We provide IT Staff Augmentation Services!

Senior Security Consultant/engineer Resume

SUMMARY

Senior - level IT Security/GRC professional with an extensive background in building state of the art global IT security programs. Have strong background in driving what the organization needs to hear in IT security and risk. Well versed with PCI Compliance as well other IT Security mandates including NIST, SANS, DFARS and NSA standards. Also, GDPR, SAS Fraud Products and SQL server security roles.

EXPERTISE ARREA:

  • NIST Cybersecurity Framework
  • GRC Hands on projects
  • IT Security Operations
  • Security Architecture Design/Implementation
  • Create Corporate Security Programs
  • Technology Investigations
  • Physical Security Systems
  • Computer Forensics
  • Project Management
  • Management Leadership
  • ITIL hands on experience

EMPLOYMENT HISTORY:

Confidential

Senior Security Consultant/Engineer

Responsibilities:

  • Successfully planned and managed IS projects in compliance with regulation H, FFIEC,12CFR208.61, FISMA, NIST, CIS, Cybersecurity Framework, FFIEC Cybersecurity Assessment Tool, Bank Protection Act and Bank Security Procedures as well
  • Successfully documented and linked IT security policies and procedures to correct NIST Guidelines
  • Build, design and create new policies for PCI to upgrade to 3.1
  • Create, design and build NIST driven security policies and procedures for startup client
  • Build a WISP that allows the end client for Halock to roll out custom IT security in future.
  • Design a GRC function enabling the end client to migrate such functions to all of the business that the end client of Halock has bought in the past year.
  • Establish best-practice based security control mechanism throughout the data life cycle.
  • Security Policies & Incident Response Procedures.
  • Identify and classify sensitive data for GRC based on the inputs from business SMEs.
  • Establish classification criteria and security controls based on inputs from NIST, NSA, NCCIC, ISO, GLB, SOX, GAMP, IT Audit Testing’s as well other known industry best accepted and established formats. Design SLA’s and SOW’s
  • Review the current business processes and propose appropriate security controls.
  • Implement the short-term security controls using automation technologies to automate data maintenance and audit trails collection.
  • Identify systems and data to be migrated into a secured environment (identified by segmented servers and encrypted storage project) for long-term security controls.
  • Generate monitoring reports or dashboard to measure the progress and generate alerts on a regular basis.
  • Provide security training to the impacted business associates on data protection.
  • The current project scope includes the following data objects in DFARS, ITAR, EAR, and Financial/SOX data; User IDs, Business Data Records Systems.
  • Lead major project of OP-CO for major multi global 9 billion dollars holding firm.
  • The project was a major security breach into systems that shut down operations of the OP-CO.
  • Worked and lead the project with security vendors as well internal IT and senior management.

Confidential

Chief Security Officer

Responsibilities:

  • Create and maintain a pro-active IT Security strategic plan aligned to other IT services and True Value business needs. Provide high level expertise and consultative support for IT and the business around requirements definition, planning and development, risk mitigation, testing and monitoring. Coordinate with Internal Audit to ensure the timely fulfillment of audit requests and reviews.
  • Designed and conducted risk assessments throughout the IT environment, including evaluation of effective controls within the application, remote access, distributed system and network environments.
  • Assisting internal audit department in the development of appropriate criteria needed to assess the compliance of security standards by new and existing personnel, applications, IT infrastructure. Actively executed and monitoring remediation efforts of vulnerabilities and process deficiencies identified during vulnerability scanning, risk assessments and audit testing.
  • Serving as the enterprise focal point for computer security incident response planning, execution and awareness. Creating and providing ongoing specific business-wide security awareness plans and training.
  • Partner with Discover card to mitigate issues with the TV branded card as TV was responsible party for any financial issues and losses due to the nature of the contract with Discover TV card.
  • Developed and implemented and managed the overall enterprise policies and processes for technical and physical risk management and associated architecture working with various IT, facilities and business managers. Working in the ITIL process for change management.
  • Constantly assessing threats and vulnerabilities with security assets. Radware WAF-load balancers, QRADAR, Checkpoint, Snort and others.
  • Lead and maintain the information security policy exception process, including the initial evaluation of exception requests, assisting in defining appropriate mitigating controls. HIPPA, Loyalty Programs, PCI, E-commerce sites.
  • Lead internal IT and IT Security audits as well external with financial auditors in all audit aspects. Successful improvements after first round of audits. Also work within guidelines of SOX for best practices and to satisfy financial audits from external auditors.

Confidential

Senior Security Consultant/Engineer

Responsibilities:

  • Accountable on a global scale for state of the art technology solutions and innovative security management techniques to safeguard the organizations assets and correct security vulnerabilities with new and legacy IT systems. A few of the technologies working with but not limited to have been Cisco, Snort, Symantec, Cisco Pix Firewall as well other cutting-edge products.
  • Worked and led issues with our financial institutions as it related to GRC and fraud losses. BOFA and Wells Fargo. Initially no relationship within IT or IT Security. Worked smart and fast to turn the situation into a positive working relationship.
  • Responsible for ensuring the safety/security of most network and information systems environments.
  • Established appropriate standards and risk controls associated with intellectual property protection/DLP. Tool used to be utilized is Enforce by Symantec to design and create successful enterprise DLP with partners across the business. DLP projects required ongoing monitoring, assessment, testing and translating requirements into system configurations.

Confidential

Senior Security Consultant/Engineer

Responsibilities:

  • Lead projects for clients in areas of COBIT, COSO, HIPAA, SIEM, SOX, SOX-404, ISO-17799, BS 7799, ISO 27002, COBRA, SAS 70, DFARS,and PCI DSS. XSS, SQL injection, “Encase Certified”, SEIM.
  • Design IT security audits for compliance and implement recommendations with various regulatory issues and business investigations and risk management. Also partner in designing data and crisis centers.
  • Participate in client projects as both leader and team player. Review IT security process, reporting structure, and security controls. Provide recommendations and training that have led to cost savings, cost controls and better use of IT security resources. Additionally, provide any IT or financial forensic investigative support required.

Confidential

Senior Security Consultant/Engineer

Responsibilities:

  • Senior security leadership position for worldwide IT consulting and Professional Services Organizations. Created, designed and developed a leading strategic global security function in a shared services model. Successfully created, designed and implemented all worldwide security policies and procedures.
  • Additionally, created and lead the IT Security team in all compliance issues.
  • Designed, created and facilitated security awareness training programs for both traditional personal security issues as well as IT Security training and audits. Successfully design and build state of art Confidential to monitor all clients’ traffic.
  • Created a process for partnering with our clients on all security audits and breeches. The main focus was protection of revenues on the IT Security issues required by the clients.
  • Design, create and negotiate RFP’s, SOW’s SLA’s and other contractual issues related to engagements.
  • Created a “State Of Security” report that I presented to senior management that contained all worldwide security issues, matters, major concerns, project updates and all ongoing Intellectual Property litigation. 78% of recommendations were implemented.
  • Designed a Security Vulnerabilities training tutorial on the enterprise matrix.
  • Created a “Hackers Technology Handbook” on the enterprise matrix for all employees to learn at their own pace. The handbook included coding fundamentals. These products lead to a measured drop in

Hire Now