Director Of Enterprise Information Security Resume
5.00/5 (Submit Your Rating)
SUMMARY:
- Confidential has more than 20 years of experience in information technology and information security. He has intimate knowledge and expertise in various IT areas, such as network & infrastructure, ERP, and cybersecurity.
- He has worked with multiple Fortune 500 companies, such as Confidential, Confidential, Confidential etc., in a number of countries and regions, like USA, China, United Kingdom, and Caribbean.
- Experience of establishing both information security and product security frameworks at a global company and obtaining ISO27001 certification.
- 15 years of experience in ERP SAP Logistics, BI/Business Objects, including business process design, system configuration, data extraction, reporting and so on.
- 10 years of progressively responsible experience in information security & risk management, with expertise in security control design, risk assessment, data leak prevention, application/product security, security awareness program etc.
- Michael has an active CISM certification issued by Confidential . He also was a certified PMP. He is familiar with SANS Top 20 Controls, ISO27001/2, NIST 800 - 53, PCI DSS, ITIL standards and frameworks.
SKILLS:
- Certified Information Security Manager by Confidential
- PMP - Project Management Professional
- C, C#, Python, configuration of PA firewall, BC web proxy, F5 VPN gateway, SAP SD/MM, SAP Business Objects
WORK EXPERIENCE:
Confidential
Director of Enterprise Information Security
Responsibilities:
- Responsible for 1) company information and product security strategy development and execution; 2) security policies and procedures creation and maintenance; 3) enterprise-wide security risk assessment and management; 4) security solution design and delivery; 5) security incident response and handling; 6) security awareness and engagement programs; 7) security compliance programs (e.g. ISO27001). Major achievements include:
- Established ISO27001 framework and successfully obtained .
- Established company-wide information security risk management program. Used a quantitative approach to identify and measure security risks. Established risk driven information security governance and investment processes.
- Established security incident response process and built up Security Operations Center (SOC), including threat monitoring, device log review, incident analysis, and investigation.
- Created and implemented Confidential data classification framework.
- Instrumental in employee centric information security awareness program. Devised cybersecurity threat communication mechanism, including information security KPIs, monthly threat dashboard, 2-minutes reader. Launched employee engagement program, including Data Breach Bounty program, phishing test, human Pen test.
- Following OWASP and other industrial best practices, established secure development life cycle for both IT and product development. Implemented static and dynamic vulnerability check for applications. Established freeware and COTS software management process.
- Developed security compliance programs to meet regulatory, customer, and partner’s information security requirements. Successfully passed external audits from the ISO certification body DNV, customer or partner like Confidential, Confidential, Confidential .
- Responsible for IT strategy, roadmap, and program management. In addition, responsible for IT security strategy, controls, and compliance. Major achievements included:
- Implemented Oracle ERP, PTC Windchill PLM, and other major enterprise business applications.
- Established data center, global network, and other major IT infrastructure.
- By applying the 5 basic architectural approaches of “Defense-In-Depth” (Uniform protection, Protected enclaves, Threat vector analysis, Information centricity, and Role-based access control), architected IT security controls, including layered and segmented network, administrative account management, information asset management, vulnerability management, Data Loss Prevention(DLP) processes, Splunk SIEMS monitoring.
Confidential
Senior IS Manager
Responsibilities:
- Responsible for architecting IT strategy, planning IT activities, and managing programs. Major achievements included,
- Designed and implemented solutions to be in compliance with SOX regulatory requirements, such as GRC, 10k commitment disclosure.
- Designed and implemented reliability improvement solution to monitor compressors, pumps, and electrical motors and to reduce their unplanned downtime, using SAP, Historian systems, and big data analytics technologies.
- Responsible for collaborating between IT and business, integrating business processes and technologies, and managing large IT projects. Major achievements included,
- Designed and implemented Spend Analysis Dash Board solution to use SAP BW and Business Objects to visualize contract usage, classify spend for upper management and Sourcing to better manage spend.
- Designed Contract Management Enterprise Solution
- Responsible for designing ERP solutions and managing projects. Major achievements included,
- Implemented ERP/SAP system at its 15 refineries and corporate.
Confidential
Senior SAP SD/MM Consultant
Responsibilities:
- Implemented ERP/SAP system at Confidential, San Antonio City Public Services.
- Responsible for business process analysis, logistics solution design & implementation.
Confidential
IT Manager
Responsibilities:
- Implemented ERP/SAP system.
- Designed and implemented company network. Set up and managed servers. Established and managed perimeter network security.
