PROFESSIONAL SUMMARY:

Accomplished CISSP certified IT professional with extensive experience leading Information Security operations, Internal IT Auditing, Risk Management, Public Infrastructure (PKI) and Standards Alignment. Ensure compliance with frameworks such as COBIT, ISO/IEC 20000, ISO 22301 and ISO/IEC 27001. Demonstrate profound knowledge in IT Service Assurance, IT Controls, Project Management, Intrusion Detections Systems, Firewalls/Anti - virus and Risk/Vulnerability Assessments. Guide, implement, enforce, facilitate, and coordinate IT security, operations, and governance activities across departments while participating in other areas such as Disaster Recovery, Business Continuity. Communicate Effectively in Both English and Spanish.

TECHNICAL SKILLS:

Risk Management: Operational Risk Management (Information Security, IT Risk, and Continuity of Operations).

Compliance, IT Controls and Audits: Health Insurance Portability and Accountability Act (HIPAA/HITECH), Sarbanes - Oxley Act (SOX), IT Controls (COBIT), Statement on Standards for Attestation Engagements (SSAE) No. 16, Department of Justice Network Security Agreement (NSA), Customer proprietary network information (CPNI), Fair and Accurate Credit Transactions Act (FACTA) 2003, Federal Financial Institutions Examination Council (FFIEC) IT Examination, Gramm - Leach - Bliley Act (GLBA).

Standards and Frameworks: ISO/IEC 20000 Service management, ISO 22301 Business continuity management systems, ISO/IEC 27K Series, CERT Resilience Management Model, NIST SP 800 Series, ITIL IT Service Management, Payment Card Industry (PCI) Data Security Standard.

IT and Security Technology: Data Loss Prevention, Identity & Access Management, Enterprise Single Sign On, Network Access Control, Secure FTP, Secure Email, Email Archiving, Security Information and Evaluation Management (SIEM), Vulnerability Management, Firewalls, IDS/IPS, UTM, Endpoint Protection, Virtual Server Protection, VOIP & Networking Systems, DDoS, WAF.

PROFESSIONAL EXPERIENCE:

Confidential, San Juan, PR

Managing Director / Sr. IT and Information Risk Consultant

Responsibilities:

• Plan, design and evaluate technology and infrastructure security providing security consulting services regarding Governance and Management Consulting for the Financial Services and Technology Sectors as well as Government and Education to set oversight functions.
• Develop comprehensive information security strategies on Cyber Security to determine current Cyber Security posture, determine target state and identify and prioritize opportunities for improvement within the context of a continuous and repeatable process.
• Information security and privacy assessments and control implementations.
• Assess progress toward the target state communicating among internal and external stakeholders regarding Cyber Security risk.
• Ensure maturity and convergence of all components of operational resilience and risk management, Information Security, IT Services and Business Continuity.
• Align Information Technology, Processes, People and Facilities within a capacity and maturity frameworks that can maximize investments such as CERT-SEI, IVI, and NIST C2M2.
• Consulting services provided to local consulting and implementation firms such RSM, Benchmark Technologies, JDW Tech and Luis Torrens & Asociados for customer engagements.

Confidential, San Juan, PR

Risk and Security Manager

Responsibilities:

