SUMMARY:

Experienced IT Security Leader rooted in the three tenants of information security: Confidentiality, Integrity, and Availability. Experienced and comfortable in both the business and technical arenas, and has liaised between both when needed. Well versed in both technical and administrative controls and has audited, written, and administered policy, standards, and controls. Has experience in a variety of IT organizations and cultures and is able to adapt well in order to achieve success.

PROFESSIONAL EXPERIENCE:

Cyber Security Engineer

Confidential, Dearborn, MI

Responsibilities:

• Provides vision, expertise, and guidance for security and controls concerns during the planning, design, implementation, maintenance, administration, and on - going support of applications and infrastructure.
• Develops and maintains security and controls policies, processes, and procedures, in accordance with corporate policies and directives
• Promotes security and controls awareness throughout the enterprise
• Assesses, integrates, and optimizes security and controls architecture
• Evaluates the state of security and controls within the enterprise
• Performs risk assessments of infrastructure and applications based on threats and vulnerabilities
• Responds to threats and incidents, including the development and implementation of solutions to mitigate and/or eliminate risks
• Provides consultation and strategy on security and controls both within the enterprise and with Confidential business partners
• Evaluates and recommends direction and decisions regarding vendor purchased products and services and in-house
• Developed tools from a security standpoint

Lead Security Consultant

Confidential

Responsibilities:

• Led the development and communication of policies, standards, and controls aligned with compliance requirements
• Researched regulations by reviewing regulatory bulletins and other sources of information and leads communication and awareness of new regulatory requirements
• Led and created regulatory compliance activities for the enterprise
• Led in the development policies and standards
• Led the validation, testing, and implementation of controls
• Led the auditing of policies, standards, and controls for regulatory compliance
• Acted as compliance liaison to Information Technology and other compliance groups within the enterprise
• Responsible for researching and communicating legal, industry framework, and regulatory compliance requirements

Lead Risk Analyst

Confidential, Auburn Hills, MI

Responsibilities:

• Led management and oversight of regulatory and audit inquiries including control issues
• Led the coordination and preparation of audit and exam responses including milestone submissions
• Ensured key regulatory timelines and required documents were tested, performed assurance monitoring
• Ensured audit findings are reported to management of affected areas including the SOX processes and the Information Technology Risk Assurances Service IT RAS Scorecard
• Led the implementation of the COBIT 5 framework
• Developed and implemented new compliance programs to address regulatory changes
• Reviewed Business Continuity Plans and assisted in their design
• Developed processes and procedures - including new Assurance Monitoring documentation
• Worked to define standards and guidelines for the Risk Assurance Team
• Analyzed current procedures and making recommendations on control design
• Project Managed and participated in medium and large sized projects related to risk and compliance
• Worked collaboratively with business units and others on the implementation of new processes

Lead IT Security Analyst

Confidential, Greenville, NC

Responsibilities:

• Leveraged technical knowledge of auditing and mitigating risk related issues for servers, databases, workstations, and Veteran Administration baseline compliance for assets and software products
• Applied current knowledge of IT trends and systems processes to identify risk management issues; collaborated with infrastructure team to plan engagement strategy and address technology-related risks
• Managed agency-level IT Security Assessment and procedures that supports the implementation of National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 controls
• Audited baseline security controls to prepare change requests for submission to the VA Configuration Management and Microsoft Security Patch Change Orders via the use of Allegiance Risk Vision governance risk and compliance Confidential Tool
• Researched and disseminates information about the components of an information system and identifies remediation activities to address security vulnerabilities for Confidential and Confidential reporting
• Directed security assessments of operating systems, applications, databases and network infrastructure components; and classifies vulnerabilities for performing trend analysis, audit remediation, and reporting
• Utilized Risk Vision Confidential tools and VA OIG standards for agency-level comprehensive security assessment program, focusing towards continuous monitoring as prescribed in NIST 800-37 and 800-137
• Analyzed current processes and internal controls; prepares systems documentation; performs test cases of information systems and security controls, and documents the results of controls testing

