SUMMARY:

• RSA Archer Developer, Information Security and GRC professional with extensive experience delivering enterprise security programs and projects.
• Background include hands - on RSA Archer development, as well as managing a wide range of governance, risk and compliance (GRC) programs, driving high-priority audit and regulatory issues to resolution, and ensuring line of business application and infrastructure compliance with information security policies.

SKILLS AND SPECIALTIES:

• RSA Archer development and configuration, including on-demand applications, data feeds, custom calculations, data-driven events, notifications, questionnaires, workflow, data fields and cross-s
• Strong leadership skills, excellent oral and written communications, effective relationships with customers and all levels of management, as well as solid program and project management skills.

PROFESSIONAL EXPERIENCE:

Confidential

Senior RSA Archer Administrator/Developer

Responsibilities:

• Senior RSA Archer Systems Administrator/Developer for Secureworks eGRC Archer implementation in the production environment as well as all lower environments.
• Responsible for all elevations, platform upgrades, access control, DR failover testing, search index rebuilds, and management of all instances via Archer Control Panel.
• Provide overall mentoring, guidance and support for development of new functionality and enhancements to current applications, both out-of-the-box and on-demand.
• Manage campaigns for assessments and questionaires such as for SOX 302 and Business Process Owner attestations.
• Supporting a community of 2,600 users.

Confidential, Bellevue, WA

Senior RSA Archer Developer and Archer System Administrator

Responsibilities:

• Senior RSA Archer developer and Archer platform system administrator for a highly-regulated Northwest energy provider.
• Hands-on duties include management of access control, including LDAP, in development, test and production environments, as well as development and scheduling of all data feeds, including Archer to Archer data feeds.
• Also take on the most challenging and complex development tasks in the project with respect to fields, layouts, data-driven events and calculations.
• In addition, responsibilities include representing Confidential in directing an inexperienced vendor team contracted to design and configure Risk Management and Compliance solutions.
• These tasks include reviewing and approving all architecture and design documents and artifacts, assigning tasks to developers, and reviewing the work product to ensure that all implementation conforms to Archer best practices and that Confidential will be successful in supporting the solutions without requiring continuing vendor support.
• Also control all elevations to higher environments, as well as change management for production elevations.

Confidential, Valley Forge, PA

Senior RSA Archer Developer

Responsibilities:

• Senior Archer Developer at a large investment and financial services firm.
• Responsibilities include design, development, and deployment of enhancements to Confidential ’s RSA eGRC Archer platform across a full range of solutions and applications, including Risk Management, Policy Management, and Compliance.
• Recently completed transition from Archer version 5.5 to version 6.1.
• Significant focus on data feeds, data driven events, custom calculations, layouts, notifications, workspaces, iViews and dashboards for both core and on-demand applications (ODAs).

Confidential, Issaquah, WA

Senior RSA Archer Developer

Responsibilities:

• Responsible for designing, developing, testing and deploying RSA Archer functionality across the enterprise. Primary responsibility is design, development, testing and deployment of an effective RSA Archer Audit Management solution for Confidential ’s Internal Audit Team, for leveraging during their FY2016 audit season.
• Also supporting PCI Compliance effort around the request, collection, review and approval of evidence as required to deliver final Report of Compliance (ROC).
• Collaborated with the Risk Management team to develop custom Archer functionality to align with existing processes while helping to drive the overall Archer strategy at Confidential .
• Access Control
• Custom Layouts
• Calculated Fields
• Data-driven Events
• Notifications
• Workflow
• Reports iViews, Dashboards, Workspaces

Confidential

Technical Delivery Manager

Responsibilities:

• Technical Delivery Manager responsible for supporting the deployment of Protegrity Data Security solution to end-users of the BI environment at Confidential .
• Tasks included development of project plans and schedule, analysis of user base and usage patterns, requirements gathering and documentation, business use cases, test plans, deployment plans and long-term support strategy.
• Worked closely with the Hadoop platform team, business groups, Corporate Information Security and others across the Confidential enterprise to design and implement a secure and effective solution.

Confidential, Bellevue, WA

Technical Delivery Manager

Responsibilities:

• Delivering programs and projects across a variety of security initiatives and enterprise-wide solutions, including:
• Deployment of the RSA Archer version 5.x platform for Confidential governance, risk and compliance organizations, including configuration of out of the box and on-demand applications for Enterprise, Policy, Risk, and Compliance Management solutions.
• Establishment of a governance structure for cloud technologies, ensuring that appropriate security, privacy and legal controls are in place for all projects leveraging cloud platforms and services
• Delivering secure technologies for protection of corporate data on personally-liable devices
• Deployment of remote trigger black hole filtering solution to reduce the risk and potential impact of security incidents, including distributed denial of service attacks (DDoS)
• Integration of information security programs and technologies associated with the Confidential merger
• Member of the Microsoft IT Information Security and Risk Management organization for over eight years, performing a variety of roles, with increasing levels of responsibility and scope, both as an individual contributor and people manager:

Senior Information Security Manager

Confidential

Responsibilities:

• Lead the risk management team in creation of new risk treatment processes based on the ISO 27001 and 30010 frameworks, including processes for creation of risk treatment plans, risk acknowledgement, and policy exceptions
• Collaboration across GRC and ISRM teams, together with outside consultants, to specify requirements, design and deploy the RSA Archer GRC platform for management of risk treatment, risk acknowledgement, and compliance with information security policy.
• Support the creation and adoption of a streamlined risk assessment process (SRA) to provide quick-turnaround, high- volume high-level risk rating as first step in the management, mitigation, remediation or acceptance of risk

Senior Manager

Confidential

Responsibilities:

• Reports to the General Manager, Information Security Compliance and Operations. Managed teams of principal program managers and engineers. The teams delivered programs that significantly reduced information security risk at Microsoft and ensure compliance with corporate policies and regulatory requirements.
• Programs included:
• Deployment of BitLocker Drive Encryption across the Microsoft managed environment to significantly reduce potential impact of lost and stolen devices
• Development of the Information Security Mobile Security Strategy for smartphones and other emerging form factors as consumer technologies become more prevalent in corporate environments
• Elimination of third-party remote access technologies in the Microsoft environment to reduce risk of data loss and ensure remote access only through approved technologies
• Deployment of enhanced security policy settings, including Extended Protection and GPO for screen saver lockout

Senior Information Security Program Manager

Confidential

Responsibilities:

• Senior Security Program Manager in the Microsoft IT Information Security organization delivering solutions across a variety of complex and high-priority information security subject areas. Significant s included: served as the Confidential Information Security representative and consultant during formation of new business
• Drove resolution of internal audit issues involving information security, reduced number of past due issues by 90%
• Managed vendor and v-teams teams in delivering the Confidential remediation tracking and prioritization tool, Business Group Security Scorecard, and security exceptions management processes analysis.
• Led cross-organizational v-team in setting security requirements, and security assessment of third-party hosting and delivery facilities in the United Kingdom, Germany and Poland to ensure compliance with Microsoft security policies.
• Conducted onsite workshops with senior management and staff at several customer locations to share Microsoft best practices for securing the enterprise.
• Delivered “How we do security at Microsoft” talks at regional customer gatherings, at the Executive Briefing Center, and TechNet with consistently high review scores.