• Executed duties as Chairman of the Confidential Operational Risk Committee (EORCO) occupying governance role over the risk framework while managing a team of three Risk Analyst and one Manager.
• Enforced and updated Corporate PKI infrastructure, including patches, version upgrades, application changes, log management, and security assessment systems.
• Ensure governance activities including the development and maintenance of Information Security Policies and Standards framework, Regulatory & Standards Adherence such as ISO, NIST, PCI, SOX, COBIT, FFIEC, GLBA, SSAE No. 16, SOC 1 and SOC 2.
• Implemented Operational Risk Frameworks such as ISO/IEC 27001, ISO/IEC 20000 and ISO 22301 for Cyber Risk, IT Risk and Information Risk while complying with International Organization for Standardization (ISO) and National Institute of Standards Technology (NIST) regulations and standards.
• Deployed and administered IT Security measures with Network Access Control (NAC), Distributed Denial of Service Attack (DDoS) monitoring, Web Application Firewall (WAF), Security Information and Event Management (SIEM) and Data Loss Prevention (DLP).
• Developed Strategic Security Plan and conducted Compliance Assurance, Security Awareness and Monitoring, and Incident handling.
• Conducted access control protocols such as Role-Based Access Control (RBAC), Identity Management, Privileged Identity Management, Endpoint Encryption, Cyber Intelligence, Vulnerability Scanners, Secure Remote Support Solutions, Business Intelligence and Analytics, Advanced Persistent Threat Protection.
• Installed and configured Fortinet Web Application Firewall (WAF) for protection of on web programming flaws, Globalsuite SaaS SGSI for documenting and maintaining the Information Security Risk Assessment and Risk Remediation plans.

Confidential, Guaynabo, PR

Information Security Manager

Responsibilities:

• Administered and improved Public Key Infrastructure (PKI) to create, manage and revoke digital certification and manage public-key encryption.
• Managed Main Office while participating in Internal Audits as a single point of contact to assist in evidence collection, control reviews and coordination mainly on SOX controls and reporting.
• Developed Strategic Security Plan while in charge of Security Awareness Monitoring handling Telecomm fraud management as well as Identity, roaming, internal and International Revenue Share frauds, PBX hacking, SIM boxing and data security.
• Led efforts regarding asset protection, control system access, network security architecture, network access and monitoring policies, employee education and awareness, design, implementation and administration of the information security program.
• Administered the IT Controls office which included IT Operations, Applications and Information Security controls assessments in addition to supervising team of three (3) personnel.
• Handled COBIT framework to identify and assess IT general controls.
• Designed, evaluated, deployed and monitored NAC, SIEM, RBAC, Identity Management, Privileged Identity Management and Fraud Management Systems and Vulnerability Scanners while providing Secure Remote Support Solutions.
• Configured Fortinet and Checkpoint Firewalls while in charge of Unified Threat Management (UTM) and Intrusion Prevention System (IPS), Virtual Server Protection, Secure FTP Gateways, IP Address Management (IPAM), Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP) Solutions, Vulnerability Management tools and Entity Analytics Solutions.
• Applied IBM Privileged Identity Management, Bomgar Remote Support Solutions for Helpdesk, Fortinet and Checkpoint Firewalls, McAfee IPS and McAfee Foundstone vulnerability management.
• Provided Role Based Access Control, Axway Secure Transport for external file transfers, cVidya Fraud View and Roam ware SIM Box detector for Fraud Management.

Confidential, San Juan, PR

IT Security Manager

Responsibilities:

• Oversaw and optimized Public Key Infrastructure (PKI) facilitating secure electronic transfer of information across all networks in compliance with HIPAA, SOX and CMS regulations.
• Managed Information Security Office (ISO) directing the staff in the identification, development implementation of IT security protocols and processes.
• Established appropriate standards and controls and executed Governance role in the establishment and implementation of Information Security policies framework and program that used ISO and NIST standards aligned to HIPAA Security Rule and regulations.
• Supervised the communications and network design and operations while establishing and monitoring the framework (based on BS PAS 56 that evolved into BS 25999), conducting the Business Impact Analysis (BIA’s), Business plans application administration and validation/testing according to the strategies defined regarding business’s needs.
• Managed the Information Security Office (ISO) participating in Internal Audit procedures and directing staff in the identification, development, implementation and maintenance processes across the organization to reduce information and information technology (IT) risks.
• Evaluated and ensured IT security by implementing Email encryption, RBAC, Vulnerability Scanners, Firewall and UTM, IPS, Secure FTP Gateways, DNS Solutions.
• Deployed Living Disaster Recovery Planning System (LDRPS) for contingency plans, Axway Secure Transport to ensure security for external file transfers, AVAYA VOIP System, Rapid7 Nexpose Vulnerability Management, Checkpoint Firewalls, and ISS Proventia IDS.