IT Compliance Analyst

Confidential, Van Buren Township, MI

Responsibilities:

• Led the development of the Global Services information security plan that protected the confidentiality, integrity and availability of data and servers
• Served as a Liaison with the Capital Confidential Governance team to ensure that all new security requirements are incorporated into Global Services appropriately
• Maintained the applications inventory and comparison of application status against security policy
• Developed and delivered appropriate information to both internal application teams and to Internal\External Auditors upon request
• Regularly tracked, reviewed, investigated, reported on and remediated various internal system events which may have indicated compliance gaps
• Performed quarterly reviews of over 80 applications for IT security policy compliance
• Led monthly, quarterly, and annual audits of applications for security controls
• Led application owners on how to mitigate gaps discovered during quarterly reviews. Reported these findings to senior management
• Led effort to verify and validate that security controls were in place, documented, and being followed
• Wrote procedural documentation in accordance with security controls
• Developed and wrote security and compliance controls
• Served as an SME for access controls and Highly Privileged Access Reviews and controls
• Led efforts to pinpoint and eliminate over 200 security and compliance vulnerabilities during tenure with the organization

Test Manager

Confidential, Auburn Hills, MI

Responsibilities:

• Managed a team of 3 test analysts to help develop a highly customized version of a .NET application for Confidential, Inc. that will be utilized by the Mortgage Warehouse division
• Worked with end users to gather requirements and help to install configuration changes to the system
• Managed defect logs, gathered testing metrics and prepared reports for senior management
• Worked with integration teams to test and verify application performance to five different interfaces including mainframes (Hogan), access databases, AFS, MoneyNet, FED wire system and UPS automated shipping systems
• Supervised the development of use cases and test scripts
• Worked with the vendor ( Confidential ) to manage defects and issues with the software and the local environment
• Responsible for making sure the application adhered to all applicable compliance laws and banking regulations

IT Project Manager

Confidential, Auburn Hills, MI

Responsibilities:

• Responsible for working with the security and risk team to make sure systems were developed and implemented according to the security policy
• Successfully wrote procedures for developing systems within the STZ (secure transaction environment) environment
• Collaborated very closely with the Technical Project Manager, Tech leads, Analysts, to implement the Project Plan
• Responsible for maintaining and updating the Project Plan including; budget, duration, resource allocation and vendor related activities affecting the Plan
• Served as a liaison between stakeholders to ensure effective communication and coordinated efforts, resolution of issues and concerns, including conceptualizing alternative, creative solutions to keep the Project on track
• Responsible for creating and maintaining business process documentation, also, analyzing business process to identify bottlenecks, and to offer suggestions/solutions towards business process improvement
• Worked within Waterfall methodology and adhering to best practices based on ITIL, SANS, and PMBOK

IT Asset Manager/Systems Analyst

Confidential, Pontiac, MI

Responsibilities:

• Led a major migration project migrating accounts from legacy IT asset management systems to modernized, automated systems
• Worked closely with Project Managers to create and update Project Plan during design, implementation, and build phases
• Led clients on how to perform data analysis, mitigated data issues during the transformation process
• Provided consulting on business process improvement based on ITIL methodology
• Led efforts of software compliance issues and helps close gaps
• Led lines of business and IT organizations and help them understand requirements and develop effective, high-quality solutions
• Served as a liaison between client and developers to help match requirements and stay within scope

Information Technology Specialist

Confidential, Birmingham, MI

Responsibilities:

• Project Manager of special projects including software testing, asset management, and Business process
• Provided technical support and technological solutions to help support and drive business initiatives.
• Instrumental in establishing the internal business and resource infrastructure development, implementation and operations
• Built and configured PCs and Confidential ; also supported both hardware and software related issues
• Decreased user complaints and dramatically reduced post-implementation support; achieving trading partners’ functional expectations by 100%
• Implemented project tracking tools; successfully communicated status of each project to company executives and key operations personal, ensuring projects were completed
• Wrote training and implementation protocols for systems migration and upgraded processes for both hardware and software projects
• Helped define user requirements to facilitate investment decisions regarding information technology