows sourcing from MS SQL and Hyperion Essbase Finance servers to support the financial planning/reporting.
- Led the development of BI Dashboards using Hyperion. Presented headcount and financial data for the CEO, executive team and HR. Managed projects from requirements to training including executive presentations
Network Management TeamResponsibilities:
- Designed, developed and supported software applications for the Radio Network used by several global customers like Verizon, Sprint. Customer facing experience during engagements at customer sites.
- Engineered software applications participating in all phases of SDLC from requirement definition to deployment.
- 24x7 Level-3 customer support experience performing root cause analysis, documenting solutions
- UNIX/Linux system administration & support for the complex lab development, test and QA servers
- Web development experience leveraging open source applications and databases