SUMMARY:

• Risk and Cyber security consultant skilled at information system and security management, and experienced in client and technical support management, worked in various IT and security capacities that include but not limited to IT security & operations network management. My security experiences include: IT security operations, IT risk management, 3rd party vendor security, compliance management & IT disaster recovery.
• GRC / IT & Risk Management / Regulatory & Compliance Management
• Penetration Testing / Port Scanning / Vulnerability scanning
• Infrastructure Architect / Active Directory / SecDevOps

PROFESSIONAL EXPERIENCE:

Confidential

Infrastructure Security Consultant

• Support client Client’s ISSO and CISO with compliance planning, policies, standards and process development, regulatory and internal compliance monitoring and documentation.
• Review and update Technical Implementation plan (TIP) documentation of several technical processes and communication template.
• Supports Client’s Information Security Program and assessment activities utilizing the NIST framework.
• Analyze the current vulnerability state of the infrastructure using multiple tools and ensure necessary controls are in place, identifying IT risks and provide recommendations to mitigate the risks and maintain compliance.
• Performed security tests and reviews on database, network, infrastructure and web applications to determine vulnerabilities, and recommending safeguards to mitigate risk and to ensure applications and servers are operating in accordance with established baseline/standards.
• Identified and evaluated complex business and technology risks, and worked on internal controls which mitigate risks, and related opportunities.
• Designed and implement vulnerability management process and procedures.
• Design and implemented patch management process and procedures.
• Identified control deficiencies and documented the cause, criteria, effect, and any compensating controls that mitigate potential findings and recommendations in Corrective Action Plans (CAP).
• Ensured assessment reports are supported by evidence obtained during audit, and are transparent, balanced and professionally communicated.

Confidential, Perris, California

IT Security Consultant

• Worked in the security team responsible for Security Monitoring, security incidence escalation in Security Operations Center environment (SOC).
• Participates in investigating security events, threats and vulnerabilities identification and involved in remediation efforts.
• As part of the Security group, plan and drive the implementation of the technology and its capabilities. Responsible for the architecture of the technology.
• Work with the key stakeholders to develop patch management and software release management plans to keep the Client’s network for data and voice services up to date
• Performed security audits on windows servers, implement patch management and managing users and share permissions.
• Responsible for daily security issues and monitoring user access issues and assigning additional roles to the existing users.
• Analyze network security requirements that are under the responsibility and develop policies, standards, and procedures used to deliver those services that are consistent with the Client standards and policies
• Work with the Client’s security team to review the proposed vision and roadmap for IT Security and provides input to the impact it will have on the network security.
• Deploy tools to be able to monitor the Client’s infrastructure to have the necessary data to meet the security requirements.

Confidential, San Diego, California

Security Consultant

• Worked with clients to understand business requirements and performed SOD assessment and provided suggestions for SOD conflicts mitigation.
• Performed Access Control/User administration such as Creating, modifying, locking/unlocking, deleting and password resetting based on request.
• Worked with project team to audit ERP environment to comply with Sarbanes - Oxley standards. Developed processes to quarterly check on Segregation of Duties (SOD) reduction.
• Actively involved in efforts to design and execute mitigating controls to uncover potential fraud and support SAP GRC SOX compliance strategy.
• Provide support in the production environment to end users; functional and technical users.

Confidential, Riverside, California

System Analyst III

• Provide production support to end users; functional and technical users.
• Tracked and monitored incoming user complaints by using Remedy, resulting in 95% resolution rate. Interfaced with customers to resolve user Access issues.
• Resolved network problems within the Library facility, performed Desktop troubleshooting and domain account management.
• Analysis and maintenance of system logs, firewall logs, intrusion detection logs and network traffic.
• Involved in System monitoring activities and security support for servers and workstations.

Confidential

Network Specialist

• Project managed the deployment of WAN ADSL rollout package using Cisco ADSL routers for 13 locations.
• Lead the Project for the implementation of an advance IT Network infrastructure for one of the company’s major clients.
• Design network solutions suitable for small and medium scale businesses.

Confidential

Network Support Specialist

• Design the architecture of enterprise network solutions for company.
• Developed and delivered IT infrastructure and enterprise multi-platform solution based on business requirements.
• Ensure the continuous business operations through contingency planning and implementation and integrity through security administration.
• Provide management support for the 24 x 7 shop.

Confidential

Network/System Support

• Provide technical support to end users; functional and technical users.
• Provide technical support to desktop customers remotely, Setup and maintain servers, desktops, backups, networks, and off the shelf software.
• Create, support tickets. Escalate situations requiring urgent attention.